How AI, ML and human ability intersect for cybersecurity

Artificial intelligence (AI) and machine learning (ML) are relatively new technologies, but they are already playing a central role in cybersecurity. Both have transformed how cyber threats are identified and prevented, while also processing data at incredible speed and scale. Today’s organizations are readily adopting AI and ML to improve cybersecurity efficiency and effectiveness, but these capabilities are not without their implementation challenges.

AI and ML create significant value to organizations in preventing cyberattacks, as the speed and scale of modern cybersecurity threats are too large and too complex for humans alone to detect and thwart. However, organizations where people and machines work closely together extract the greatest value from these technologies. The role of AI and ML will continue to evolve, permeate, and create significant positive change for organizations on their cybersecurity journey, while still relying on human ability to model, program and dissect machine-sourced findings.

The benefits for organizations

Identifying key patterns and distilling relevant information from large data sets remains a challenge for many organizations, compounded by an inability to be proactive with existing detection-based tools. Bad actors can exploit this vulnerability by continuously changing their techniques. A significant benefit of using AL and ML is the ability to effectively mine data and identify the most pressing trends and behaviours that would otherwise be overlooked by human analysts, while doing so almost instantaneously.

“AI and ML gives the ability to find patterns and behaviours in amazing sets of data and correlation points that normally as humans we’d have a lot of trouble processing,” said Theo van Wyk, head of cybersecurity at CDW Canada.

An example of the use of AI and ML is detecting intrusions on laptops. Malware has very specific, regularly changed behaviours, which signature-based detection is unable to detect. Through the human creation of an algorithm, AI and ML are able to identify elements that would have previously gone undetected.

Why organizations should use AI and ML

AI and ML deployment should be carefully considered and used only when it adds value and improves outcomes. As working with AI and ML tools becomes more engrained in long-term strategy and everyday operations, organizations can run on increasingly large scales.

In addition, organizations can leverage AI and ML for multiple applications including embedding these tools in features for customer use, pinpointing key information within large data sets and identifying trends that would otherwise be missed by humans. Vendors are often privy to information from different customers and verticals that can be correlated, allowing for better models and outcomes when training AI and ML.

“These technologies on the cybersecurity side are very helpful,” said TK Keanini, distinguished engineer in Cisco’s Security Business Group. “All of these analytical tools should be focused on an outcome. We may individually not know what pattern to look for but can detect new threats even if they aren’t on a list.”

Effective implementation

When looking at security orchestration and automation and response (SOAR) tools, automation tends to take precedence. As a result, orchestration often remains a common challenge. However, when working with security analysts, it is important to map out and capture processes in a workflow to first understand what actions to take based on information inputs. Once organizations understand the impacts and dependencies they want to orchestrate, they can automate with greater confidence and accuracy.

Balancing ethics

Ethics should be carefully considered when implementing AI and ML. Machines think in a binary way and cannot understand ethics, leading to potential violations of privacy or personal barriers in the pursuit of a strong cybersecurity posture.

Organizations need to promote and implement the responsible and ethical use of AI and ML tools, where they are only used for what it is intended within with the proper controls and restrictions. Simply because you can do something with the tool, does not mean you should.

Where do we go from here?

Navigating AI and ML to support cybersecurity posture can be challenging. For organizations who are interested in starting to work with these technologies, it is important to start by reading and speaking with experts, not getting overwhelmed, keeping an open mind and thinking about how these tools can advance organizational objectives.

AI and ML will certainly become more embedded in our everyday lives and enable organizations to operate at an unprecedented scale. Cybersecurity should be understood as a holistic concept that requires hybrid solutions. While the barrier between machine and human may shift over time, pursuing the optimal intersection of AI, ML and human ability provides organizations with the most comprehensive line of defense against cyberattacks.