AI Should Not Replace Established Security Practices

Here is an interesting article from my colleague Joe Kim, in which he discusses the impact of artificial intelligence on cybersecurity.   Agencies are turning to artificial intelligence (AI) and machine learning to bolster the United States’ cybersecurity posture.   Agencies are dealing with enormous amounts of data and network traffic from many different sources, including on-premises and from hosted infrastructures—and sometimes a combination of both. Humans can’t sift through this massive amount of information, which makes managing security a task that cannot be exclusively handled manually.   AI alleviates many of these challenges. Machines can automatically comb through millions of packets of information and detect suspicious behavior. The more data these machines analyze, the more intelligent they become, and the better they are at noticing, predicting, and preventing security breaches.   But while AI offers many great benefits, it should not be considered a replacement for human intervention or existing network monitoring tools. Instead, AI should complement and support the people and tools that agencies are already using to keep their networks safe.   The human factor remains critical   The cyber threat landscape continues to change rapidly, and some aspects of that landscape require human intervention now more than ever before. Respondents to our Federal Cybersecurity Survey indicated a wide range of threat sources, from foreign governments to hackers, terrorists and, beyond.   The biggest threat, though, appears to come from careless or untrained insiders, with 54 percent of respondents listing them as their top concern. This point exemplifies why people still very much matter when it comes to cybersecurity. Even though machines and systems can be highly effective at preventing suspicious behavior, they are not great at training staff to adhere to agency policies or practice strong overall security hygiene.   Of course, AI can certainly help prevent malicious or careless insiders from doing damage. Automatic detection of suspicious activity and immediate alerts can help managers respond more quickly to potential threats. It can also be used to fill in gaps resulting from the lack of human resources or security training, and significantly decrease the time it takes to analyze data. As such, AI can reduce attack identification and response times from days to hours or even minutes.   Even so, humans will still be needed to react to and implement those responses. They remain a critical piece of the cybersecurity puzzle.   Traditional monitoring solutions are still vital   Just as humans will continue to play an important role in network security in the age of AI, tools such as security information and event management (SIEM) systems, network configuration management and user device monitoring programs should remain a foundational element of agencies’ initiatives. These solutions supplement AI by extracting information from the constant noise, allowing managers to focus on truly critical issues and pinpoint security threats.   Like AI tools, traditional network monitoring programs can analyze huge amounts of data. They complement this ability with continuous monitoring of user activity and network devices and provide automated threat intelligence alerts along with contextual information to help managers act on that information. Indeed, our survey indicated that these tools continue to play a significant role in keeping networks protected; for example, 44 percent of respondents using some form of device protection solution stated they are able to detect rogue devices within minutes.   In short, while AI is extremely useful, it should not be used exclusively. Instead, agencies should plan on augmenting existing best practices and the abilities of their staff with AI. Because although AI is good and here to stay, it’s the use of tried and true resources that will continue to lift up the machines as they rise.   Find the full article on SIGNAL.