Event Recording

Martin Kuppinger - AI Already Revolutionizes the Way We Do Cybersecurity & IAM


There are many challenges business are facing when they are implementing IAM and Cybersecurity, be it role management and access controls or efficient analytics in the SOC that narrows down the incidents to put the focus of investigation on. As AI augments us increasingly in our daily live activities as well as workers on the factory floor, it also already is able to augment us in doing Identity Management and Cybersecurity better. Martin Kuppinger will look at the areas where AI already is used and where we expect AI to hep us revolutionizing the way we do Cybersecurity and IAM. He will provide perspective that rate the impact and maturity of technologies and deliver guidance on how to pick the best technology for your use cases.

So thank you. And good morning to everyone. Thank you for GE for making the housekeeping and welcome from my side also to our cybersecurity leadership summit, where we will touch RA broad variety of topics around cyber security. A lot of them related to AI, which currently is heavily influencing the way we do cyber security. And we do identity management, which again is closely related to cyber security, but also many other facets of, of this broader topic of cybersecurity. So the next remaining 17 minutes or so I'll quickly walk through some, some thoughts and, and some ideas I have around how AI already revolutionizes, the way we do cybersecurity in am. And, and also focus a little on how does this, or where, where do I, from my Analyst perspective, really seeing a benefit in that. And as, as always with new technologies, we need to be careful.
So AI is one of these passwords of the year, and then every storage to the marketing people in the room. But, but every marketing department tends to put an AI sticker on the product. There might be very little AI and it might be not very meaningful, but AI currently helps selling. So we need to be careful and think about where does it really deliver a benefit. And so first, when you look at cybersecurity and identity management and what are the, so the overarching trends, we see a lot of change, and that is also a reason why we need to make sort of technical advancements here in one of these changes, affects identities and access. So we, we see that this entire world of how we do identity and access management is changing. We see a focus on, on all types of, of identities. We see that, that access management.
So the sort of the runtime access is gaining momentum. We have this big thing around zero trust, which is out for, for quite a while, and which is affecting a lot of security sinking, and still leading to a lot of discussions. When I look at the various businesses where, where we see a lot of discussion around, what does it really mean? What does it mean for us? And then we had yesterday a little bit of a talk about zero trust. There will be sessions focusing on that. And then obviously there's AI and AI is definitely impacting the way we do a lot of things. And AI potentially can help us in doing certain things better by supporting analyzes by identifying Analyst, outliers, etcetera touches on the minute. And we have also as another important trend, we have to shift to API and microservices. And I'm just, as I know, I'm a strong believer that good software today should be built on a microservices architecture, ready to deploy and containers to run in various deployment models.
That is one of the things where I believe it's really time to look at. And so from these big trends, we see AI is one of these big four trends. And I think there's a good reason why we, why we have to look at AI because we have a pretty tough life. These days in cybersecurity. There are a lot of things which, which really challenge us in cybersecurity, which is the skills gap, which is the, the ever increasing number of attacks. And I don't see any sign of change. We have these zero day attacks, which actually are long running before they are detected. So zero day is pretty positive term for something which is even worse. We have an industry behind cyber crime. There are business models that appear to be working quite well. We have this imbalance of attack and defense. So, so an attacker needs one attack that works.
We need to defend against each and every attack. So our position is defenders as you, most of you are defenders. And that attackers in the room, the, the definitive procession is, is far worse. We have Pharmac volatile environments as part of DevOps. We have the cloud, which is in some areas positive because we have someone who hopefully cares in a very professional manner for security and large cloud service providers can put far more effort than, than every single business can. On the other hand, data is sprawling and we have an ever increasing business impact of things that go wrong in cyber security. So when, when things go wrong in the worst case that can kill a business. So attacks that, that really put your, your it out of, out of, or out of work for a while are extremely costly. Just a couple of days, two or three weeks ago.
