How AI is shaping the cybersecurity arms race

The average business receives 10,000 alerts every day from the various software tools it uses to monitor for intruders, malware and other threats. Cybersecurity staff often find themselves inundated with data they need to sort through to manage their cyber defenses.

The stakes are high. Cyberattacks are increasing and affect thousands of organizations and millions of people in the U.S. alone.

These challenges underscore the need for better ways to stem the tide of cyber-breaches. Artificial intelligence is particularly well suited to finding patterns in huge amounts of data. As a researcher who studies AI and cybersecurity, I find that AI is emerging as a much-needed tool in the cybersecurity toolkit.

Helping humans

There are two main ways AI is bolstering cybersecurity. First, AI can help automate many tasks that a human analyst would often handle manually. These include automatically detecting unknown workstations, servers, code repositories and other hardware and software on a network. It can also determine how best to allocate security defenses. These are data-intensive tasks, and AI has the potential to sift through terabytes of data much more efficiently and effectively than a human could ever do.

Second, AI can help detect patterns within large quantities of data that human analysts can’t see. For example, AI could detect the key linguistic patterns of hackers posting emerging threats in the dark web and alert analysts.

More specifically, AI-enabled analytics can help discern the jargon and code words hackers develop to refer to their new tools, techniques and procedures. One example is using the name Mirai to mean botnet. Hackers developed the term to hide the botnet topic from law enforcement and cyberthreat intelligence professionals.

Read more