By Muhammed Mayet, Senior Solutions Architect, Secureworks

Artificial intelligence (AI) is widely touted as a silver bullet, especially for businesses seeking to cut labor costs.

AI is thus heavily marketed for cybersecurity. After all, few types of talent are as difficult to find and retain as cybersecurity talent.

Analytics in cybersecurity largely entails sorting through the complex datasets generated by the sensors we’ve distributed across our enterprise environments – exactly the type of task AI excels at.

But consider that putting garbage in generates garbage out.

If an AI-based solution is not fed the correct data or utilizes untested algorithms, it could result in cybersecurity teams missing critical threats or an adversary going undetected.

The better approach is to deploy AI in ways that complement your security operations team to make your organisation more secure – rather than buying into the myth that AI will solve all your cybersecurity challenges.

What is AI anyway?

One common source of misunderstanding comes from the term AI itself.

Marketers use AI as a catch-all label for a wide range of algorithmic models that each has very different characteristics and applications.

For example, we should differentiate between artificial narrow intelligence (which we can already apply to specific tasks such as playing chess) and artificial general intelligence (which is still in the research and development phase).

There is also a difference between supervised, unsupervised, semi-supervised, and reinforcement models for machine learning (ML).

This doesn’t mean you have to become an expert in data science. But before you buy any cybersecurity solution that features AI or ML, you should understand what you’re being sold.

Also, when it comes to supervised ML, you should know who’s doing the supervision as well as the type, quantity and quality of data used to train the algorithms.

Is feedback your responsibility because you need your system to better understand the idiosyncrasies of your organisation’s environment?

Is your vendor continuously tuning your system based on evolving threat intelligence and feedback from across all its customer deployments? Or is the feedback model a hybrid one?

Keeping your “I” on the ball

Most critically, it’s essential to not lose sight of your ultimate objective to achieve maximum reduction of your organisation’s exposure to its biggest cybersecurity risks within your current headcount and budget constraints.

Your most effective use of AI will enhance your end-to-end risk reduction supply chain, including:

Sources of threat intelligence

Conversion of that threat intelligence into detection capabilities

Conversion of detections into automated responses and/or alerts to SecOps staff

Actions your SecOps staff can take to nullify discovered threats

Remediations that harden your environment to prevent future breaches

AI can enhance your security operations at multiple points, from threat detection, investigation and automated response action.

What it can’t do is make up for weak links that only your team and your partners can strengthen.

Don’t make the mistake of relying only on a bot to do a human’s job. Do apply AI where it can help your people work smarter and get better results.

Like all of your other security controls, AI is another tool in your toolbox. You choose how to use it.

Click here to learn more about Secureworks.