I've learned that that from one of the anti malware lenders, one of the patches failed greatly, and a couple of organizations, a couple of business, I know had production outage. So they they're, they're manufacturing lines stopped. And we all know in a manufacturing business, if you're not producing your goods for a day or so for a couple of hours, that's really costly, these things can, can affect it. And so the big question is this AI and ML is this sort of the holy grail of cyber security, or how can AI and ML can support cyber security to answer the first question, obviously know, no, there is no holy grail technology can help in certain areas that can improve things, but it's not, that is, will solve everything. And we need to be very careful on where does it really help and, and where is it maybe slightly overestimated?
So, so where, where can it help one of the areas and probably the, maybe the most relevant today Isly detection. However, and I think that's something always to be kept in mind. AI primarily works well when it has a large amount of data. It can work on. So, so there's, this, the numbers might be a little lower or higher, but there's this comparison of, of how many sort of samples doesn't machine learning system need to distinguish between a dock and a cat. And the numbers you get are somewhere between 100,000 and a million, or even more a kit needs, maybe 10 SOIs and ML is, is really a RA dump technology compared to humans. When you look at the number of samples required. In other words, if you don't have large amounts of data, anomaly detection in tend is more limited. We have decisions support, and in some way, decisions are support.
I think there are various ways to do that working on, on text, identifying anomalies, identifying the outliers, all that stuff helps in decision support and stuff is done, right. There is a lot of potential this entire Fu search thing, which is another really new technology is clearly one of the areas where it helps. So, so finding things which are not, which don't fit the exact search term text understanding, we see this in many areas. So one of the areas where I find this is pretty interesting is for instance, also in, in, in the legal space where you have a lot of texts to read and, and where AI can help picking the right text, the right core decisions, et cetera, we see it very practically implemented in threat intelligence. Again, this is factually also around anomaly detection, reducing the, the number of, of, of data points, et cetera, user behavior analytics is another type of application.
So again, it's about the anomalies. So where are the anomalies in the user behavior? One of these areas where we obviously need to be very careful, because when we look at, at these things, we can also greatly fail in, in AI. So when we start doing these things, and then we approaching the end of the fiscal year, there might be very, very different user behaviors for a good reason, because they are only done by the end of the fiscal year. And then if, if our system stops people from working on their tasks, by the end of the fiscal year, we, we might really end up in some, some bigger trouble, so we need to do it right. And that's also one of the areas where, where I believe we, we need to come to a point where we need to have some understanding and some control about what the AI is doing.
So not trust the secret sauce, which does something, but we need some ways to, to, to, to control what AI is doing to attract sort of knowledge, which, which influences the decisions, cetera, threat analyzes, close to threat intelligence. So, but going more into detail of, of, of certain define threats and maybe at some point automated reaction all based on that. And it's not that this is pure AI, it's usually, that's also, I think very important also usually a combination of AI and our stuff. So when we look at, at cybersecurity, there are a couple of areas where, where I believe we, where I know we, we are already benefiting from applied AI and there will be more. And I think it's a very logical thing because we have specifically around threats and, and behavior, we have usually a lot of data points and we can do a lot of things based on that.
And the bigger, the better you can do. How does this look for IM? So when I look at the broad range of, of technologies within IM, where are the areas where I believe that a eye can bring a, has a, has a very strong potential and oops, that was once too. And there was a mistake of me vomiting. So look at the red ones. First. I obviously, I missed someone when I built my slides. So the red ones, the ones circled red are the areas where I believe we have the strongest potential for AI. A lot of this is around authentication. And then again, in the adjacent areas, which are not really IM, but which are related to IM, which are, for instance, again, user behavior analytics and, and the entire cybersecurity area. So for, for all this authentication stuff, it's, again, it's identifying anomalies and behavior, and this is something which is not entirely new.
