Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security

10/2/2017
08:00 PM
Curtis Franklin
Curtis Franklin
Curt Franklin
50%
50%

Gartner Analysts See AI Augmenting Security

Gartner analysts don't think AI will replace humans in security; instead it will be a critical piece of a better security infrastructure.

ORLANDO -- Gartner Symposium ITXpo -- For many years, the honor of first keynote at Gartner Symposium ITXpo has gone to Peter Sondergaard, VP of research at the consulting giant. On Monday morning, he stood on stage and introduced the concepts that will be driving conversations here for the next four days -- and away from Orlando, for at least the next year.

Sondergaard touched on a number of topics during his address, and my colleague Scott Ferguson has a roundup of the cloud side of the speech in an article on Enterprise Cloud News. I want to focus on one part of his speech -- the part dealing with security and professional skills.

Let's start with some bad news: You probably don't have as many skilled security professionals as you'd like to have. Experienced security pros are in short supply across the IT industry. Now we'll continue with some news that's even worse: The odds seem pretty good that you'll never catch up with your security skills shortage. The rate of growth and change in the security industry are such that the supply is unlikely to ever catch up to demand.

According to Sondergaard, it's not all bad news, though. In his opinion, enterprise IT shops are going to be saved -- by artificial intelligence.

Before you roll your eyes too hard, take a moment to consider what Sondergaard means when he talks about AI in this context. While he admits that AI will almost certainly take some jobs from humans, Sondergaard says that he believes AI will be a net job creator. And part of that job creation function will be the extent to which AI augmenting human capabilities allows humans to do more for more organizations.

There are a lot of people working on AI-augmented security and some who believe that AI will become a requirement as a front-line technology just to keep up with the increasingly powerful and sophisticated threats from hackers. The question, really, is whether AI will become the basis of security, or a tool to help human analysts in the fight for more secure systems.


You're invited to attend Light Reading's 11th annual Future of Cable Business Services event. Join us in New York on November 30 for the premier independent conference focusing on the cable industry's continuing efforts in the commercial services market – all cable operators and other communications service providers get in free. 

In the view of Gartner analysts, AI is most effective when it's used to augment human intelligence, not replace human effort. Whether that augmentation takes the form of rapidly sorting through vast volumes of data that's only mildly interesting, making correlations that involve more variables than humans could consider in real time, suggesting courses of actions to human engineers when presenting threat data or a combination of all three, using AI as a tool is the course of action that makes the most sense to Gartner.

The skills shortage (and AI's role in alleviating the pain) is far from the only thing that Gartner analysts have to say about security. There's more to come from Gartner Symposium ITXpo. In the meantime, what do you think about AI and security? Should we turn our defenses over to artificial intelligence or is AI best seen as a tool to help make human security specialists better? The comment section awaits -- let us know!

Related posts:

— Curtis Franklin is the editor of SecurityNow.com. Follow him on Twitter @kg4gwa.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Average Cost of a Data Breach: $3.86 Million
Jai Vijayan, Contributing Writer,  7/29/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-18112
PUBLISHED: 2020-08-05
Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. The affected versions are before version 4.8.3.
CVE-2020-15109
PUBLISHED: 2020-08-04
In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipm...
CVE-2020-16847
PUBLISHED: 2020-08-04
Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887.
CVE-2020-15135
PUBLISHED: 2020-08-04
save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Double submit. The CSRF...
CVE-2020-13522
PUBLISHED: 2020-08-04
An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability.