Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security

10/2/2017
08:00 PM
Curtis Franklin
Curtis Franklin
Curt Franklin
50%
50%

Gartner Analysts See AI Augmenting Security

Gartner analysts don't think AI will replace humans in security; instead it will be a critical piece of a better security infrastructure.

ORLANDO -- Gartner Symposium ITXpo -- For many years, the honor of first keynote at Gartner Symposium ITXpo has gone to Peter Sondergaard, VP of research at the consulting giant. On Monday morning, he stood on stage and introduced the concepts that will be driving conversations here for the next four days -- and away from Orlando, for at least the next year.

Sondergaard touched on a number of topics during his address, and my colleague Scott Ferguson has a roundup of the cloud side of the speech in an article on Enterprise Cloud News. I want to focus on one part of his speech -- the part dealing with security and professional skills.

Let's start with some bad news: You probably don't have as many skilled security professionals as you'd like to have. Experienced security pros are in short supply across the IT industry. Now we'll continue with some news that's even worse: The odds seem pretty good that you'll never catch up with your security skills shortage. The rate of growth and change in the security industry are such that the supply is unlikely to ever catch up to demand.

According to Sondergaard, it's not all bad news, though. In his opinion, enterprise IT shops are going to be saved -- by artificial intelligence.

Before you roll your eyes too hard, take a moment to consider what Sondergaard means when he talks about AI in this context. While he admits that AI will almost certainly take some jobs from humans, Sondergaard says that he believes AI will be a net job creator. And part of that job creation function will be the extent to which AI augmenting human capabilities allows humans to do more for more organizations.

There are a lot of people working on AI-augmented security and some who believe that AI will become a requirement as a front-line technology just to keep up with the increasingly powerful and sophisticated threats from hackers. The question, really, is whether AI will become the basis of security, or a tool to help human analysts in the fight for more secure systems.


You're invited to attend Light Reading's 11th annual Future of Cable Business Services event. Join us in New York on November 30 for the premier independent conference focusing on the cable industry's continuing efforts in the commercial services market – all cable operators and other communications service providers get in free. 

In the view of Gartner analysts, AI is most effective when it's used to augment human intelligence, not replace human effort. Whether that augmentation takes the form of rapidly sorting through vast volumes of data that's only mildly interesting, making correlations that involve more variables than humans could consider in real time, suggesting courses of actions to human engineers when presenting threat data or a combination of all three, using AI as a tool is the course of action that makes the most sense to Gartner.

The skills shortage (and AI's role in alleviating the pain) is far from the only thing that Gartner analysts have to say about security. There's more to come from Gartner Symposium ITXpo. In the meantime, what do you think about AI and security? Should we turn our defenses over to artificial intelligence or is AI best seen as a tool to help make human security specialists better? The comment section awaits -- let us know!

Related posts:

— Curtis Franklin is the editor of SecurityNow.com. Follow him on Twitter @kg4gwa.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.