AI in Cybersecurity

Although we are still a long way from machines being able to react to situations in an intelligent, human way, Artificial Intelligence (AI) technologies have finally matured to the point where AI-supported machines and computer systems are able to complete tasks they have been trained to do.

AI-based systems are also able to “learn” or self-correct to get better at the task they have been trained to do. This ability to improve is commonly known as “machine learning” and is often what technology vendors call AI, but it is really just one form or element of AI.

Common applications of AI technologies include systems that analyse data to produce insights, recommendations, and forecasts. These applications are increasingly found in websites and systems used for anomaly detection, image classification, speech recognition, text summarization, business intelligence, predictive maintenance, identity verification, and chatbots or other support systems.

The ability of AI-supported systems to analyse data from a wide variety of sources to generate data-driven insights quickly and to automate actions is particularly useful in the context of cybersecurity. It is for this reason that a growing number of cybersecurity systems and tools are supported by AI.

The application of AI in cybersecurity was a key theme at this year’s KuppingerCole Analysts’ Cybersecurity Leadership Summit, which featured presentations on a wide range of related topics, including , the overall potential of AI in cybersecurity, the role of AI in endpoint security, the risk of AI in the hands of attackers, and some real world applications in OT and 5G environments.

AI is certainly not the solution for every problem you can think of, but there are concrete advantages to bringing AI, and particularly machine learning, into cybersecurity problems such as defending against ransomware.

— Anne Bailey Senior Analyst KuppingerCole

Audio/video

For a high-level overview of AI and its potential to improve cybersecurity capabilities, watch this presentation entitled: AI in Cybersecurity - Chance or Just Another Hype.

AI and machine learning are becoming a requirement to battle against increasingly automated attacks. To find out about he status of AI-powered endpoint security and how to adapt current strategy to the new risk level, watch this panel discussion on Redefining Endpoint Security - The Role of AI & Machine Learning.

AI is only a tool, and thus the relationship AI has with ransomware is convoluted; the application of that tool can be used to detect ransomware or to enhance it. The threat of AI-based ransomware is on the horizon, where AI is a weapon in the arsenal of attackers. To find about more about this paradox, have a look at this presentation on AI’s Two-Faced Relationship With Ransomware.

To explore the duality of AI in the context of cybersecurity even further, watch this presentation entitled: Machine Learning: Cybersecurity’s Friend & Foe or to find out more about the real world application of self-learning AI technology to counteract ransomware attacks, have a look at this presentation entitled: Ransomware in Focus.

To learn how to leverage a unified platform  and apps to reduce risk, improve accuracy, and proactively protect your most sensitive data, have a look at this presentation entitled: Transform Data Security in the Blink of an AI.

In addition to defence against ransomware, AI is being applied in a range of different cybersecurity use cases, some of which were addressed at CSLS. Have a look at these presentations entitled: Cybersecurity for AI & Automation in 5G Deployments and Using AI to Precisely Detect Anomalies in the OT Process.

For a general perspective on how AI is shaping the way security professionals approach cybersecurity, watch this presentation from a previous CSLS on how AI Already Revolutionizes the Way We Do Cybersecurity & IAM and this panel discussion on The Future of AI in Cybersecurity.

Explore the topic of AI in cybersecurity even further by watching two panel discussions that took place recently at the European Identity and Cloud conference.

The first, entitled: Mastering the Security Challenge for AI discusses how to identify common AI security threats, AI risk mitigation strategies, the human factor in AI security, and issues of data quality, integrity, and reliability. The second, is dedicated examining the Best Practices to integrate AI in Identity Access.

Returning to the theme of AI being a double- edged sword because  it can improve substantially cybersecurity practices, but at the same time can also facilitate new forms of attacks to the AI applications themselves, watch this presentation entitled: Trusting AI in Cybersecurity: A Double-Edged Sword and this presentation entitled: The Risk of Trusting AI in Cybersecurity.

Further examining the theme of AI in the hands of attackers, have a look at his presentation on Next Generation Phishing – Social Engineering in Times of Voice Phishing, AI and DeepFake.

Research

Thanks to the ongoing developments both in narrow and general AI, we already have much better security tools, but AI is not a silver bullet. For a realistic perspective on AI in the context of cybersecurity and some recommendations on planning your security strategy, have a look at his Leadership brief on Artificial Intelligence in Cybersecurity.

For an overview of the role of Artificial Intelligence in cybersecurity and business continuity, have a look at the relevant chapter in this Advisory Note on Business Continuity in the age of Cyber Attacks.

Blogs

Our analysts have written a number of blog posts about AI in the context of cybersecurity. For concise opinions, choose from the list below:

• Artificial Intelligence in Cybersecurity: Are We There Yet?
• Can Autonomous Improve Security Posture?
• How to Train Your AI to Mis-Identify Dragons
• Can Your Antivirus Be Too Intelligent Sometimes?
• Privileged Access Management Can Take on AI-Powered Malware to Protect Identity-Based Computing
• Cognitive Technologies: The Next Big Thing for IAM and Cybersecurity
• The Role of Artificial Intelligence in Cyber Security

Webinars

Review the following list of webinars that cover topics related to AI and security and choose those that are most relevant:

• When AI meets IoT: Does the Public Perception Reflect Reality?
• Workforce Continuity in a Time of Crisis
• Redefining IAM: Harnessing AI to Identify Risk at the Speed of Change
• The Power of Identity Context: How to Get the Right Context and How AI will Help

Whitepapers

Choosing a PAM solution has become a complex and potentially time-consuming decision for modern organizations, with AI being yet another consideration. To understand how AI and machine learning technology applied to PAM can deliver improvements to the security and risk posture of organizations, read this Whitepaper entitled: AI, Machine Learning and Privileged Access Management. 

Tech Investment

Organizations investing in AI-supported cybersecurity capabilities can have a look at some of the related solutions that we have evaluated: 

• SAP Enterprise Threat Detection
• IBM QRadar Advisor with Watson
• SentinelOne Singularity Platform
• Vectra Cognito
• SailPoint Predictive Identity
• Informatica Data Privacy Management
• Darktrace Enterprise Immune System
• Deep Secure Content Threat Removal Platform