September 10, 2020
September 10, 2020
Contributor: Taylor Lee
By asking the right questions, CISOs can decide whether adding artificial intelligence (AI) to improve security makes sense.
The hype around artificial intelligence (AI) has led to exaggerated expectations. For security leaders, the reality is that current AI technology, including machine learning (ML) techniques, can augment security capabilities. In the area of anomaly detection and security analytics, humans working with AI accomplish much more than without it. And while not risk-free, AI within security is more likely to create jobs rather than eliminate them.
However, simpler solutions can be as effective and cost less. And AI solutions for security can still be immature technologies. Given current technology restraints, AI should be an addition to existing security practices rather than a complete solution.
CISOs should ask these five questions before investing in the technology for their security programs:
One major challenge surrounding AI is the hype. Buzzwords like “next-generation” and “holistic approach” make big promises but most likely just mean “our latest release” and “multifunction.” Security and risk (SRM) leaders and teams must be savvy about marketing and the myths that exist in the AI world.
Focus on the actual benefits of the technology rather than rely on vendor claims or assumptions. It is key that security teams understand the basics about AI to assess how the technology might reasonably help security strategy.
Read more: Gartner Top 9 Security and Risk Trends for 2020
The promise of AI technology is that it will process data and apply analytics much better than human teams. Improved automation and data analytics applied to security analytics and infrastructure protection offer to:
Find more attacks
Reduce false alerts
Perform faster detect-and-respond functions
The CISO should take the lead in establishing what the organization requires and how AI can assist in that. CISOs should also set reasonable expectations for what AI can realistically provide and select projects based on areas where AI can have the greatest impact.
Read more: Security Experts Must Connect Cybersecurity to Business Outcomes
Recognize that the technology is not mature and continue to treat AI offerings as experimental, complementary controls. “AI as a feature” is applied on existing platforms across a variety of key initiatives, including:
Although AI has a coolness factor, other existing solutions can achieve similar results. Understand the risks of a new solution and how the AI offering will outperform what the team is already using. Some questions for vendors include:
Depending on the answers, leaders may decide the costs and risks outweigh the benefits and decide to skip the extra expense.
AI might require additional roles or skill sets. Competition for these new skills is fierce, and finding “data security scientists” or “threat hunters” can be challenging. Because skills are constantly evolving, it can be more productive to focus on hiring people with trainable traits like digital dexterity, innovation and business acumen. Consider how to approach talent and skills gaps before purchase.
CISOs armed with the answers to these questions will be better prepared to decide whether and how to invest in AI.
Connect with the world’s leading security and risk management leaders with Gartner experts to establish an agile security program and deliver business value.
Recommended resources for Gartner clients*:
5 Questions That CISOs Must Answer Before Adopting Artificial Intelligence, by Jeremy D'Hoinne, et al.
*Note that some documents may not be available to all Gartner clients.