If you’re looking for true AI, you’ll soon realize that optimizing it for cyber defense is a fine art.
It is important to ask questions. When hiring a new employee, we ask several questions, for example about their skills, their past professional successes, as well as their ability to bring added value to the new position.
The same approach should be applied to Artificial Intelligence. New use cases around chatbots, machine learning, predictive analysis… are explored, piloted and implemented on a large scale.
The capabilities, limitations, implications and even motivations of AI are regularly discussed in public forums, often with the effect of obscuring or exaggerating the truth. The term “AI” itself is frequently used as a catch-all, particularly in the cybersecurity field, referring to mysterious technologies that claim to be the cure for all business ills.
The loose use of the term has given rise to widespread misunderstanding. This was seen recently when a member of Google’s AI team was fired for claiming that the company’s LaMDA (Language Model for Dialogue Applications) chatbot had a conscience of its own.
For AI to take its full place in cybersecurity, solutions must be able to do more than identify a vector or a methodology. They must be able to deduce a malicious actor’s targets and anticipate attack methods that have not yet been discovered. And they must be scalable without compromising performance.
To find out if a supposedly “AI-powered” cybersecurity solution delivers on its promises, there are ultimately four questions to ask the vendor:
1. Anomaly detector or threat hunter?
A simple anomaly scan is likely to overwhelm security teams if it is not accompanied by more information. True AI will rely on intelligence from outside the organization.
Solutions that simply detect internal anomalies aren’t much use, because not all anomalies turn out to be threats, and many genuine threats take the time to camouflage their behavior as authorized or innocuous behavior.
AI platforms address these questions, while non-AI solutions create new problems by increasing the flood of alerts and placing the burden of investigation on security teams, while overlooking the real threats. True AI solutions examine behaviors and history to minimize noise and provide more contextual and actionable alerts.
2. What should be the place of AI?
If AI is only an add-on to a solution and is only used to solve peripheral problems, then its potential will not be fully exploited. AI must also be able to respond to fundamental operational challenges. It must be at the heart of the functionality and management of a system. In short, it is very important to know where AI is deployed and where it operates.
3. What about its creators?
A look at the team that designed the AI solution says it all. What is their know-how in data science, security research, psychology? Many disciplines and skills are required to design AI that delivers value. Also review the vendor’s support commitments to help you get the most out of your investment?
4. What promises are made?
If an AI-based solution is touted as a panacea for all ills, beware. AI does not see everything and does not do everything. We have recently experienced a major collective technological transformation. New complexities have emerged: hybrid cloud, multi-cloud, the proliferation of opaque third-party networks and rogue endpoints, and the growing popularity of SaaS and PaaS.
While exaggerated promises are not a new trend, in this environment of intense pressure on the cybersecurity function, the temptation to believe them is growing. The best way forward is through experience, agility and continuous improvement. Over time, true AI will perfect itself, while over-promising will shatter under the weight of reality.
Real AI: distinctive signs
If you’re looking for true AI, you’ll soon realize that optimizing it for cyber defense is a fine art. This will keep you from falling prey to charlatans touting the next big breakthrough.
It should be kept in mind that even a solution based on real AI needs accomplished professionals to achieve significant added value. Human ingenuity and judgment are, so far, imperfectly imitated by the most intelligent machines.
But proper, well-managed, and well-understood AI is currently the most effective tool for identifying the latest and most astute threat methods. Fake AI keeps us behind hackers and is a burden on cyber defense teams. True AI can give us a head start.