Machine Learning and Artificial Intelligence have exploded onto the Cybersecurity scene over the last year. Software vendors and MSSPs are scrambling to bring their particular flavor of AI to market and claim their stake as industry leaders.
While AI has quickly become table stakes for an effective security posture, some of it can also seem to be overhyped in some respects. In this post, we’ll aim to cut through the superlatives and provide a few thoughts on the role of Artificial Intelligence in security.
What AI Does Not Replace
Claiming that AI will replace traditional tools while lowering labor costs and probably making coffee at the same time, some advertising has put AI on a pedestal that it may not have achieved yet.
Here are some things that AI definitely will not replace, which security teams will still need to keep around:
- Employee training and a security-sensitive culture
- Smart policies and processes
- Qualified architects, managers, engineers, and analysts
- Rock-solid, layered infrastructure with effective controls around it
If you find yourself saying “Wait, that’s 95% of my security program,” you’re right: AI is a complement to a well-run cyber framework, not a replacement for it.
Must-Ask Questions When Evaluating AI Tools
We all have seen that technology can be promoted with grand promises backed by sometimes disappointing results. To avoid a dud in your AI implementation, you may want to sit down with your security team and your vendor rep to go over a few questions:
- How do your AI algorithms actually work? How mature is the technology? What are its’ blind spots?
- How well does it avoid false positives and false negatives?
- How do you measure the incremental benefits and the expected ROI?
- What outside support are we going to need to implement and maintain this?
- How much additional training will we need to use this effectively?
- Does it produce usable reports that actually mean something?
- What results have your other clients seen from it?
- Does it outperform what I already have, or will it be just another software bloating up my network?
Pitfalls to Avoid When Implementing an AI Solution
Adding software to your organization’s toolkit is rarely a trivial matter, and even less so when you’re dealing with AI. Here are some potential mistakes when deploying an AI security tool:
- Expecting a “set-and-forget” solution that will replace the whole security program: See the first section of this post.
- Thinking that an in-house developed solution will be best-in-show without exploring other available options.
- Expecting that the AI tool won’t require any customization or integration.
- And possibly the most delicate one: Thinking it’ll all work out on automatic pilot without specialized AI expertise on your team or assistance from AI safety experts.
The fact of the matter is that it is no longer viable to delay implementation of robust AI cybersecurity tools. Bad actors have already started using AI.
A talented cybersecurity team and company-wide awareness trainings go a long way. AI simply brings a needed support structure that can assist your teams to prevent attacks and accelerate mitigation if needed. As businesses undergo the digital transformation, it is imperative they also leverage new developments in cyber capabilities.