Much has been made of the use of artificial intelligence in security. Some experts will tell you it is the single biggest key to success, while others will tell you that AI is little more than marketing jargon without any real-world value. I think the truth is somewhere in the middle. AI absolutely has a place in security, but it is not a silver bullet. With that said, there are three primary ways that organizations should be using AI to act as a force multiplier for security teams.
1. Attack Prevention
The use of AI in security should be very focused on multiplying the efforts of security teams, especially considering the current shortage of security skills.
A recent report from JupiterOne found that security teams are responsible for more than 165,000 cyber assets across cloud workloads, devices, network assets, applications, data assets, and users. Trying to defend that many assets is a daunting task. In fact, according to a report by Capgemini Research Institute, 61% of organizations said they would not be able to identify critical threats without AI.
AI and machine learning can reduce the workload for analysts by automatically sifting through data logs and identifying relevant threats. When used effectively, artificial intelligence will not only alert security professionals to threats but also will classify types of attack, allowing security teams to prepare appropriate responses. With this type of ongoing, comprehensive analysis of behavior patterns, analysts can manage even complex threats with far less manual effort, reducing mistakes made due to burnout and exhaustion.
2. Intrusion Detection
Prevention and detection go hand in hand because, as all security professionals know, a determined and skilled attacker will get in eventually. Identifying such a breach is highly dependent on anomaly detection, and this is another security area where AI shines. AI doesn’t get bored and tired like humans do while scanning through the never-ending tedium of operations logs looking for odd behavior.
AI can be even more help when it comes to alert fatigue, a boogeyman of our own creation. Our efforts to identify every possible threat has resulted in an overwhelming number of security alerts. However, most of the alerts that hit the security operations center are false positives that security teams have to wade through to find actual threats. AI can be used to help security teams spend their time and energy wisely by identifying which alerts need immediate attention, which can wait, and which can be ignored entirely.
3. Application Security and Developer Productivity
One of the often-overlooked use cases for AI is application security. In today's competitive climate, companies are constantly launching new apps and updates. It's easy for AppSec teams to fall behind, and these challenges only snowball when vulnerabilities within code are discovered and both AppSec and development teams must divert their time and attention to remediating the issue.
As with attack prevention and intrusion detection, the key value proposition for AI in AppSec is acting as a force multiplier by taking on repetitive and menial tasks. Ensuring the delivery of a secure application involves going through hundreds or thousands of security findings to uncover relationships and gain insight into the risk a vulnerability represents. AI can significantly reduce the time AppSec teams sit with each new application launch or update so that they can focus on more intensive and important tasks.
There may be a day when AI is a security savior, but, for the time being, it can be incredibly valuable in helping security teams make sense of the mountains of data an enterprise generates and in ensuring that applications are launched securely.