Choosing the Right AI Components in Your Security Tools
AI is a hot buzzword in cybersecurity, but just because a security tool is labeled “AI-enabled” or “AI-powered” doesn’t mean the technology will translate easily to your cybersecurity system. There is still a lot to learn about AI, said Anne Townsend, department manager with MITRE, during the RSA session “AI-Powered Or Is It Just Hype?”
Just as AI can be used as a tool to protect against cyberattacks or sniff out cybersecurity threats, it also can be programmed with adversarial machine learning and used to create harmful situations. When considering artificial intelligence components, there are other things, besides security, you need to know.
“With this AI component, is it really doing what it should be doing and is it doing a good job?” Townsend said. “A cybersecurity tool could have an AI component, but is that component really doing any of the cybersecurity functionality?”
There is also the possibility that the AI component could be introducing new vulnerabilities into the enterprise. Or the component may have no relevance to your overall security system, making the costs outweigh the benefit. For AI to be most effective at protecting your security system, you need to make sure the components are the right fit. But how do you know what’s right for you?
Choosing AI Begins with Dialogue
Before adopting any cybersecurity tool, you need to be able to answer questions about your network and the assets you need to protect. That same approach should be used when considering an AI component to augment your cybersecurity toolset. It begins with a dialogue between you and your vendor, Townsend advised.
“The goal is really to continue to help facilitate that better dialogue between the vendor and the potential tool adopter for both sides to win,” Townsend said. “The vendor’s got to understand what the tool adopter is interested in, what are their concerns, and then the tool adopter themselves can really understand what they are getting and whether they should adopt AI into their enterprise.”
MITRE developed a framework that helps organizations better understand the effectiveness of the AI component in cybersecurity tools. The framework looks at the following:
- Relevance: Is this component necessary and appropriate?
- Competence: Does it actually do what the vendor claims?
- Cost: Not only the upfront cost, but cost benefits.
“The answers to these questions provide a score and guidance for an acquisition,” said Dr. Michael Hadjimichael, principal computer scientist with MITRE and co-presenter of the RSA session. The questions are the beginning of the process–you’ve got to start somewhere, Hadjimichael pointed out–but these are the ones that offer an initial screening. By asking these questions and beginning a dialogue with the vendor, you will get a clearer picture of how the AI component will interact with your system. You’ll learn how much functionality it offers, or discover that it is gratuitous; something that sounds good, but, in the long run, is an unneeded expense. “You don’t want to get any more or less than what you need,” Hadjimichael said.
Both Sides of Security
AI offers a lot to improve your cybersecurity system and relieve some burdens from the humans on the security team. The ability to monitor for anomalies in network behavior, for example, goes a long way in decreasing employee burnout and offers a more accurate look at what’s actually happening. But you also have to make sure that the AI you introduce isn’t adding to your security problems, which, in turn, decreases the cost benefits.
“Adding AI may introduce unmitigated vulnerabilities,” said Hadjimichael. “To get the advantages, you also have to consider the vulnerabilities.” Using AI components in your cybersecurity tools may seem like the right move, but not all AI-enabled or AI-powered components are equal. What’s perfect for one company may be wrong for you. Asking the right questions and building a relationship with the AI vendor will lead you to the best tools for your organization.
