The Limits of AI and ML in Cybersecurity Solutions
The cybersecurity skills shortage, the increasing number and sophistication of attacks and savvy and aggressive cybercriminal gangs have created a perfect storm for cybersecurity teams. Defending networks, endpoints and data seems like a Herculean task some days. The advent of artificial intelligence and machine learning (AI/ML) tools has offered some relief, and organizations have been quick to embrace the technology. Research from Pillsbury Law found that half of executives believed AI and ML offer the best defense against cyberattacks from nation-states.
However, while the study stated that automating threat detection using AI enhances security, the technology alone won’t solve all your cybersecurity problems. In fact, these technologies can actually make cybersecurity systems weaker in some respects.
“In part, this is due to the fact that there is a nascent but potentially growing threat landscape in which malicious actors use AI to penetrate weak systems or exploit the complexities of cybersecurity systems that rely on AI,” the report stated. In other words, cybercriminals are often using the same technologies to attack and penetrate systems as organizations use for defense.
As more organizations implement AI and ML into their security systems, they also need to understand the limitations of the technology.
Myths Around AI in Cybersecurity
The biggest misconception is that AI/ML will immediately take the place of a trained security analyst, said Andrew Hay, COO at LARES Consulting. “AI/ML is only as valuable as the source data being fed into the machine.” Humans dictate the data fed into the system so machine learning can create patterns and follow behaviors that can pick up anomalies. But it goes beyond that. AI can find potential problems, but it is up to a live person to make a decision about whether an alert is true or is a false positive and then generate a response.
“Perhaps this could happen in the future, or after extensive training for the organization’s environment,” said Hay. “Regardless of what the vendor tells you, you cannot simply drop a box in and have it replace two or three trained security personnel.”
Another myth is the actual effectiveness of AI systems as a cybersecurity solution. At one extreme is the argument that AI and ML are the panaceas for all things related to cybersecurity, explained Dr. Sohrob Kazerounian, AI research lead at Vectra, while the other extreme is the argument that AI and ML have no role in cybersecurity whatsoever.
“The actual truth is, unfortunately, far less buzzworthy and not particularly quotable by marketing departments. The fact of the matter is that AI and ML are not, on their own, silver bullets for your security operations center (SOC),” said Kazerounian. “Not making use of them, however, would leave your SOC woefully in the dark when it comes to a wide range of current and future attacks.”
Simply put, cybersecurity solutions that don’t adopt AI or ML can’t keep pace with a changing threat landscape; on the other hand, solutions that only make use of generic AI and ML techniques developed without security context and domain specificity tend to look only for statistical anomalies in an environment.
“This creates attentional and operational overhead and distracts from true attacker behaviors, which are often crafted to look benign by design,” said Kazerounian.
AI and ML Are Different Technologies
There’s a tendency to discuss AI and ML as one unified technology, but they are distinct. As Microsoft explained, “An ‘intelligent’ computer uses AI to think like a human and perform tasks on its own. Machine learning is how a computer system develops its intelligence.” Without knowing how each technology works or how it adds benefit, you risk limiting the technology’s effectiveness.
Organizations should investigate whether the technology they need will do what a human alone can’t do, advised Kazerounian. AI and ML should save human analysts time, not distract from actual attacks.
“Getting bogged down in whether or not something is AI or ML is a lot like worrying about whether or not submarines swim,” said Kazerounian. “In the end, what really matters is whether or not the solution works.”
Integration with Legacy Systems
Introducing AI and ML as security solutions will certainly offer better protection, but don’t expect the technologies to integrate seamlessly.
“Extensive data manipulation and integration will be required to effectively apply new security solutions to old systems,” said Hay.
Also, Hay added, AI and ML don’t function as advertised without extensive training from appropriate data sources. The technologies and their users must undergo extensive training and fine-tuning for the customer’s specific environment.
So, while you should adopt AI and ML to enhance your cybersecurity system, it’s important to understand that it can’t be the answer to all your needs. Like all technology, there are limitations on what it can and cannot do.
