The benefits and limitations of AI in cybersecurity

Today’s AI cannot replace humans in cybersecurity but shows promise for driving efficiency and addressing talent shortage, a new report by ​ProtectWise has shown.

Penetration of AI-enabled security products based on number of security alerts received on a typical day

Conducted by Osterman Research, the study explores usage trends and sentiments toward AI among more than 400 U.S. security analysts in organizations with 1000 or more employees.

Key takeaways

Nearly three quarters of respondents have already implemented at least one product that uses AI, but findings uncovered mixed results and a learning curve that needs to be addressed in order to use AI at higher levels of sophistication and effectiveness.

“​A lot of hype and confusion exists around AI and its role in the cybersecurity industry​,” said Gene Stevens, CTO, ProtectWise. “In its current state, ​AI is a tool for driving efficiencies and addressing staffing needs, but it is not going to replace human intelligence any time soon. AI is well positioned today to create machine-accelerated humans: an army of hunters and responders who use a wide array of expert systems to help unearth and prioritize critical threats. In the future, AI will only become more valuable as the industry develops products that ​improve ease of use and capitalize on AI’s efficiency differentiators​.”

Top findings from the report include:

• AI is already widely adopted – ​AI has already established a strong foothold, with 73 percent of respondents reporting they have implemented security products that incorporate at least some aspect of AI. Most organizations find AI’s ability to improve the efficiency of security staff members and make investigation of alerts faster as top priorities. Organizations with a higher proportion of AI-enabled security products are larger than those with less AI, and they have larger security teams.
• Executives, not the people who manage security, are the biggest advocates for AI – Fifty-five percent of respondents suggested that the strongest advocates for AI-based security products in their organization are IT executives, while 38 percent identified non-IT executives as the biggest internal champion.
• AI is yielding some real benefits – Overall, 60 percent of organizations perceive that AI makes investigations of alerts faster and the same proportion consider that AI improves the efficiency of their security staff. Moreover, nearly one-half of organizations view AI as beneficial for automating initial triage and for optimizing threat identification.
• AI-powered security products are weighed down by mixed results post deployment – ​According to respondents:​ ​46 percent agree that rules creation and implementation are burdensome; and 25 percent said that they do NOT plan to implement additional AI-enabled security solutions in the future
• There is still work to do. ​More than half of all respondents believe that: AI doesn’t stop zero-days and advanced threats (61 percent); it focuses more on malware than exploits (51 percent); it delivers inaccurate results (54 percent); it’s difficult to use (42 percent); and AI-based products are more expensive than traditional ones (71 percent). The most important differentiator for AI-enabled security products when compared to traditional security products is their ability to automatically block threats, while automatic remediation or isolation is viewed as the least important feature of AI-enabled products.

“All of these findings imply that AI is still in its early stages and we have yet to see its full potential,” said Michael Osterman, principal analyst of Osterman Research. “But AI-based products offer significant promise for improving the speed of processing alerts and that it might at least be a ‘silver-plated’ bullet in addressing the cybersecurity skills shortage.”