When you look at banks, they are using risk adaptive authentication technologies for, or credit card providers, etcetera, for many years, looking at, at, at science of, of anomalies and then asking for maybe a second dose indication, etcetera. And there are a couple of areas where, where I see some potential, but maybe a lesser level of potential in many cases in I am. And I'll, I'll talk about it in a, in another talk, I think at early afternoon, I think at one in the, the trauma language strike, by the way, they'll go into more detail on the IM stuff, but basically for, for several other areas, the challenge is we might trust, not have enough data points to be super good in what we do with AI. Again, it's always a question of having sufficient data points. And so I think it's, it's very important to understand where does AI really help or not.
And, and we touched yesterday, I believe to some extent the workshop, but also the, the evening session we had the KX talk. We touched some, some methodologies on, on how to compare different types of technologies. And, and obviously we can compare sort of traditional rule based adaptive authentication approaches with more AI powered approaches. And then we might end up with a scenario where we know that probably a number of use cases supported today is, is broader for rule based stuff, because it also works well for, for scenarios where we don't have that large amount of data. While the AI based use cases always will require a larger amount of data. Maturity is bigger here, but we might get better in, in, in our results. When we work really with AI as part of the solution, it never will be pure AI versus pure rule based time to production might be longer because the system first might need to learn.
We shouldn't underestimate it. And by the way, when we talk about this learning thing, machine learning that the term learning not only implies that someone is learning, but it also implies that there is a teacher in some way. We shouldn't forget about that. When we, when we look at machine learning, so we needed to drain systems. And at the end, this is something which is, I think quite frequently ignored when, when, when, when talk about machine learning, that the effort can be quite reasonable to drain a system. And it's also sort of a life long learning it's machine learning is not done in a short period beginning. You always should assume that there's lifelong learning of your system as long as the system lives in that case, which write systems on average is less than for a human. So look at it, look at it, realistically, compare these technologies and try to understand today, really deliver benefit.
And where are the challenges we have. And some of these challenges, as I've said, include the learning parts. It might include the maturity in other stuff. So this is something we need to look at. There are various various aspects we can look at. So you'll get access to the slide deck for download. As I've said, there are a couple of, couple of elements we, we can look at and then we need to understand, does it really help? And then we can also look at different types of technologies put in into portfolio, and don't nail me on those picture. So we can probably have an argument about every single, single data point or single point in that. But basically there are technologies where I see a stronger, bigger security impact and the bigger maturity. So in the, the field of security intelligence, also to some extent, the fraud detect or user behavior analytics, there's some more maturity.
If I had a bad, bad day, when, when, when creating that probably there would be far more space above all of the data points, because we could clearly argue that none of these solutions is really mature so that we might say we are really in the very, very early steps of what we are doing, but let's look at it a little bit more positive in the sense of, yes, you can use it and you can have a benefit adaptive authentication, etcetera. While other technologies will currently benefit only little. I see a lot of, lot of work done for instance, around access governance. I'm a little skeptical in some areas just because of the, the number of data points. So identifying whether entitlements are correct or not, is not easy in a single organization. If you have relatively few users. So will be interesting to see where this ends.
But basically we have already a situation where we have a lot of impact of AI on cyber security and on identity management, this will continue and there's a big potential, but we always should remain somewhat skeptical and trust the bag and look at it realistically. So where's the benefit and what is sort of the cost at which this, these technologies come because I touched it with learning. I touched it with a number of data points and other things. There's no such thing as a free lunch. And there's another technology which does everything better than everything we had before. It's more a continuum, a continuous improvement of technologies, and yes, it helps. And it helps us to deal with the sheer amount of, of, of security data, et cetera. That's where I see the biggest potential. We have a lot of research around AI already and around AI and cyber security. You all have these Casey plus things on your, your desk. It's rather easy and affordable to gain access to our research right now, as I've said, there's a lot around that, around cybersecurity and around IM so thank you for listening to my opening keynote.

Video Links

Stay Connected

KuppingerCole on social media

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00