In recent years, artificial intelligence (AI) and machine learning (ML) has become increasingly popular as enterprises continue on their digital transformation journeys. For cybersecurity professionals, the technologies have become especially important when evaluating how security teams implement AI/ML systems and how they can best establish them in their current organizations.
To gain a new insight, Digital Journal spoke with Sam Babic, chief innovation officer at Hyland (a content services provider) outlining what organizations should look out for when implementing enterprise security artificial intelligence and machine learning.
Digital Journal: What benefits does AI bring to enterprise security tools and platforms?
Sam Babic: It lets you look at data at scale across multiple systems. The security insights might not necessarily come from a single system; instead, the “signal” you are looking for when detecting an intrusion might be an aggregate across systems. The amount of data is massive and requires AI to be able to interpret this data. Some systems, especially cloud-based security systems, can leverage training across multiple customers and multiple industries, effectively learning from the cumulative knowledge of a given vendor’s customer base, potentially even tailored to a particular industry. For example, machine learning models detecting malicious activity at a bank may look different than models for a healthcare provider.
DJ: How does AI help to augment human defenders?
Babic: Like the above question, it helps do this at scale. The human defenders could train and improve the system, however. Even in scenarios that may initially be missed by AI, the human defender can help augment that. If you push this training ability down to end users — by allowing them to report a phishing email that made it through the detection system, for example — you now have the power of all your employees training the AI on phishing emails. So, the combination of humans and machines becomes a force multiplier. Especially in today’s environment, it is required due to the massive scale of attacks and the ability for those attacks to be automated.
DJ: What are common mistakes enterprises make when implementing AI?
Babic: With respect to implementing AI for security, AI should just be one facet of how an organization implements security, risk and compliance. An organization should never position solutions like these as the one-stop shop. It is one of many strategies that when taken together, create the security blanket. Or rather security quilt, where each piece of the quilt is another strategy or technology implemented that works in tandem with the other strategies to provide coverage to your organization.
DJ: How do CISOs vet the claims of AI/ML vendor capabilities?
Babic: CISOs and people in their direct organization may not be data scientists, but their organization may have some data scientists or data science knowledge that can be pulled in during the procurement process. They can also take advantage of information security consultants that offer full-service consulting, but that have no stake in any one vendor product to help in the selection process. They can also take advantage of analyst reports and analyst inquiries to learn more about a particular vendor and its strengths and weaknesses.
DJ: Are there ways to test capabilities and results?
Babic: Many vendors are now cloud-based, so the barrier to testing these capabilities is reduced. Some may even offer pilot or trial periods. Cloud-based vendors also have the benefit of seeing data across multiple customers and multiple industries to help inform and monitor their machine learning models, thereby providing benefits to all their customers. You can utilize in-house or third-party penetration testers (or ideally both) to simulate malicious activity and verify if the tool is detecting these malicious signals within the data of user activity.
DJ: What are some of the common ways enterprise security teams should approach AI/ML implementations?
Babic: They should assess these implementations alongside the existing corporate strategy for security and understand where the current gaps are and how AI/ML implementations fill those gaps. As per above, they should be wary of a one-size-fits-all approach and even where vendors promise the world, it may be worth proceeding with caution and validating these capabilities. There may even be circumstances depending on an organization’s risk tolerance where they utilize more than one tool to accomplish the task. Highly secure organizations may choose to implement multiple overlapping AI/ML implementations. This certainly comes at a greater cost, but may be a requirement for their organization and the industry they operate in.
