In the past few years, there’s been a lot of buzz around artificial intelligence (AI) in cybersecurity. Can AI really help businesses improve their security posture? How can we determine which solutions actually use AI versus which ones make hyped-up claims? For solutions that can help, how do they help?

Obtaining clarity around this subject will help us understand the areas in which AI can help and what value it can add, which will, in turn, help us make more informed decisions. Let’s take a look at some industry definitions of AI, different types of AI and some of the challenges AI helps solve for organizations.

What Is Artificial Intelligence?

AI refers to the capability of computers to take on human abilities, such as to read, drive, reason, research, discover, etc. First, let’s take a look at some of the well-known definitions of AI:

  • Oxford Reference defines AI as “The theory and development of computer systems able to perform tasks normally requiring human intelligence, such as visual perception, speech recognition, decision-making, and translation between languages.”
  • Gartner states that “Artificial intelligence applies advanced analysis and logic-based techniques, including machine learning, to interpret events, support and automate decisions, and take actions.”

To summarize, AI in cybersecurity refers to a set of capabilities similar to human abilities that allow organizations to detect, predict and respond to cyberthreats in real time using machine and deep learning.

Types of AI

With AI, information is fed to the system over a period of time that allows it to “learn” which variables to focus on and the desired outcome(s). Over time, it will provide the optimal solution tailored to your specific situation. Below are some terms often used in the field of AI.

Machine Learning

Machine learning is a sub-field of AI based on the concept that systems can learn from patterns of data with a minimal amount of human intervention.

Deep Learning

A subset of machine learning and inspired by the human brain, deep learning is when algorithms that make up artificial neural networks learn from large amounts of data to solve complex problems.

Cognitive Computing

Cognitive computing uses computerized models to help solve problems that require vast amounts of structured and unstructured data with a human-like approach in complex situations by leveraging self-learning technologies that use data mining, pattern recognition and natural language processing (NLP). The objective of cognitive computing defined by IBM is “systems that learn at scale, reason with purpose and interact with humans naturally.”

Common Challenges in Cybersecurity

AI can be leveraged to help solve some of the widespread challenges in cybersecurity faced by most organizations today. These challenges present major obstacles to protecting organizations from cyberattacks and include the following:

Skills Shortages

Many organizations are facing an increased risk of security incidents as a result of the widespread shortage of skilled security operations and threat intelligence resources in security operations centers (SOCs). They do not have an adequate number of security analysts to effectively investigate all discovered and potentially malicious behaviors in their environments in a thorough, consistent and repeatable manner.

According to Jon Oltsik, senior principal analyst at Enterprise Strategy Group (ESG), the cybersecurity skills shortage is getting worse each year. And, since most organizations are short-staffed, they keep increasing the workload on existing teams, which results in “human error, misalignment of tasks to skills, and employee burnout.”

Rising Cost of Security Breaches

According to the 2019 Cost of a Data Breach Report, the average total cost of data breaches was 95 percent higher in organizations without security automation deployed. By security automation, Ponemon is referring to “enabling security technologies that augment or replace human intervention in the identification and containment of cyber exploits or breaches. Such technologies depend upon artificial intelligence, machine learning, analytics and incident response orchestration.” One of the recommended steps in minimizing the financial impact of a data breach is to “invest in technologies that help improve the ability to rapidly detect and contain a data breach.”

Alert Fatigue

Security analysts are bombarded with a massive number of alerts daily. One study from Imperva found that 27 percent of professionals surveyed receive more than 1 million alerts each day. Most analysts don’t have the time to look at even half the alerts they receive each day, and only a small fraction that are identified as threats are actually remediated, resulting in a large number of threats going unidentified and unresolved. This is leading to widespread alert fatigue, analyst burnout and high attrition rates.

How AI Can Help Boost Your Security Posture

AI helps alleviate the cybersecurity skills shortage and can take some of the load off existing SOC analysts by supplementing analyst efforts and significantly reducing the time it takes to conduct investigations — often reducing investigation time from days to hours.

Businesses also benefit from lower costs by leveraging AI. AI helps drive deeper and more consistent investigations each and every time by empowering analysts to make data-driven decisions versus relying on gut feelings. AI gives analysts the information they need to reduce mean time to detect (MTTD) and mean time to respond (MTTR) — with a quicker, more decisive escalation process. Quicker threat identification and containment significantly lowers costs associated with those breaches.

By leveraging AI, organizations often eliminate or drastically reduce having to outsource security investigations to managed security service providers (MSSPs) and this removes costs associated with such services that are no longer required.

AI can also significantly reduce alert fatigue by greatly reducing the number of insignificant alerts received each day and also by creating a prioritized list of alerts for analysts to review. This allows analysts to focus on the most important alerts first instead of having to sift through a huge number of alerts that aren’t significant while potential threats go undetected. By streamlining and prioritizing the alert investigation process, AI can make it more manageable and help ease the burden on analysts, resulting in lower attrition and churn rates.

According to Forrester Consulting, the benefits gained by an organization by leveraging AI include increased SOC analyst productivity, reduced outsourcing fees for investigations and improved organizational security, resulting in an ROI of 210 percent.

Meet Your Business Needs Securely With AI

An effective way to alleviate the problems discussed earlier is to empower SOC analysts with AI in their daily tasks, which boosts analyst productivity and effectiveness. AI can be used to supplement the efforts of security analysts and significantly reduce the time it takes to investigate and remediate threats, which in turn reduces dwell time, lowers breach costs and improves overall security posture. It’s important to get a solid grasp of how AI can help meet your specific business needs and where it can make the most impact before moving forward with selecting and implementing a solution.

More from Artificial Intelligence

Machine Learning Applications in the Cybersecurity Space

3 min read - Machine learning is one of the hottest areas in data science. This subset of artificial intelligence allows a system to learn from data and make accurate predictions, identify anomalies or make recommendations using different techniques. Machine learning techniques extract information from vast amounts of data and transform it into valuable business knowledge. While most industries use these techniques, they are especially prominent in the finance, marketing, healthcare, retail and cybersecurity sectors. Machine learning can also address new cyber threats. There…

3 min read

Now Social Engineering Attackers Have AI. Do You? 

4 min read - Everybody in tech is talking about ChatGPT, the AI-based chatbot from Open AI that writes convincing prose and usable code. The trouble is malicious cyber attackers can use generative AI tools like ChatGPT to craft convincing prose and usable code just like everybody else. How does this powerful new category of tools affect the ability of criminals to launch cyberattacks, including social engineering attacks? When Every Social Engineering Attack Uses Perfect English ChatGPT is a public tool based on a…

4 min read

Can Large Language Models Boost Your Security Posture?

4 min read - The threat landscape is expanding, and regulatory requirements are multiplying. For the enterprise, the challenges just to keep up are only mounting. In addition, there’s the cybersecurity skills gap. According to the (ISC)2 2022 Cybersecurity Workforce Study, the global cybersecurity workforce gap has increased by 26.2%, which means 3.4 million more workers are needed to help protect data and prevent threats. Leveraging AI-based tools is unquestionably necessary for modern organizations. But how far can tools like ChatGPT take us with…

4 min read

Why Robot Vacuums Have Cameras (and What to Know About Them)

4 min read - Robot vacuum cleaner products are by far the largest category of consumer robots. They roll around on floors, hoovering up dust and dirt so we don’t have to, all while avoiding obstacles. The industry leader, iRobot, has been cleaning up the robot vacuum market for two decades. Over this time, the company has steadily gained fans and a sterling reputation, including around security and privacy. And then, something shocking happened. Someone posted on Facebook a picture of a woman sitting…

4 min read