January 17, 2020 By Lolita Chandra 4 min read

In the past few years, there’s been a lot of buzz around artificial intelligence (AI) in cybersecurity. Can AI really help businesses improve their security posture? How can we determine which solutions actually use AI versus which ones make hyped-up claims? For solutions that can help, how do they help?

Obtaining clarity around this subject will help us understand the areas in which AI can help and what value it can add, which will, in turn, help us make more informed decisions. Let’s take a look at some industry definitions of AI, different types of AI and some of the challenges AI helps solve for organizations.

What Is Artificial Intelligence?

AI refers to the capability of computers to take on human abilities, such as to read, drive, reason, research, discover, etc. First, let’s take a look at some of the well-known definitions of AI:

  • Oxford Reference defines AI as “The theory and development of computer systems able to perform tasks normally requiring human intelligence, such as visual perception, speech recognition, decision-making, and translation between languages.”
  • Gartner states that “Artificial intelligence applies advanced analysis and logic-based techniques, including machine learning, to interpret events, support and automate decisions, and take actions.”

To summarize, AI in cybersecurity refers to a set of capabilities similar to human abilities that allow organizations to detect, predict and respond to cyberthreats in real time using machine and deep learning.

Types of AI

With AI, information is fed to the system over a period of time that allows it to “learn” which variables to focus on and the desired outcome(s). Over time, it will provide the optimal solution tailored to your specific situation. Below are some terms often used in the field of AI.

Machine Learning

Machine learning is a sub-field of AI based on the concept that systems can learn from patterns of data with a minimal amount of human intervention.

Deep Learning

A subset of machine learning and inspired by the human brain, deep learning is when algorithms that make up artificial neural networks learn from large amounts of data to solve complex problems.

Cognitive Computing

Cognitive computing uses computerized models to help solve problems that require vast amounts of structured and unstructured data with a human-like approach in complex situations by leveraging self-learning technologies that use data mining, pattern recognition and natural language processing (NLP). The objective of cognitive computing defined by IBM is “systems that learn at scale, reason with purpose and interact with humans naturally.”

Common Challenges in Cybersecurity

AI can be leveraged to help solve some of the widespread challenges in cybersecurity faced by most organizations today. These challenges present major obstacles to protecting organizations from cyberattacks and include the following:

Skills Shortages

Many organizations are facing an increased risk of security incidents as a result of the widespread shortage of skilled security operations and threat intelligence resources in security operations centers (SOCs). They do not have an adequate number of security analysts to effectively investigate all discovered and potentially malicious behaviors in their environments in a thorough, consistent and repeatable manner.

According to Jon Oltsik, senior principal analyst at Enterprise Strategy Group (ESG), the cybersecurity skills shortage is getting worse each year. And, since most organizations are short-staffed, they keep increasing the workload on existing teams, which results in “human error, misalignment of tasks to skills, and employee burnout.”

Rising Cost of Security Breaches

According to the 2019 Cost of a Data Breach Report, the average total cost of data breaches was 95 percent higher in organizations without security automation deployed. By security automation, Ponemon is referring to “enabling security technologies that augment or replace human intervention in the identification and containment of cyber exploits or breaches. Such technologies depend upon artificial intelligence, machine learning, analytics and incident response orchestration.” One of the recommended steps in minimizing the financial impact of a data breach is to “invest in technologies that help improve the ability to rapidly detect and contain a data breach.”

Alert Fatigue

Security analysts are bombarded with a massive number of alerts daily. One study from Imperva found that 27 percent of professionals surveyed receive more than 1 million alerts each day. Most analysts don’t have the time to look at even half the alerts they receive each day, and only a small fraction that are identified as threats are actually remediated, resulting in a large number of threats going unidentified and unresolved. This is leading to widespread alert fatigue, analyst burnout and high attrition rates.

How AI Can Help Boost Your Security Posture

AI helps alleviate the cybersecurity skills shortage and can take some of the load off existing SOC analysts by supplementing analyst efforts and significantly reducing the time it takes to conduct investigations — often reducing investigation time from days to hours.

Businesses also benefit from lower costs by leveraging AI. AI helps drive deeper and more consistent investigations each and every time by empowering analysts to make data-driven decisions versus relying on gut feelings. AI gives analysts the information they need to reduce mean time to detect (MTTD) and mean time to respond (MTTR) — with a quicker, more decisive escalation process. Quicker threat identification and containment significantly lowers costs associated with those breaches.

By leveraging AI, organizations often eliminate or drastically reduce having to outsource security investigations to managed security service providers (MSSPs) and this removes costs associated with such services that are no longer required.

AI can also significantly reduce alert fatigue by greatly reducing the number of insignificant alerts received each day and also by creating a prioritized list of alerts for analysts to review. This allows analysts to focus on the most important alerts first instead of having to sift through a huge number of alerts that aren’t significant while potential threats go undetected. By streamlining and prioritizing the alert investigation process, AI can make it more manageable and help ease the burden on analysts, resulting in lower attrition and churn rates.

According to Forrester Consulting, the benefits gained by an organization by leveraging AI include increased SOC analyst productivity, reduced outsourcing fees for investigations and improved organizational security, resulting in an ROI of 210 percent.

Meet Your Business Needs Securely With AI

An effective way to alleviate the problems discussed earlier is to empower SOC analysts with AI in their daily tasks, which boosts analyst productivity and effectiveness. AI can be used to supplement the efforts of security analysts and significantly reduce the time it takes to investigate and remediate threats, which in turn reduces dwell time, lowers breach costs and improves overall security posture. It’s important to get a solid grasp of how AI can help meet your specific business needs and where it can make the most impact before moving forward with selecting and implementing a solution.

More from Artificial Intelligence

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Cybersecurity Awareness Month: 5 new AI skills cyber pros need

4 min read - The rapid integration of artificial intelligence (AI) across industries, including cybersecurity, has sparked a sense of urgency among professionals. As organizations increasingly adopt AI tools to bolster security defenses, cyber professionals now face a pivotal question: What new skills do I need to stay relevant?October is Cybersecurity Awareness Month, which makes it the perfect time to address this pressing issue. With AI transforming threat detection, prevention and response, what better moment to explore the essential skills professionals might require?Whether you're…

3 proven use cases for AI in preventative cybersecurity

3 min read - IBM’s Cost of a Data Breach Report 2024 highlights a ground-breaking finding: The application of AI-powered automation in prevention has saved organizations an average of $2.2 million.Enterprises have been using AI for years in detection, investigation and response. However, as attack surfaces expand, security leaders must adopt a more proactive stance.Here are three ways how AI is helping to make that possible:1. Attack surface management: Proactive defense with AIIncreased complexity and interconnectedness are a growing headache for security teams, and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today