Some CISOs, though, are preparing to do just that.
“It is a game changer,” Intertek CISO Dane Warren said. “Through enhanced automation, orchestration, robotics, and intelligent agents, the industry will see greater advancement in both the offensive and defensive capabilities.”
Warren adds that improvements could include responding quicker to security events, better data analysis and “using statistical models to better predict or anticipate behaviors.”
Andy Rose, CISO at NATS, also sees the benefits: “Security has always had a need for smart processes to apply themselves to vast amounts of disparate data to find trends and anomalies – whether that is identifying and stopping spam mail, or finding a data exfiltration channel.
“People struggle with the sheer volume of data so AI is the perfect solution for accelerating and automating security issue detection.”
Security use cases sees start-ups boom
Security providers have always tried to evolve with the ever-changing threat landscape and AI is no different.
However, with technology naturally outpacing vendor transformation, start-ups have quickly emerged with novel AI-infused solutions for improving SOC efficiency, quantifying risks and optimizing network traffic anomaly detection.
Relative newcomers Tanium, Cylance and - to lesser extent - LogRhythm have jumped into this space, but it’s start-ups like Darktrace, Harvest.AI, PatternEx (coming out of MIT), and StatusToday that have caught the eye of the industry. Another relative unknown, SparkCognition, unveiled what it called the first AI-powered cognitive AV system at BlackHat 2016.
The tech giants are now playing with AI in security too; Google is working on AI-based system which replaces traditional CAPTCHA forms and its researchers have taught AI to create its own encryption. IBM launched Watson for Cyber Security earlier this month, while in January Amazon acquired Harvest.AI, which uses algorithms to identify important documents and IP of a business, and then user behavior analytics with data loss prevention techniques to protect them from attack.
Some describe these products as ‘first-gen’ AI security solutions, primarily focused on sifting through data, hunting for threats, and facilitating human-led remediation. In the future, AI could automate 24x7 SOCs, enabling workers to focus on business continuity and critical support issues.
“I see AI initially as an intelligent assistant – able to deal with many inputs and access expert level analytics and processes,” agrees Rose, adding AI will support security professionals in “higher level analysis and decisions.”
Ignacio Arnaldo is chief data scientist at PatternEx, which offers an AI detection system that automates tasks in SecOps, such as the ability to detect APTs from network, applications and endpoint logs. He says that AI offers CISOs a new level of automation.
Sign up for Computerworld eNewsletters.