The hype around artificial intelligence (AI) has led to exaggerated expectations. For security leaders, the reality is that current AI technology, including machine learning (ML) techniques, can augment security capabilities. In the area of anomaly detection and security analytics, humans working with AI accomplish much more than without it. And while not risk-free, AI within security is more likely to create jobs rather than eliminate them.
However, simpler solutions can be as effective and cost less. And AI solutions for security can still be immature technologies. Given current technology restraints, AI should be an addition to existing security practices rather than a complete solution.
CISOs should ask these five questions before investing in the technology for their security programs:
1. What should CISOs and their teams know about AI?
One major challenge surrounding AI is the hype. Buzzwords like “next-generation” and “holistic approach” make big promises but most likely just mean “our latest release” and “multifunction.” Security and risk (SRM) leaders and teams must be savvy about marketing and the myths that exist in the AI world.
Focus on the actual benefits of the technology rather than rely on vendor claims or assumptions. It is key that security teams understand the basics about AI to assess how the technology might reasonably help security strategy.
2. What is AI’s impact on SRM?
The promise of AI technology is that it will process data and apply analytics much better than human teams. Improved automation and data analytics applied to security analytics and infrastructure protection offer to:
Find more attacks
Reduce false alerts
Perform faster detect-and-respond functions
The CISO should take the lead in establishing what the organization requires and how AI can assist in that. CISOs should also set reasonable expectations for what AI can realistically provide and select projects based on areas where AI can have the greatest impact.
3. What is the state of AI in security?
Recognize that the technology is not mature and continue to treat AI offerings as experimental, complementary controls. “AI as a feature” is applied on existing platforms across a variety of key initiatives, including:
- Threat and anomaly detection
- Identity analytics and fraud detection
- Compliance and privacy risk management
- Bot mitigation
- Data discovery and categorization
- Asset discovery
- Policy automation
- Security orchestration
4. What should CISOs ask vendors about AI security?
Although AI has a coolness factor, other existing solutions can achieve similar results. Understand the risks of a new solution and how the AI offering will outperform what the team is already using. Some questions for vendors include:
- How can we view/control data used by the solution?
- Does the solution send data outside of our organization (call home)?
- What are the relevant security and performance metrics to measure the results from AI?
- Are there peer reviews of the solution?
- How much staff and time are required to maintain the solution?
- How does your solution integrate into our enterprise workflow?
- Does your solution integrate with third-party security solutions?
Depending on the answers, leaders may decide the costs and risks outweigh the benefits and decide to skip the extra expense.
5. How does AI impact your workforce strategy?
AI might require additional roles or skill sets. Competition for these new skills is fierce, and finding “data security scientists” or “threat hunters” can be challenging. Because skills are constantly evolving, it can be more productive to focus on hiring people with trainable traits like digital dexterity, innovation and business acumen. Consider how to approach talent and skills gaps before purchase.
CISOs armed with the answers to these questions will be better prepared to decide whether and how to invest in AI.