Ponemon Study Finds AI Can Help Close Security Gaps

Is the tail wagging the dog? Ponemon Institute and Aruba teamed up on a survey released a few weeks ago that found artificial intelligence (AI) is the key weapon for closing IoT-era cybersecurity gaps. Ponemon surveyed 4,000 security and IT professionals in the Americas, Europe and Asia. But the question must be raised: How much of the sentiment toward AI discovered by the survey is the result of the hype and mystique that surrounds the technology?

The premise of the study is that few, if any, enterprises have the kind of protection necessary in 2018 as what a solid perimeter defense delivered as little as five years ago. The expanding, ever-changing enterprise environment consisting of hybrid cloud systems, IoT, mobile, poor visibility of internal endpoints within security management tools, infosec team shortages, a runaway problem with false positives, siloed security solutions and threats from the inside has created “a blurring of the IT perimeter,” in the report’s language. There are gaps and vulnerabilities, both known and unknown, that leave most companies vulnerable to the inside threats.

Survey respondents fingered compromised legitimate users, negligent users and compromised IoT devices as the three top security risks faced by enterprises today. Rounding out the top five inside risks are advanced targeted attacks that bypass traditional perimeter defenses and malicious insiders.

Some 64 percent of the respondents said that new technologies, such as machine learning (ML), are needed to discover and understand threats that are active in the IT infrastructure. Almost 30 percent of the survey’s respondents have already implemented machine learning for security, either extensively throughout their IT infrastructure or partially, while another 25 percent plan to deploy machine learning within 12 months.

Monitoring privileged users, implementing an SIEM (security information event management) and UEBA (user and entity behavior analytics) are the top three technologies respondents feel their enterprises need to help close internal security threats.

So, is AI the white knight? Just over 50 percent responded that AI technologies, such as machine learning and behavioral analytics, are essential to detecting attacks on the inside before they do damage. Coming at a time when AI is still barely in its infancy in making its presence felt on the IT security battle lines, it does sound like a mandate.

Asked what the study’s chief takeaways are for CSOs and CISOs, Larry Lunetta, VP of marketing security solutions at Aruba, said: “The majority of our respondents [said] machine-learning and AI are essential for keeping up with a rapidly expanding attack surface compounded by chronic staff shortages. Reducing false alerts that consume precious resources was identified as one of the best ways to realize both increased efficiency and effectiveness.”

The Top Security Benefits from ML and from Advanced Analytics

The Top Security Benefits from ML and from Advanced Analytics
Respondents pegged the top three security benefits of using AI/ML as an increase in effectiveness of security teams, more efficient investigations and the ability to find stealthy threats that have evaded the standard security defenses.

Courtesy of Ponemon Institute and Aruba from “Closing the IT Security Gap with Automation & AI in the Era of IoT.”

Let’s be realistic. AI is no panacea. It’s not an instant security Band-Aid that we can place wherever we think we’ve got a problem. In fact, it’s far from being cybercriminal kryptonite. It might wind up being the tool that cybercriminals raise the bar with when some of the easier vulnerabilities are tapped out. But enterprises should be ready by then to fight fire with fire.

AI is the next technology evolution for security and for many other things. It’s time to get up to speed on machine learning and other AI technologies. The true benefits people tout about artificial intelligence may not be here yet. We’re only seeing a hint of what may be to come. But AI is not a product; there’s a lot of hard work required to make it integrate with your enterprise’s environment and perform the tasks most needed by your business.

Scot Finnie

Avatar photo

Scot Finnie

Scot Finnie is an award-winning business and technology journalist, reviewer, columnist, editor, and manager. He was the editor-in-chief of Computerworld for 10 years. He's been a Windows and macOS operating system expert for two decades. He torture-tested laptop PCs. Was ZDNet's first editor.

scot-finnie has 14 posts and counting.See all posts by scot-finnie