Go Back

Implementing AI in Cybersecurity Programs: The Upside and Downside

Artificial Intelligence (AI), the promise of intelligent machines that work and react like humans, has gone beyond the popular imagination into real-world applications. The creation of new and innovative AI solutions continues to transform business models across a variety of industries.

“About half of companies surveyed in an IBM and Ponemon Institute study this year are deploying some kind of security automation, with a further 38 percent planning to deploy a system within the next year, according to The Financial Times.  But what are the advantages and disadvantages of using this innovative new computing model to secure systems and data?

Big Data and the Rise of AI

Cloud computing is directly responsible for the recent advances in AI as it created the platform needed to collect and process large sets of data. Machine Learning accuracy and the relevance of its predictions are directly proportional to the amount of data the algorithm processes. As such, the explosion of data in recent years fuelled the rise of AI as it finally provided the large datasets needed for it to be a viable solution platform. Many cybersecurity solutions produce vast amounts of data, and it is in these areas where the deployment of AI solutions can benefit organizations.

AI Upsides – Automation and Threat Detection

Threat detection and mitigation are one of many areas in cybersecurity that is reactive. Typically, the implementation of security measures occurs after the identification of a threat. Anti-Malware solutions are an excellent example of this practice. The creation of anti-malware signature files is dependent on the security vendor obtaining and identifying malicious code after the attacker has released it. The same is true for Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) solutions that follow the same reactive signature-based solution model.

As much of the mitigation involved in many cybersecurity solutions is repetitive in nature, it can be automated. If we take the IPS process as an example, it consists of identifying the specific threat signature, adding it to the threat database, and then configuring the IPS to block any attack that matches it. This repetitive process and the fact that it is dealing with an extensive dataset makes it a perfect candidate for an AI solution. If we were to add AI to an IPS process, it would automate the complete threat identification and response process with much greater efficiency than humans would be able to. Furthermore, the whole system could be taught to detect threats automatically. Using Machine Learning and a large set of data, it could use heuristics to identify and mitigate potential attacks without any human intervention.

The Potential Downsides of AI

The potential economic impact of AI is a double-edged sword. There is no doubt that it can increase the efficiency of many systems, but it can in certain circumstances make human operators redundant. The automation of an AI solution is another scenario that can cut both ways.

Automation can significantly increase efficiency, but it can also create blind spots in an organization’s cybersecurity fabric. There is always the potential that automation may overlook potential threats or generate and act on false positives. There is even an argument that hackers could defeat AI algorithms by targeting the data the machines use. Also, by manipulating machine learning algorithms, hackers can either subvert security or leverage it to create a denial of service attack.

There is also the threat of hackers using AI themselves to attack the AI cyberdefenses head-on. In such a scenario, the black hat AI would be looking for anomalies in targeted defenses in microseconds. Using hard-to-solve cryptographic algorithms, hacker AI may be able to create patterns of attack that defensive AIs cannot counter fast enough. Further, attack-AIs may create the sort of false-positives that fool corporate AIs into believing the network has a problem other than a cyber attack.

There is no doubt that AI can increase efficiencies and ultimately lead to better security. However, organizations implementing these solutions must remain vigilant and not rely on a single product or algorithm to protect their systems or data. They must always keep humans in the loop.

About Coranet

Coranet is a certified Woman-Owned Information Technology Organization that has been meeting the requirements of Enterprise and Government entities for over 30 years.  Network Engineering and Technical Support is part of our foundation and we continue this proud tradition with a 360-degree approach to technology solutions and services in the areas of Audio Visual, Network & Physical Security, IT Infrastructure, and Consulting/Project Management.  Coranet is ISO 9001 registered, Lean Six Sigma and WBENC certified.

Please contact us at Sales@coranet.com for more information

Receive updates straight to your inbox