​Will Artificial Intelligence Bring Smarter Security?

IT professionals say automated tools can help protect their organization's networks against modern attacks.

Comments Views

​Can artificial intelligence (AI) close the IT security gap? Most respondents to a global Ponemon Institute study are hoping it can.

These IT and IT security professionals say AI, machine learning, and behavioral analytics are essential to detecting today's dynamic threats to computer applications and networks, according to Closing the IT Security Gap With Automation and AI in the Era of IoT. The report based on a survey of 3,800 respondents is sponsored by Santa Clara, Calif.-based networking company Aruba.

Simply put, businesses aren't able to stop advanced, targeted attacks, says Ponemon Chairman Larry Ponemon. "Against this backdrop, AI-based security tools, which can automate tasks and free IT personnel to manage other aspects of a security program, were viewed as critical for helping businesses keep up with increasing threat levels," he says.

Minding the Gap

Top Cyber Threats

According to a Tech Republic article, North America-based IT and security managers polled by Osterman Research say the top security threats they face are:

  • Ransomware attacks.
  • Breach of sensitive data.
  • Phishing attacks.
  • Malware infiltration.
  • Targeted attacks.
  • Shadow IT and employees using unauthorized cloud applications and services.
  • Endpoints compromised by botnets.
  • Cryptocurrency mining malware installed on PCs and servers.
  • Use of computer processing units by cryptocurrency miners when users visit websites.
  • Employees who visit websites that violate company policies.

The security gap is about technology, processes, and people, the report notes. Two-thirds of respondents say their security team can't see and control all of the users and devices that are connected to their IT infrastructure. This includes mobile devices, the Internet of Things (IoT), and personal devices.

At the same time, 62 percent say attackers could break through gaps in their organization's IT security infrastructure. Only 38 percent are confident the organization could detect attacks against the IT infrastructure before they caused a breach. Nearly half say mobile, personal devices, cloud, and IoT are difficult to defend, and the organization lacks a security staff with skills comparable to those of today's attackers.

More than anything, inability to secure IoT devices and apps is a problem, making them a prime entry point for attacks. Just one-fourth say their IoT devices are well-secured. Most say their organization needs the ability to continuously monitor each IoT device to spot trouble early.

Smarter Defenses

What is needed to bridge the IT security gap are automated technologies that can discover and understand threats, respondents say. In particular, organizations need tools that can see all the endpoints and applications on their network. Respondents say such tools should be able to monitor privileged users, perform security information and event management, provide user and entity behavior analytics, and analyze network traffic.

One great hope is AI-based technologies. Most respondents say AI can find attacks before they do damage. Respondents say these tools can make security teams more effective, facilitate efficient investigations, and locate security threats that have gotten through the organization's defenses.

The most important capabilities of automated tools include reducing the time and effort needed to investigate an alert, reducing the number of false positives that must be investigated, finding attacks before they do damage, and automating key tasks during investigations and remediation. Respondents also want the tools to improve coordination among networking, operations, and security teams.

Despite that hope, only 29 percent currently are using machine learning in their IT infrastructure. That may change soon. One-fourth plan to implement machine learning within the next year, and one-fifth plan to do so in the following year. Processes most likely to be automated include containing and remedying attacks, investigating alerts, risk scoring and prioritizing risks, and aggregating forensic data.

Tim McCollum
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to remove comments.

About the Author



Tim McCollumTim McCollum<p>​​​​Tim McCollum is <em>Internal Auditor</em> magazine's associate managing editor.​​</p>https://iaonline.theiia.org/authors/Pages/Tim-McCollum.aspx


Comment on this article

comments powered by Disqus
  • CAE-OnRisk-January-2021-Premium-1
  • CIALS-January-2021-Premium-2