AI: Cybersecurity friend or foe?
AI technology has become widespread and accessible to hundreds of thousands of IT security professionals worldwide. Human researchers are no longer behind their computers crunching the data and numbers, nor should they be when AI technology is available. The increase in computing power, especially through economical cloud solutions and easy-to-use tools, has allowed a much wider range of users to apply sophisticated machine learning and artificial intelligence algorithms to solve their problems.
At the same time, companies and security vendors have realized how difficult it is to fight cyber criminals who are constantly evolving to find new ways to infiltrate corporate networks without being spotted. For IT teams, updating and maintaining security solutions and policies to keep up with this volatile threat landscape is extremely costly and an unsustainable solution to protecting against incoming threats.
In fact, a recent study conducted by the Ponemon Institute found that the human costs associated with the implementation and regular maintenance of Security Information and Event Management solutions averaged $ 1.78 million per year for businesses. IT teams are eagerly searching for new solutions that require the least personalization and adjustments -- and all signs are pointing to self-learning technology.
Minimizing Maintenance & Offsetting Human Error
Most AI and machine learning solutions possess self-adaptive capabilities and require little customization and maintenance. The technology analyzes how things happen in a given environment and adapts to those surroundings and the given situation. It also allows for a significant reduction in maintenance and overhead costs.
In a security use case, AI can detect problems and attacks that humans and other technology have not yet been explicitly programmed to identify. These are what we call "unknown" threats. For example security researchers have shown that AI can be used to help identify malicious insiders that produce sporadic activity across multiple systems, even when that activity is a very small amount of the total observed activity, IE < 0.001 percent.
IT security teams can stay a step ahead of attackers by leveraging AI technologies into their everyday routines and business operations. As IT systems get more complex with more interaction AI technology can help correlate activities across multiple systems spanning months even years to help identify a progressing threat.
Addressing AI Apprehensions
AI is capable of making more nuanced decisions than we are accustomed to. The question is no longer whether something is allowed or not, or whether an action is malicious or harmless. We’re entering a world of machines calculating probabilities and outcomes, and many see this as a foreign and frightening approach to security.
There is often confusion between how AI operates and a human’s ability to understand how it has arrived at its outcome or conclusion. To achieve the best results, an algorithm follows a process, that in many cases, is impossible for it to explain or us to grasp perfectly. If the AI technology decides that an attack is taking place, it will put its defenses up. On the flipside, a false detection and response can have significant consequences, such as canceling a transaction that didn’t need to be terminated, suspending an account, or launching a costly investigation process. Many companies see AI as a threat to their business and customer loyalty due to the "false positives" AI can output. AI doubters also argue that the technology steps on conscience and ethics. It learns and remembers the way humans make decisions or optimize parameters, in order to achieve an optimal result. However, that output does not always match the one we are looking for. Applied naively, AI algorithms can amplify our prejudices and create systems that discriminate against certain people, or make decisions that a human deems unethical.
Marrying Machine and Human Operations
AI is certainly a weapon that will occupy a very important place in the defense arsenal. Limiting access, generating detailed audit logs, and strengthening surveillance are just a few examples of AI-based applications that are already being quickly adopted among enterprise IT security teams. While AI will certainly help reduce risks of both internal and external threats, human operations will always have a place in effective IT security.
The objective of AI technology is not to replace human beings, but to allow them to devote their resources to activities that are of more importance. The best AI tools relieve us of tedious subordinate tasks and help solve more important problems. Of course, businesses must keep in mind that these are means and not an end. We must define objectives and choose the tools best suited to achieve them. But using AI to free employees to accomplish other tasks is an important benefit of this technology and to an enterprise as a whole. Additionally, AI-driven behavioral analysis, can be used to recognize changes in work habits and to inform the security teams of threats in real time.
AI’s Place in The Future of Security
Artificial Intelligence is already arguably the biggest technology in the cyber industry right now. Most companies are talking about it and many have and will experiment with the technology in the year ahead. As companies progress and evolve to adopt AI technology, the industry will be forced to stop treating it as a harmful algorithm or concept, and instead will find ways to incorporate it into their daily routines that will help grow their business efficiency.
Security remains an arms race and attackers will continue to develop more sophisticated programs and other hacking tools that allow them to infiltrate networks by escaping detection. Security teams will have to continue their efforts and stay a step ahead of the increasing threat landscape if they do not want to be defeated. AI is the best place to start.
Tyler Reese is Product Manager at One Identity. With more than 15 years in the IT software industry, Tyler Reese is extremely familiar with the rapidly evolving IAM challenges that businesses face. He is a product manager for the Privilege Account Management portfolio where his responsibilities include evaluating market trends and competition, setting the direction for the product line -- and ultimately, meeting the needs of end-users. His professional experience ranges from consulting for One Identity’s largest PAM customers to being a systems architect of a large company.