Man vs. Machine: Investing Your Security BudgetBy Guest Author | Posted 2017-06-01 Email Print
Companies mulling their cyber-security spend should put less weight on employee education and more on advanced solutions—including artificial intelligence.
But let’s face it, even those of us in this 99 percent category have stumbled or been duped to open what appears to be an innocuous email—or visited a website with a brutal payload. And who hasn’t sent an email to the wrong address by accident?
Unlike machines, we humans are complex, vulnerable beings whose brains are often overstressed from the complexity of 21st century life. Expecting that to change is unrealistic.
This is an area where AI is filling that gap by providing realistic, concrete benefits. AI is already being used to identify security threats, investigate the cause of an attack and stop attacks that are just beginning to launch.
AI can also help programmers reduce vulnerabilities in their source code. Developers can run their code through an AI-based engine that tells them if they’re getting closer to better quality, less vulnerable code. That trains the programmers to write more secure code.
Similarly, if a company has already deployed an endpoint solution, AI can be applied to the middle point of a network to watch for malicious and abnormal behavior. This middle point—which connects layers of security between the exploitable surface area of the internet of things (IoT) and the data, assets and services that companies need to protect—is becoming more vulnerable than the endpoints.
Using AI this way makes a lot of sense. Computer systems are not only less error-prone than humans, but they are uniquely designed to focus on aberrations and learn from past mistakes.
The reality is that we could use this AI-based help to stay on top of our systems. The amount of data and velocity, and the number of connections required to monitor and manage the data, continue to grow at an exponential rate. Cisco predicts that the number of connected devices worldwide will grow to 50 billion by 2020. Already, the average company network is grappling with some 10,000 security events a day, prompting alarm fatigue among human administrators.
Clearly, applying AI’s ability to analyze threats, detect patterns from huge amounts of data and make lightning-fast decisions will be an incredible boon to already-overburdened IT departments.
In the case of security, AI will help to protect data and systems, flag anomalies, and prevent the serious and costly damages caused by breaches—regardless of whether or not the breaches are a result of human error.
Rick Grinnell is the founder and managing partner of Glasswing Ventures.