If you want to understand what’s happening with AI and cybersecurity, look no further than this week’s news. On Monday, Palo Alto Networks introduced Magnifier, a behavioral analytics solution that uses structured and unstructured machine learning to model network behavior and improve threat detection. Additionally, Google’s parent company Alphabet announced Chronicle, a cybersecurity intelligence platform that throws massive amounts of storage, processing power, and advanced analytics at cybersecurity data to accelerate the search and discovery of needles in a rapidly growing haystack.
So, cybersecurity suppliers are innovating to bring AI-based cybersecurity products to market in a big way. Okay, but is there demand for these types of advanced analytics products and services? Yes. According to ESG research, 12% of enterprise organizations have already deployed AI-based security analytics extensively, and 27% have deployed AI-based security analytics on a limited basis. These implementation trends will only gain momentum in 2018.
What’s driving AI-based cybersecurity technology adoption? ESG research indicates:
- 29% want to use AI-based cybersecurity technology to accelerate incident detection. In many cases, this means doing a better job of curating, correlating, and enriching high-volume security alerts to piece together a cohesive incident detection story across disparate tools.
- 27% want to use AI-based cybersecurity technology to accelerate incident response. This means improving operations, prioritizing the right incidents, and even automating remediation tasks.
- 24% want to use AI-based cybersecurity technology to help their organization better identify and communicate risk to the business. In this case, AI is used to sort through mountains of software vulnerabilities, configuration errors, and threat intelligence to isolate high risk situations that call for immediate attention.
- 22% want to use AI-based cybersecurity technology to gain a better understanding of cybersecurity situational awareness. In other words, CISOs want AI in the mix to give them a unified view of security status across the network.
It’s important to point out that in each of these use cases, AI-based solutions don’t operate in a vacuum yet. Rather they provide incremental analytics horsepower to existing technologies, driving greater efficacy, efficiency, and value.
This tends to happen in one of two ways. In some cases, machine learning technologies are applied to existing security defenses as helper apps. For example, Bay Dynamics and Symantec have formed a partnership that applies Bay’s AI engine behind Symantec DLP to help reduce the noise associated with DLP alerts. Fortscale does similar things by back-ending EDR, IAM, CASB, etc.
Alternatively, some AI-based solutions work on a stand-alone basis but are also tightly-coupled to the various other technologies of a security operations and analytics platform architecture (SOAPA). Vectra Networks and E8 security are often integrated with SIEM and EDR. Kenna Security works hand-in-hand with vulnerability scanners. Splunk and Caspida are tightly integrated as are IBM QRadar and Watson, etc.
There’s no doubt that AI-based security analytics are invading the industry but it’s worth noting that CISOs really don’t care or even understand how the sausage is made. ESG research indicates that only 30% of cybersecurity pros feel like they are very knowledgeable about AI/machine learning and its application to cybersecurity analytics. This means that cybersecurity vendors that tout AI concepts, algorithms, and data science chops are barking up the wrong tree. CISOs want to enhance security efficacy, improve operational efficiency, and help deliver highly-secure business-enabling IT initiatives. AI will be welcome with open arms if it can help them achieve these goals.
In the future, AI could be a cybersecurity game-changer and CISOs should be open to this possibility. In the meantime, don’t expect many organizations to throw the cybersecurity baby out with the AI bath water.