In the past few years, there’s been a lot of buzz around artificial intelligence (AI) in cybersecurity. Can AI really help businesses improve their security posture? How can we determine which solutions actually use AI versus which ones make hyped-up claims? For solutions that can help, how do they help?

Obtaining clarity around this subject will help us understand the areas in which AI can help and what value it can add, which will, in turn, help us make more informed decisions. Let’s take a look at some industry definitions of AI, different types of AI and some of the challenges AI helps solve for organizations.

What Is Artificial Intelligence?

AI refers to the capability of computers to take on human abilities, such as to read, drive, reason, research, discover, etc. First, let’s take a look at some of the well-known definitions of AI:

  • Oxford Reference defines AI as “The theory and development of computer systems able to perform tasks normally requiring human intelligence, such as visual perception, speech recognition, decision-making, and translation between languages.”
  • Gartner states that “Artificial intelligence applies advanced analysis and logic-based techniques, including machine learning, to interpret events, support and automate decisions, and take actions.”

To summarize, AI in cybersecurity refers to a set of capabilities similar to human abilities that allow organizations to detect, predict and respond to cyberthreats in real time using machine and deep learning.

Types of AI

With AI, information is fed to the system over a period of time that allows it to “learn” which variables to focus on and the desired outcome(s). Over time, it will provide the optimal solution tailored to your specific situation. Below are some terms often used in the field of AI.

Machine Learning

Machine learning is a sub-field of AI based on the concept that systems can learn from patterns of data with a minimal amount of human intervention.

Deep Learning

A subset of machine learning and inspired by the human brain, deep learning is when algorithms that make up artificial neural networks learn from large amounts of data to solve complex problems.

Cognitive Computing

Cognitive computing uses computerized models to help solve problems that require vast amounts of structured and unstructured data with a human-like approach in complex situations by leveraging self-learning technologies that use data mining, pattern recognition and natural language processing (NLP). The objective of cognitive computing defined by IBM is “systems that learn at scale, reason with purpose and interact with humans naturally.”

Common Challenges in Cybersecurity

AI can be leveraged to help solve some of the widespread challenges in cybersecurity faced by most organizations today. These challenges present major obstacles to protecting organizations from cyberattacks and include the following:

Skills Shortages

Many organizations are facing an increased risk of security incidents as a result of the widespread shortage of skilled security operations and threat intelligence resources in security operations centers (SOCs). They do not have an adequate number of security analysts to effectively investigate all discovered and potentially malicious behaviors in their environments in a thorough, consistent and repeatable manner.

According to Jon Oltsik, senior principal analyst at Enterprise Strategy Group (ESG), the cybersecurity skills shortage is getting worse each year. And, since most organizations are short-staffed, they keep increasing the workload on existing teams, which results in “human error, misalignment of tasks to skills, and employee burnout.”

Rising Cost of Security Breaches

According to the 2019 Cost of a Data Breach Report, the average total cost of data breaches was 95 percent higher in organizations without security automation deployed. By security automation, Ponemon is referring to “enabling security technologies that augment or replace human intervention in the identification and containment of cyber exploits or breaches. Such technologies depend upon artificial intelligence, machine learning, analytics and incident response orchestration.” One of the recommended steps in minimizing the financial impact of a data breach is to “invest in technologies that help improve the ability to rapidly detect and contain a data breach.”

Alert Fatigue

Security analysts are bombarded with a massive number of alerts daily. One study from Imperva found that 27 percent of professionals surveyed receive more than 1 million alerts each day. Most analysts don’t have the time to look at even half the alerts they receive each day, and only a small fraction that are identified as threats are actually remediated, resulting in a large number of threats going unidentified and unresolved. This is leading to widespread alert fatigue, analyst burnout and high attrition rates.

How AI Can Help Boost Your Security Posture

AI helps alleviate the cybersecurity skills shortage and can take some of the load off existing SOC analysts by supplementing analyst efforts and significantly reducing the time it takes to conduct investigations — often reducing investigation time from days to hours.

Businesses also benefit from lower costs by leveraging AI. AI helps drive deeper and more consistent investigations each and every time by empowering analysts to make data-driven decisions versus relying on gut feelings. AI gives analysts the information they need to reduce mean time to detect (MTTD) and mean time to respond (MTTR) — with a quicker, more decisive escalation process. Quicker threat identification and containment significantly lowers costs associated with those breaches.

By leveraging AI, organizations often eliminate or drastically reduce having to outsource security investigations to managed security service providers (MSSPs) and this removes costs associated with such services that are no longer required.

AI can also significantly reduce alert fatigue by greatly reducing the number of insignificant alerts received each day and also by creating a prioritized list of alerts for analysts to review. This allows analysts to focus on the most important alerts first instead of having to sift through a huge number of alerts that aren’t significant while potential threats go undetected. By streamlining and prioritizing the alert investigation process, AI can make it more manageable and help ease the burden on analysts, resulting in lower attrition and churn rates.

According to Forrester Consulting, the benefits gained by an organization by leveraging AI include increased SOC analyst productivity, reduced outsourcing fees for investigations and improved organizational security, resulting in an ROI of 210 percent.

Meet Your Business Needs Securely With AI

An effective way to alleviate the problems discussed earlier is to empower SOC analysts with AI in their daily tasks, which boosts analyst productivity and effectiveness. AI can be used to supplement the efforts of security analysts and significantly reduce the time it takes to investigate and remediate threats, which in turn reduces dwell time, lowers breach costs and improves overall security posture. It’s important to get a solid grasp of how AI can help meet your specific business needs and where it can make the most impact before moving forward with selecting and implementing a solution.

More from Artificial Intelligence

Data Privacy: How the Growing Field of Regulations Impacts Businesses

The proposed rules over artificial intelligence (AI) in the European Union (EU) are a harbinger of things to come. Data privacy laws are becoming more complex and growing in number and relevance. So, businesses that seek to become — and stay — compliant must find a solution that can do more than just respond to current challenges. Take a look at upcoming trends when it comes to data privacy regulations and how to follow them. Today's AI Solutions On April…

Tackling Today’s Attacks and Preparing for Tomorrow’s Threats: A Leader in 2022 Gartner® Magic Quadrant™ for SIEM

Get the latest on IBM Security QRadar SIEM, recognized as a Leader in the 2022 Gartner Magic Quadrant. As I talk to security leaders across the globe, four main themes teams constantly struggle to keep up with are: The ever-evolving and increasing threat landscape Access to and retaining skilled security analysts Learning and managing increasingly complex IT environments and subsequent security tooling The ability to act on the insights from their security tools including security information and event management software…

4 Ways AI Capabilities Transform Security

Many industries have had to tighten belts in the "new normal". In cybersecurity, artificial intelligence (AI) can help.   Every day of the new normal we learn how the pandemic sped up digital transformation, as reflected in the new opportunities and new risks. For many, organizational complexity and legacy infrastructure and support processes are the leading barriers to the effectiveness of their security.   Adding to the dynamics, short-handed teams are overwhelmed with too much data from disparate sources and…

What’s New in the 2022 Cost of a Data Breach Report

The average cost of a data breach reached an all-time high of $4.35 million this year, according to newly published 2022 Cost of a Data Breach Report, an increase of 2.6% from a year ago and 12.7% since 2020. New research in this year’s report also reveals for the first time that 83% of organizations in the study have experienced more than one data breach and just 17% said this was their first data breach. And at a time when…