AI will have a growing impact on cybersecurity technology as a helper app, not as a new product category.
If you want to understand what’s happening with artificial intelligence (AI) and cybersecurity, look no further than this week’s news.
On Monday, Palo Alto Networks introduced Magnifier, a behavioral analytics solution that uses structured and unstructured machine learning to model network behavior and improve threat detection. Additionally, Google’s parent company, Alphabet, announced Chronicle, a cybersecurity intelligence platform that throws massive amounts of storage, processing power, and advanced analytics at cybersecurity data to accelerate the search and discovery of needles in a rapidly growing haystack.
So, cybersecurity suppliers are innovating to bring AI-based cybersecurity products to market in a big way. OK, but is there demand for these types of advanced analytics products and services? Yes. According to ESG research, 12 percent of enterprise organizations have already deployed AI-based security analytics extensively, and 27 percent have deployed AI-based security analytics on a limited basis. These implementation trends will only gain momentum in 2018.
What security professionals think about AI-based cybersecurity technology
What’s driving AI-based cybersecurity technology adoption? ESG research indicates:
*29 percent want to use AI-based cybersecurity technology to accelerate incident detection. In many cases, this means doing a better job of curating, correlating, and enriching high-volume security alerts to piece together a cohesive incident detection story across disparate tools.
*27 percent want to use AI-based cybersecurity technology to accelerate incident response. This means improving operations, prioritizing the right incidents, and even automating remediation tasks.
*24 percent want to use AI-based cybersecurity technology to help their organization better identify and communicate risk to the business. In this case, AI is used to sort through mountains of software vulnerabilities, configuration errors, and threat intelligence to isolate high-risk situations that call for immediate attention.
*22 percent want to use AI-based cybersecurity technology to gain a better understanding of cybersecurity situational awareness. In other words, CISOs want AI in the mix to give them a unified view of security status across the network.
It’s important to point out that in each of these use cases, AI-based solutions don’t operate in a vacuum yet. Rather they provide incremental analytics horsepower to existing technologies, driving greater efficacy, efficiency, and value.
This tends to happen in one of two ways. In some cases, machine learning technologies are applied to existing security defenses as helper apps. For example, Bay Dynamics and Symantec have formed a partnership that applies Bay’s AI engine behind Symantec DLP to help reduce the noise associated with DLP alerts. Fortscale does similar things by back-ending endpoint detection and response (EDR), identity and access management (IAM), cloud access security brokers (CASB), etc.
Alternatively, some AI-based solutions work on a stand-alone basis but are also tightly coupled with the various other technologies of a security operations and analytics platform architecture (SOAPA). Vectra Networks and E8 security are often integrated with SIEM and EDR. Kenna Security works hand in hand with vulnerability scanners. Splunk and Caspida are tightly integrated as are IBM QRadar and Watson, etc.
There’s no doubt that AI-based security analytics are invading the industry, but it’s worth noting that CISOs really don’t care or even understand how the sausage is made. ESG research indicates that only 30 percent of cybersecurity pros feel like they are very knowledgeable about AI/machine learning and its application to cybersecurity analytics. That means cybersecurity vendors that tout AI concepts, algorithms, and data science chops are barking up the wrong tree. CISOs want to enhance security efficacy, improve operational efficiency, and help deliver highly secure business-enabling IT initiatives. AI will be welcomed with open arms if it can help them achieve those goals.
In the future, AI could be a cybersecurity game-changer, and CISOs should be open to this possibility. In the meantime, don’t expect many organizations to throw the cybersecurity baby out with the AI bath water.
Jon Oltsik (ESG senior principal analyst and the founder of the firm’s cybersecurity service)