Skip to main content

Is AI overhyped or could it be your secret weapon

(Image credit: Image Credit: Razum / Shutterstock)

The persistent threat of novel malicious attacks has made it abundantly clear that businesses can no longer rely on outdated, legacy solutions that monitor for known threats in arrears. Simply put, analysing yesterday’s security incident no longer enables you to predict and prevent tomorrow’s attack.

According to a recent report from the UK Department for Digital, Culture, Media & Sport, 60 per cent of medium and large businesses have identified breaches or attacks in the past year. Additionally, 25 per cent of medium and 20 per cent of large businesses that identified a security incident, stated that they experienced a breach or an attack at least once a week.

Legislative frameworks, such as the General Data Protection Regulation, have put the spotlight on businesses to respond. In order to stay in compliance, businesses must adopt new ways to defend themselves against continuous and evolving threats.

Artificial intelligence (AI) and machine learning are unquestionably buzzwords which are often thrown around the boardroom as the solution to every problem. Whilst they are often misused and many struggle to understand how they can be applied most effectively within a business environment, security teams around the world are already adopting next-generation security solutions using AI to keep pace with the rapidly evolving threat landscape.

Putting artificial intelligence into context

Buzzword or not, AI has become an essential tool to help businesses detect attacks faster and more accurately than ever before. Unlike traditional solutions, AI enables capabilities that go far beyond identifying known threats. AI models can help to determine a file’s maliciousness with no previous knowledge of the file, relying instead on the analysis of the file’s innate properties. With sufficient quality data available, AI techniques easily outperform traditional signature-based or indicators of compromise (IOC)-based prevention approaches, which retroactively seek out the artefacts an attacker leaves during a breach.

Beyond this, next-gen solutions which couple applied analytics and analytics can help to accelerate investigations and provide guided remediation steps to empower security teams to threats in real-time.

Not all AI is created equal

Global spending on cognitive and AI systems is expected to triple over the next four years, according to a recent report from IDC. While this trend is nothing new, the way in which businesses will leverage this technology to reduce costs, improve staff productivity and increase profitability is set to change.

AI can significantly empower organisations, however, it’s important to note that not all AI is created equal. For many CISOs who are looking to integrate AI into their strategies for the first time there are three key factors that need to be considered in order to determine its potential effectiveness.

To be truly effective, algorithms that enable artificial intelligence depend on the quality and volume of data that trains them and the selection of the right differentiating features from that data. This means it’s important that CISOs gain an understanding of the volume of data sets and algorithms that the solution has been tested against. This could be the difference between effective detections or numerous false positives.

Beyond the size of the data set, where the data has been collected could impact the effectiveness of the security solution. Different countries and industries experience different types of security events, so having a cross-section of verticals will help build a more holistic view of cyber-threats, particularly for global organisations.

A final determinant to solution effectiveness is real-time intelligence. Are you able to retrain algorithms and classifiers? This is a critical element which has the ability to offer businesses a distinct advantage. Multi-tenant, cloud-native solutions provide security teams with data that is both larger and more meaningful than the data from on-premise or single instance private cloud products. These solutions enable instantaneous updates, allowing businesses to process and analyse trillions of endpoint-related events per week in real-time, so they can take a more proactive approach to the evolving threat landscape so that they are never behind the curve - they surf the leading edge.

The path forward

Traditional approaches to security are failing to keep pace with the rapidly evolving threat landscape, leaving many businesses exposed. WannaCry and NotPetya have helped bring to light this challenge and the need for business leaders to think seriously about the role of AI in enterprise security strategy.

While AI may still be a technology in its infancy, broadly, next-generation security solutions are helping businesses around the world to raise the bar when it comes to securing corporate networks simply by being able to crunch much more data in the cloud, faster, and provide insights as to what looks like a threat, even if it’s never been seen. It’s a smarter, faster way of operating, and the only way to deal with the threats of today, and tomorrow.

Zeki Turedi, Technology Strategist, Crowdstrike

Zeki Turedi is an influential, tenacious and highly sought cybersecurity commentator, consultant and presenter. Zeki has extensive incident response & forensic knowledge within law enforcement, government and private sector. His specialties include incident response, malware analysis, threat intelligence, digital forensics, network forensics, digital investigations, data loss prevention, and advanced threat modelling.