Asia's Source for Enterprise Network Knowledge

Wednesday, May 22nd, 2019


The hype and reality surrounding AI and ML

Bill Smith, Global Vice President, LogRhythm

Machine vs machine. That's the future battleground in cybersecurity. It is a scary thought but the perception that hackers are just people sitting behind the computers is no longer true. Today, just like cybersecurity solution providers, they are also utilising artificial intelligence (AI) and machinelearning (ML) to change their attacks on the fly. Bots, for example, can mimic human behaviour and change their attacks if they are blocked. With AI and ML being the future of hacking and defense, organisations cannot rely on traditional solutions in their cybersecurity strategy if they truly want to stay ahead of hackers. This is also especially critical in the ever-evolving cyberthreat landscape, where time is of essence and an efficient approach is essential for detecting and responding to cyber incidents swiftly.

However, according to a LogRhythm global survey, there is much room to grow when it comes to using AI and/or ML in their cybersecurity strategy. Only 53 percent of companies in Asia-Pacific currently have AI and/or ML in their cybersecurity strategy. And less than a third believe that AI will be a key game changer. Are they correct in thinking that it won't be a major game changer?

In an email interview with Networks Asia,  Bill Smith, Global Vice President, LogRhythm talks about the hype and reality surrounding AI and ML; the difference between true AI and ML and rules-based engines; and critical things that organisations should know about applying AI and ML.

How much of what we’re hearing from vendors around AI/AR and machine learning (ML) is hype and how much is reality? When does one go from ML to AI? We’ve been hearing about reactive IT for a while now, what is different now?

There is indeed a lot of hype around AI and ML. A number of organisations will claim they use AI and ML for cybersecurity but in reality, only employ rules-based engines. Vendors on the other hand could be selling AI and ML-based behavioural anomaly detection for advanced threats, rather than true AI/ML-powered analytics.

Today, only a few technology providers have true capabilities of AI/ML-powered analytics for threat monitoring and detection. In fact, in the evolving cyberthreat landscape, where hackers are smarter and a step ahead, AI and ML must go hand in hand to form the fundamentals of an effective cybersecurity strategy. ML looks at behavioural patterns and learns from them in order to make a prediction about the cybersecurity incident it had picked up. This is essential in enabling organisations to become more accurate in their threat detection – reducing false positives and alarm fatigue. One of the goals for machine learning is to achieve AI. In the context of cybersecurity, AI flags the unexpected, the anomaly, including ones with subtle behavioural shifts, leveraging rich contextual data. 

Very often, AI and ML are used interchangeably. AI/ML-powered analytics put organisations in a more advantageous stance against hackers by becoming more proactive and predictive. At the same time, with cyber threats growing in volume and complexity, AI/ML can handle large volumes of data to be analysed and the environment to be understood. This includes being able to incorporate many types of data sets, from network traffic patterns and application data to records of user authentication attempts and user access to sensitive data. AI/ML advanced threat detection means IT teams can focus on identifying “qualified” threats—those that are legitimate and require action, and therefore target their resources on more high-level decisions, rather than spend long hour monitoring dashboards and investigating every potential threat that surfaces.