AI in cybersecurity: Beyond the hype

It’s Official: AI is More Than Hype. My Report from the Artelligence Forum in Dubai.

Last week of April, I had attended the Artelligence Forum, Dubai. My mission was simple: to investigate modern Artificial Intelligence (AI) in order to separate the technology’s hype from its real-world applications.

Clearly, AI has been in the news a lot in recent years. But, truth be told, I did not take it very seriously at first. There was too much “science fiction” talk about general AI’s, and not enough talk about real-world application. My perspective only changed at the end of 2017, when Dubai appointed its first State Minister for Artificial Intelligence.

The UAE as a whole, and Dubai specifically, has become a major tech hub, and placed themselves at the forefront of emerging technologies. This official, governmental embrace of AI forced me to reconsider my position, and fueled my desire to give AI serious consideration, which led me to attend the Artelligence Forum.

I am glad I did. And after the past few days, I can safely say my position on AI has reversed. To be clear: there was still some hype and fluff regarding AI’s application at this event. But, overall, I saw many clear thinking, highly practical, practitioners and applications of AI that demonstrated a real future for this technology. I heard provocative arguements that AI adoption needs to be driven by the business and not traditional IT, how the ethics and culture of AI are still undefined, and whether or not AI will ever replace humans. But while these top-level discussions of AI were fascinating, there was one application of AI I encountered at the Forum that I found most compelling, and immediately necessary— the application of AI to cyber security.

Why did I find the application of AI to cyber security so compelling? It’s simple. Much of the discussion of AI at the conference was practical, but also still speculative, and focused on ways AI might transform technology and drive additional value to the business in the future. By contrast, there was a compelling case from one vendor that AI must be brought to our cyber defenses today. Their arguments were logical: modern cyber-attacks generate more data than any human security team could ever process on their own. AI is required to dramatically accelerate detection of, and response to, these threats, in order to minimize their impact. (That, and the fact modern cyber criminals themselves are already deploying AI in their attacks, and we must begin to fight fire with fire.)

There were two cyber security vendors who attended the forum and described their service offerings, one firm’s presentation—and the practical approach to applying AI to cyber security—stood out to me: Paladion. This firm has already developed their own AI platform—named AI.saac—that they have begun deploying at every stage of their Managed Detection and Response (MDR) service. They combine four different security analytics on a unified Big Data platform, from which their proprietary AI continuously parses the information to detect, and respond to, threats in near real-time—a task that would be impossible for humans alone (though Paladion stated they also employ 1,000+ cyber security experts to man their global SOCs).

After attending their excellent presentation—on “How to Use Artificial Intelligence to Leap Forward Your Cyber Security”—I had a few follow up questions. The firm’s representatives quickly returned my inquiries, and answered the following questions:

What do you see as the critical applications of AI to Cyber Security?

First, let’s discuss where you cannot apply AI to cyber security. Modern AI is not a generalized intelligence that can handle cyber security on its own. We still need human experts to form hypothesis, evaluate risks, determine if alerts are actual attacks, and decide what to do in the event of an attack.

By contrast, AI primarily deploys Machine Learning algorithms to automate data science activities, in order to process the massive volume of threat data modern businesses now face. For that reason, AI is primarily applied in data-intensive aspects of cyber security that include Threat Hunting, Alert Triaging, Incident Analysis & Investigation, and Incident Response.

Do you have any success stories applying AI to a client’s cyber defense?

Of course. Here’s just one of many.

In this case, our client was a 100+ year-old packaging company that was based in the U.S., but which operated a complex network distributed over 132 global locations. When they approached us, they were not continuously monitoring this network. Unsurprisingly, they had already experienced damaging breaches to their data centers and DMZ systems, and their Mean Time to Detect (MtTD) was 168 hours.

By deploying our AI platform, we were able to continuously monitor their complex network 24x7x365. Their security improvement was dramatic. Our AI-driven service uncovered existing threats in their network, reduced false positives by 80%, reduced incident investigation effort by 50%, reduced their MtTD to 24 hours, and accelerated their threat response by 85%.

How can an enterprise choose the right AI-Driven Cyber Security vendor?

They must recognize this market is busy, competitive, and confusing. To weed out unscrupulous—and ineffective—vendors, they must look for a vendor who utilizes AI to offer Managed Detection (to proactively find threats), Managed Response (to accelerate threat remediation) and their own proprietary AI platform (to make sure the technology is fully integrated into their comprehensive service, and not just pasted on).

With vendors like Paladion in the market, and dedicated governmental efforts underway in Dubai, it has become clear to me there is more to AI than just hype— and that this technology is already critical today.