AI in cybersecurity – should we believe the hype?

Artificial Intelligence (AI) and in particular the field of Machine Learning (ML) have been causing a buzz in the cybersecurity community for some time now. In recent years, however, talk about the game-changing potential of the technology has reached fever pitch and now people are questioning whether it is really the panacea that many in the industry are holding it up to be, or just another tool in an already broad arsenal?

Last year, Gartner highlighted AI as one of its Top 10 Data and Analytics Technology Trends for 2019 while earlier this year, Forbes hailed the technology as the “Future of Cybersecurity”.

Such beliefs are fast gaining traction on the ground among cybersecurity professionals too. A Capgemini Research Institute study of over 850 senior executives in IT info security, cybersecurity and IT operations found that:

• Nearly two-thirds of execs don’t believe they can identify critical threats without AI
• Three in five organisations say AI improves the accuracy and efficiency of cyber analysts
• Around three-quarters of organisations are testing AI use cases

Clearly AI has its place in a robust cybersecurity defence. But are we overhyping its potential?

What should we expect from AI and ML?

AI and its associated fields of ML, Natural Language Processing and Robotic Process Automation may be modern industry buzzwords, but they are certainly not new in the world of cybersecurity.

The original spam filter is the earliest common example of machine learning for this purpose, dating back to the early 2000s. Over the years, the level of analysis undertaken by such tools has grown from filtering certain words to scanning URLs, domains, attachments and more.

But it is the latest developments in AI that are catching the industry’s attention. And with good reason.

AI is making great strides, aiding in the defence of a range of threat vectors with fraud detection, malware detection, intrusion detection, risk scoring and user/machine behavioural analysis being the top five use cases.

And such uses are more common than you may think. Capgemini research found that over half of enterprises have already implemented at least five high impact cases.

All of which goes to show that when we ask – should we believe the hype? We are not questioning AI or ML’s worth as a tool in cybersecurity defence. Rather we are questioning whether considering it a silver bullet could do more harm than good. After all, if the discussion in the Boardroom revolves around the deployment of AI for enhanced protection, there is the risk that complacency regarding protection against new threat vectors settles in.

For all its merits, AI does not offer a catch-all solution. AI may be able to carry out deeper analysis in much faster timescales than humans, but we are a long way from it becoming the first, last and only line of defence.

It’s important that we see AI as a tool to assist cybersecurity teams in our work and not as a method of replacing human intervention – as it is when human and machine techniques are applied together that cyber defences are most robust.

A recent study from the Massachusetts Institute of Technology (MIT) found that a combination of human expertise and machine learning systems – what it calls “supervised machine learning” – is much more effective than humans or ML alone. The supervised model performed 10 times better than the ML-only equivalent.

Man and machine: working alongside AI

The MIT study cuts to the heart of how AI technology fits into cyber defence. It is a powerful tool when it comes to spotting and stopping a range of cyberattacks, but it alone is not enough.

AI has great potential when it comes to identifying common threats but can only effectively defend against the modern threat landscape with the aid of human assistance. For example, a ML system may be able to identify and nullify a threat contained in a malicious link or attachment, but it is much less effective at protecting against social engineering attacks such as Business Email Compromise (BEC), for example.

For all its advancements, ML is still not a great way to analyse nuance and the idiosyncrasies of human behaviour – which can result in missed threats as well as a high rate of false positives.

Why does this matter? The reason is that today’s cyber-threat actors have switched their attack from infrastructure and network to people: unwittingly employees remain the point of vulnerability for the enterprise and a people-centric approach to security is critical.

And just as AI and ML should not be considered a replacement for human expertise, nor should we expect either to supersede current cybersecurity technologies. Outside of ML, techniques such as static analysis, dynamic behavioural analysis and protocol analysis will continue to have their place.

A good cyber defence must be as broad as it is wide. This means creating a security-first culture through training and education and arming your teams with robust defence techniques alongside the best possible protection.

So, should we believe the hype? As far as AI being a powerful tool that can bolster our cyber defences – yes. But as a single cure for all that ails us? Absolutely not.

By Martin Mackay, SVP, EMEA at Proofpoint