Recently I visited with the cybersecurity teams at NTT Communications, British Telecom (BT) and DBS Bank. Each has mature, useful and metrics-driven security solutions.
NTT excels at 24x7 security monitoring. Some of the subtleties of its threat management program are pretty amazing; it feels it can identify characteristics of not only groups of attackers, but actual individuals.
BT has an incident response capability that is second to none, driven partly by its interest in combining red team and blue team tactics. These two security teams carefully hone their incident response steps and techniques.
All of these companies have taken a unique approach, in that they are upskilling all dedicated security workers to consider not just the defender’s dilemma, but also the hacker’s dilemma. This means they are not just focused on what happens if the hacker gets past their defenses. They’re focused, instead, on the mistakes an attacker makes, rather than the mistakes a defender can make.
Enter Artificial Intelligence (AI) and Machine Learning
Like many others, these three organizations are looking into the benefits of Artificial Intelligence (AI). While AI might not be fully ready for prime time, only a fool would look the other way or put their head in the sand when it comes to how AI might be able to help improve cybersecurity operations.
Why Use AI?
In the study Emerging Business Opportunities in AI, CompTIA found that only 29% of today’s companies are using AI for mission-critical services. The research shows some of the ways, though, that AI will unlock tremendous potential moving forward.
I’ve been lucky enough to interview a few people about future technologies, including automation and AI. For example, at the CompTIA Communities and Councils Forum (CCF), I interviewed Smith.AI’s Maddy Martin and CrushBank’s David Tan about how AI is being used today. (You can also watch that conversation on our YouTube Channel.)
Both Maddy and David were adamant: While AI can possibly replace jobs, for the foreseeable future, we’ll see AI enhance capabilities. But, there are a few things to consider.
There are two primary reasons why today’s companies want to use AI:
- To automate the collection of internet of things (IoT) devices and the huge amount of data that they generate.
- To identify problems with how information flows – or doesn’t – between business units.
If this is the case, let’s take two common IT job roles into consideration: help desk technician and cybersecurity analyst.
AI and the Help Desk
Recently, I spoke with the team at Dell Computing in India about their use of AI. They use machine learning to triage help desk calls, and its doing wonders. While AI isn’t all that good (right now) when it comes to telling the difference between sarcasm and earnestness, it is pretty good at language translation and telling if people are angry. It can pattern math very, very well.
Because AI is good at pattern matching, companies such as Dell, NTT and others are very interested in using AI to quickly identify any repetitive patterns. One BT executive told me that while it is unlikely for AI to take away any particular job roles yet, it is important for today’s help desk workers to focus on skills such as troubleshooting, advanced networking and security. Many of the activities in these three buckets are far less repetitious.
But, there’s a warning, here: if you find yourself repeating a message or screen presented to you quite often, chances are you’ll need to upskill yourself.
AI and Cybersecurity
At both RSA San Francisco and Infosecurity Europe, I saw quite a few cybersecurity vendors claim they were using machine learning and AI.
I heard some of the following claims:
- Automated signature enhancement: Security information and event management (SIEM) tools that use machine learning to automatically improve performance and change alerting signatures.
- The ability to do rudimentary threat hunting: Using machine learning techniques, algorithms can run in the background and identify certain patterns made by hackers and hacker groups. In the same way that, say, Mitre Corporation, has been able to identify the threat characteristics of threat actor groups such as FIN 6 and FIN 7, some organizations say they are close to automating this procedure.
The organizations I’ve been talking to haven’t quite bought into these claims, but they’re very interested in seeing the promise of these automated solutions becoming real.
A cybersecurity analyst, for example, tends to spend time in three major areas:
- Capturing: Obtaining data from the network or from network hosts
- Slicing: Breaking data into categories and turning it into useful trend-based, actionable information – this is the analytics part of the job
- Dicing: Visualizing this data so that a human being can make a decision
When talking with cybersecurity analysts from organizations such as BT and DBS, they’ve told me they spend a lot of time tweaking how their security tools capture traffic. They feel that AI and machine learning–based programs can help them free up time, because capturing is a very repetitive thing. If they can be freed up from capturing traffic, they can spend more time analyzing and visualizing data. This is where humans excel. It’s a pretty good example of how AI can free up security workers to focus on more important tasks.
I don’t want to get ahead of myself, here. AI can be used for far more things than just the help desk and cybersecurity. Nevertheless, there are some major considerations that today’s organizations – large and small – need to consider.
How Do You Use AI For IT?
The companies I’ve talked to concerning AI seem to be pretty wise. They’re slowly looking into the realities of AI. For example, one of the important things to consider is that many AI implementations need to be primed and maintained. Let me explain.
Usually, to get machine learning working well, you first must prime the pump with useful information derived from a company’s experience. You can’t just turn on the programming and hope for the best.
The old computer science truism of “garbage in, garbage out” remains in force. This means that even when we start using automated, intelligent solutions, we’ll still need to teach them best practices.
So, even though there are automated pen testing solutions, such as Red Canary, it’s still necessary to teach them useful techniques. And those techniques aren’t universal – they are based on the organization’s specific needs. A health care organization will have a different set of practices than, say, a service provider/tech organization such as NTT or BT.
The organizations that I’ve talked with aren’t skeptical about AI. Far from it. They simply want to make sure that they have organized themselves properly. After all, if AI and machine learning are really forms of automation, it’s extremely important that organizations don’t automate processes and communications paths that are full of problems. One of the realities, then, is that AI will be implemented once organizations feel they have processes that are worth automating.
The Future of AI and Business
It’s tempting to ask the question, “What is the future of AI and business?” But after talking with organizations who are implementing it, it’s best to reverse that question.
Today’s companies want to be relevant, so they are asking careful questions about AI. The smart companies seem to be asking where they can use AI, rather than how AI can use them; the tail can’t wag the dog, here.
Want to learn more about the future of AI?
Check out the study, Emerging Business Opportunities in AI.
Practical Benefits of AI and Machine Learning: Is It Really Cost Savings?
The companies I’ve spoken with often cite cost savings as one of the major benefits of using AI. I have to say that this makes me a bit queasy.
Because I remember when voice over IP (VoIP) was going to save money. It really didn’t. What it did, though, was improve business communications and enable more efficiencies.
In the long run, this doesn’t save money so much as allow businesses to remain, well, in business. There’s a difference, here. I feel AI will do much the same thing. It may not save money, but wise implementation will save businesses.
With AI and machine learning, companies will be able to do the following:
- Eliminate repetitive tasks
- Personalize services
- More easily “crunch” data to find useful trends
So, I commend the organizations that are using AI and machine learning. They’re neither afraid of it, nor are they being naïve or overly enthusiastic. They see the advent of another useful tool that will help them improve processes and create efficiencies. As long as decisions are made without cynicism, and with an eye toward improving what humans can do best, what’s wrong with that?
More About AI
Read more in these reports from CompTIA: