AI and machine learning expected to solve security problems

Security professionals believe AI and machine learning are the answers to many of the issues they face.

The Ponemon Institute, on behalf of Hewlett Packard Enterprise subsidiary Aruba, conducted a survey of security professionals. It found the majority of respondents agreed security products with AI features will help reduce false alerts, increase team effectiveness, make investigations more efficient, and will speed up the discovery of and response to stealthy cyberattacks.

According to more than half of the survey respondents, "AI technologies such as [machine learning] and behavioral analytics are essential for detecting attacks on the inside before they can do damage."

For the report, "Closing the IT Security Gap with Automation & AI in the Era of IoT," Ponemon surveyed 3,866 IT and security professionals in Asia, EMEA, North America, Australia, Brazil, Germany, India, Japan, Mexico, Singapore and the United Kingdom.

The perceived need for AI and machine learning technologies is driven by the complications introduced by IoT devices, according to the report. The massive number of internet-connected devices means security teams need to secure a broader scope, and that presents challenges. More than half (66%) of respondents said their organization is "unable to, or [has] just a low ability, to secure their IoT devices and apps." And more than half (51%) agreed visibility is crucial for detecting attacks.

To deal with the challenges provided by IoT device security, 64% of respondents said new technologies such as machine learning are necessary to "discover and understand threats that are active in the IT infrastructure."

While 29% of respondents said machine learning is already in use extensively or partially, another 26% said they plan to implement it in the next 12 months.

"Of those organizations that have ML [machine learning], 30 percent say they acquired a turnkey ML product or engaged a managed service provider (26 percent)," the report noted. "Only 20 percent of respondents say they built their own ML capabilities."

In looking at the expected benefits of using AI and machine learning in enterprises, respondents to the survey said the most significant benefit would be reducing the amount of time and effort needed to investigate an alert.

After that, in descending order of importance, the benefits to security professionals would be the following:

• Reduce the number of false-positive alerts.
• Find attacks before they do damage.
• Automate tasks in the investigation, decision-making and remediation processes.
• Improve coordination between networking, security and operations.

While the study does not go into detail about how exactly AI and machine learning technology would accomplish this or whether there is any data proving it would live up to the expectations, respondents did rate the processes most likely to be automated. The most likely, according to the survey, is attack containment, such as quarantining. Following that, it would be attack remediation, alert investigation, risk scoring and alert prioritization, and forensic data aggregation.