decrypting myths
De-bunking
AI cybersecurity
myths
Artificial Intelligence is widely
perceived as ‘the next big
thing’ in cybersecurity. But with
many providers attempting
to jump on board and jostle
to use the latest industry
buzzword, services are being
incorrectly marketed as ‘AI-
based’, leading to much
confusion. Neil Kell, Director
of Evolve Secure Solutions,
part of the CSI group, de-
bunks the numerous myths that
exist around AI-based security
to leave a clearer picture of
current capabilities as well as
where it will lead security in
the not too distant future.
W
Myth one: Many providers
are already offering AI-based
cybersecurity services
Some security providers are genuinely
leading the way with AI-based services,
especially those commonly referred to as
native AI companies, but the reality is that
many are still using traditional security
techniques and presenting it as AI in a
bid to use the latest marketing buzzword.
Many providers are actually presenting
traditional rule-based analysis as AI. AI
enables you to continually improve, based
on the data sets it learns from. A good
way to judge it is to look at how often
you’re getting an update on the learning.
These should be regular so that you
get to see the benefits from what has
been learned elsewhere. If there’s no
evidence of updates, the chances are
that the product is a standard rule-based
analysis offering that’s been available
over the past 15 years or so.
As an industry product set, in truth,
we’re still at an early stage on our AI
www.intelligentciso.com
|
Issue 17
journey. At this point, AI is narrow; it is
effective at behavioural analysis in the
technical environment and at endpoint
security, but we’re not yet at the stage
of AI being fully integrated across the
enterprise and we are a long way from
it being autonomous and not requiring
human intervention.
There is also the issue relating to the
number of false positives being flagged
by AI, but this is mainly due to the
datasets available for AI to learn from. As
the quality of the data improves, so too
does the accuracy of AI.
Myth two: Traditional anti-virus
protection will no longer keep
your organisation safe
Malware can still be mitigated by
established anti-virus signature-based
mechanisms. In fact, thousands of
signature-based technologies are still
being sold worldwide. A thorough risk
assessment of the organisation will
determine whether you need to invest in
AI now or not. Eventually, all malware will
be detected by AI-based analysis, but
67