Recently, I visited with the cybersecurity teams at NTT Communications, British Telecom (BT), and DBS Bank. Each has mature, useful, and metrics-driven security solutions.
NTT excels at 24x7 security monitoring. Some of the subtleties of its threat management program are pretty amazing; it feels it can identify characteristics of not only groups of attackers but actual individuals.
BT's incident response capability is second to none, driven partly by its interest in combining red-team and blue-team tactics. These two security teams carefully hone their incident response steps and techniques.
These companies have taken a unique approach in that they are upskilling all dedicated security workers to consider not just the defender's dilemma but also the hacker's dilemma. This means they are not just focused on what happens if the hacker gets past their defenses. Instead, they focus on an attacker's mistakes rather than the mistakes a defender can make.
Enter artificial intelligence (AI) and machine learning
Like many others, these three organizations are looking into the benefits of artificial intelligence (AI). While AI might not be fully ready for prime time, only a fool would look the other way or put their head in the sand regarding how AI might help improve cybersecurity operations.
Why use AI?
CompTIA found that only 29% of today's companies use AI for mission-critical services. The research shows some ways, though, that AI will unlock tremendous potential in the future.
While AI can replace jobs, we'll see AI enhance its capabilities in the foreseeable future. But there are two primary reasons why today's companies want to use AI:
- To automate the collection of Internet of Things (IoT) devices and the huge amount of data they generate.
- To identify problems with how information flows—or doesn't—between business units.
If this is the case, let's consider two common IT job roles: help desk technician and cybersecurity analyst.
AI and the help desk
Recently, I spoke with the team at Dell Computing in India about their use of AI. They use machine learning to triage help desk calls, and it's doing wonders. While AI isn't all that good (right now) at telling the difference between sarcasm and earnestness, it is pretty good at language translation and telling if people are angry. It can pattern math very, very well.
Because AI is good at pattern matching, companies such as Dell, NTT, and others are interested in using AI to quickly identify repetitive patterns. One BT executive told me that while it is unlikely for AI to take away any particular job roles, it is important for today's help desk workers to focus on skills such as troubleshooting, advanced networking, and security. Many of the activities in these three buckets are far less repetitious.
But there's a warning here: if you find yourself repeating a message or screen presented to you quite often, you'll likely need to upskill yourself.
AI and cybersecurity
At RSA San Francisco and Infosecurity Europe, I saw several cybersecurity vendors claim to be using machine learning and AI.
I heard some of the following claims:
- Automated signature enhancement: Security information and event management (SIEM) tools that use machine learning to improve performance and change alerting signatures automatically.
- The ability to make rudimentary threat hunting: Using machine learning techniques, algorithms can run in the background and identify certain patterns by hackers and hacker groups. In the same way Mitre Corporation has identified the threat characteristics of threat actor groups such as FIN 6 and FIN 7, some organizations say they are close to automating this procedure.
The organizations I've been talking to haven't quite bought into these claims, but they're very interested in seeing the promise of these automated solutions becoming real.
A cybersecurity analyst, for example, tends to spend time in three major areas:
- Capturing: Obtaining data from the network or from network hosts.
- Slicing: Breaking data into categories and turning it into useful, trend-based, actionable information—this is the analytics part of the job.
- Dicing: Visualizing this data so that a human being can make a decision
When talking with cybersecurity analysts from organizations such as BT and DBS, they've told me they spend a lot of time tweaking how their security tools capture traffic. They feel that AI and machine learning-based programs can help them free up time because capturing is repetitive. If they can be freed up from capturing traffic, they can spend more time analyzing and visualizing data. This is where humans excel. It's a good example of how AI can free security workers to focus on more important tasks.
I don't want to get ahead of myself here. AI can be used for more than just the help desk and cybersecurity. Nevertheless, today's organizations—large and small—need to make some major considerations.
How do you use AI for IT?
The companies I've talked to about AI seem to be pretty wise. They're slowly looking into the realities of AI. For example, one important thing to consider is that many AI implementations need to be primed and maintained. Let me explain.
Usually, to get machine learning working well, you first must prime the pump with useful information derived from a company's experience. You can't just turn on the programming and hope for the best.
The old computer science truism of "garbage in, garbage out" remains in force. This means that even when we start using automated, intelligent solutions, we'll still need to teach them best practices.
So, even though there are automated pen testing solutions, such as Red Canary, it's still necessary to teach them useful techniques. And those techniques aren't universal—they are based on the organization's specific needs. A healthcare organization will have a different set of practices than, say, a service provider/tech organization such as NTT or BT.
The organizations that I've talked with aren't skeptical about AI, far from it. They simply want to make sure that they have organized themselves properly. After all, if AI and machine learning are forms of automation, it's extremely important that organizations don't automate processes and communications paths that are full of problems. One of the realities, then, is that AI will be implemented once organizations feel they have processes worth automating.
The future of AI and business
It's tempting to ask, "What is the future of AI and business?" But after talking with organizations that are implementing it, I realized it's best to reverse that question.
Today's companies want to be relevant, so they are asking careful questions about AI. The smart companies seem to be asking where they can use AI rather than how AI can use them; the tail can't wag the dog here.
Practical benefits of AI and machine learning: Are they really cost savings?
The companies I've spoken with often cite cost savings as one of the major benefits of using AI. I have to say that this makes me a bit queasy.
Why?
I remember when voice-over IP (VoIP) was going to save money, but it didn't. What it did, though, was improve business communications and enable more efficiencies.
In the long run, this doesn't save money so much as it allows businesses to remain, well, in business. There's a difference here. I feel AI will do much the same thing. It may not save money, but wise implementation will save businesses.
With AI and machine learning, companies will be able to do the following:
- Eliminate repetitive tasks
- Personalize services
- More easily "crunch" data to find useful trends
So, I commend the organizations that are using AI and machine learning. They're neither afraid of it nor naïve or overly enthusiastic. They see the advent of another useful tool that will help them improve processes and create efficiencies. As long as decisions are made without cynicism and with an eye toward improving what humans can do best, what's wrong with that?