We all experience artificial intelligence (AI) and machine learning (ML) every day, whether through search engines, voice-controlled devices or simply taking a photograph on a smartphone. For certain areas of industry that rely on big data analysis, both are already proving their value, identifying patterns in data, or relationships between seemingly unrelated information and then defining algorithms that can automate decision making processes.
In cybersecurity too, there are clearly some solutions that meet the accepted definitions of AI and ML, but there is a lot of talk about a time in the future when perhaps AI and ML will be responsible for cybersecurity across an organisation. We’re a long way from the technology being ready for that, and even further away from when a CISO is ready to let it ‘get on with the job’. But in the meantime, we need to take a moment to think about whether the way we represent AI now, is damaging its future reputation in cybersecurity before we even get started.
Artificial Intelligence and Machine Learning are carelessly used as marketing tools: well-placed buzzwords designed to make security teams believe that somehow their life will get easier, they can stop firefighting and concentrate on improving their organisations resilience rather than acting like sentries guarding every threat vector. Often when the terms AI and ML are used, what is really meant is simply automation. It will undoubtedly play more of a role in the future, but AI is in danger of behind hijacked by marketing departments to describe the latest ‘whiz bang’ features in their software that are little more than rule-based automation. The thing is, automation isn’t bad, so why sex it up into something it isn’t and devalue that technology in the process?
Cyber security has a terrible reputation for buying in point solutions, only to switch key features or the whole solution off because of false negatives and too much ‘noise’. Precisely because security professionals want to use the best product they can for their specific needs, it leads to a smorgasbord of data sets and alerts that need to be stitched together. Whilst vendors would argue that they have made significant progress on integration and automation, there is still a huge overhead for cyber teams. More products, often means greater operational overheads to make them work together and maintain a secure network. Ultimately this depletes the speed and capabilities of the security infrastructure, even if on paper the combination of solutions chosen looks like it will protect a business and meet regulatory requirements.
The ‘automation deficit’ that exists between different security products, is a major contributor to one of the biggest problems the industry faces at the moment – the skills shortage. We consult on security with clients across a wide range of industries, and one of the things we are constantly amazed by, is the number of highly skilled security professionals whose resources end up focused on mundane tasks. Often, tedious tasks such as ETL (Extract, Transformation and Load), analysis, and administration could be automated, but are being executed by over-qualified (for the task) security professionals.
Automation masters
If IT teams could really get automation working, and indeed, if vendors could make it easier, then our security professionals would be using the skills we really need them to, and have the time to do it. The hackers are already masters of automation and often reap the benefits of it…
Go and ask your security team how much time they spend on tasks they believe could or should be automated, and then look at the list of proactive security projects you want to get started on. You may already have the right people, and automation can give you the time. Right now, you can spend a year recruiting the right person with a price tag to match, and then they spend their time firefighting systems, rather than the hackers.
Looking ahead
There are some great cybersecurity solutions that use ML and AI already. There will be solutions in the future offering levels of protection and speed that will be astounding – and we will need them – the hackers are as interested in AI and ML as everyone else. The difference will be that they build with the technology, like they have with automation, not simply borrow the buzzwords. We mustn’t misuse the terms, and automation has a huge role to play in empowering our cyber security professionals today.