When it comes to the challenges posed by cybersecurity threats, most organizations are rapidly trending in the wrong direction, observes Travis Rosiek, chief technology and strategy officer at AI cybersecurity firm BluVector. “Cyber criminals have found an effective business model to monetize the use of ransomware by reinvesting the ransom payments to advance their capabilities and are creating a sort of gold rush,” he says.

Yet the ransomware bonanza may soon go bust as cyberattackers increasingly face a powerful new foe: artificial intelligence. AI’s increasing speed and accuracy is helping enterprises level the cybersecurity playing field. “A machine can discover and react to issues or potential attacks in their environment more rapidly than a human because of its ability to consume and understand large volumes of concurrent data,” says Billy Spears, CISO at data science firm Alteryx. “Using AI gives valuable time back to the organization to focus on higher-value projects.”

Effective, But Not a Cure-All

AI can be an effective component in a resilient cyber-defensive strategy, but it shouldn't be considered a cure-all. “It's not a silver bullet, nor does one exist for cyber threat detection and response,” warns Curt Aubley, risk and financial advisory, detect-and-respond practice leader, at business and IT consultancy Deloitte.

AI alone can't create a total cybersecurity umbrella. However, when applied to a specific cybersecurity challenge, it's frequently the best way to stay a step ahead of attackers, Rosiek advises. “AI is generally most effective when addressing cybersecurity problems that involve complex, manually intensive and time-intensive tasks, or large and high-velocity data [threats],” he notes. “There are many aspects to cybersecurity that are ripe for leveraging AI to stay ahead of cyberthreat actors.”

Travis Rosiek, BluVector

Aaron Sant-Miller, a chief data scientist at IT consulting firm Booz Allen Hamilton, says he has seen significant success in AI systems designed to detect specific tactics, techniques, and procedures (TTPs). “Trying to use AI or ML to detect good versus bad behaviors is very hard; what’s good or bad on one network or in one environment may change drastically over time and is hard to generalize across multiple environments,” he explains. Yet some TTPs become highly generalizable over time and across environments. “This makes aggregating and reusing data viable, which makes training supervised models more feasible and final capabilities more powerful,” Sant-Miller states.

When included in a resilient cyber defensive strategy, AI is very use-case-based, Aubley observes. “At the edge, AI/ML models can be used to prevent malware from running while centralized cloud-based AI models can help identify patterns of attacker behavior that a human wouldn't be able to find at scale.”

Rosiek recommends countering cybersecurity threats with AI positioned at the network level. Organizations should look at companies that are delivering next-generation machine-learning advanced threat detection that's protecting networks at line speed,” he says.

A Strong Foundation

Before adding AI to its cybersecurity arsenal, it's important to build a solid security foundation that connects people, processes, and technologies. “Introducing additional security analytics on top of that [base] can achieve an amplification effect,” observes Joe McMann, global cybersecurity portfolio lead at IT and business advisory firm Capgemini.

As with any cybersecurity platform or methodology, IT leaders should position themselves to take full advantage of AI's attack-fighting potential. “Otherwise, it's just a system generating activity that nobody looks at or, even worse, one that generates false positives or low fidelity detections that ultimately reduce your organization’s [security] effectiveness,” McMann notes.

Rosiek stressed the importance of staying a step ahead of cyberattackers, such as by leveraging supervised ML to perform malicious code detection without reliance on signatures. “As attackers create malware in ways that are designed to evade compliance-required signature-based detections, it's imperative that organizations go beyond compliance requirements and invest in detection that doesn’t require signatures or threat intelligence to be effective,” he adds.

Aaron Sant-Miller, Booz Allen

Cybersecurity must never be viewed as a single-layer process, says Robert Boudreaux, field CTO for cybersecurity firm Deep Instinct. “The benefits of AI at any level create automation that helps with triage, response, and an understanding of the threat landscape and day-to-day events,” he notes.

Stay Focused

With or without AI assistance, it's important to remain focused on cybersecurity basics. To keep a step ahead of bad actors, Boudreaux advises conducting regular reviews of security systems, tools, and policies. Enlist employees in vigilance, recognition, and visibility to threats in your environment. “Regular training helps with not only security application but also the adoption of security as a mindset,” he explains.

The future of enterprise security is tied to better cybersecurity practices, Sant-Miller states. “This involves everything from more efficient security operations, more thorough applications of cyber controls and compliance, and overall better safeguards against poor IT user behavior.” AI can play a major role in improving those practices, both through improved adversary detection, enhanced preventative compliance prioritization, and better problematic user behavior detection. “AI is a force multiplier on the impact of good cybersecurity,” he concludes.

Related Content:

CIO Agenda: Cloud, Cybersecurity, and AI Investments Ahead

How SolarWinds Changed Cybersecurity Leadership's Priorities

How to Best Assess Your Security Posture