Performance Review: AI in Cybersecurity

Written by Pam Baker
May 1, 2019

AI is the latest rage in cybersecurity, but is it living up to expectations?

Artificial Intelligence (AI) is all the rage in cybersecurity software. However, when vendors say AI, they usually mean a subset of it. Most commonly they mean machine learning (ML), but sometimes it’s deep learning (DL). The details are confusing, so the marketing folks just call it all AI and leave the inner technical workings shrouded in mystery. But now it’s time to evaluate whether “AI” in cybersecurity is meeting expectations and living up to the marketing buzz.

In order to know whether AI is living up to expectations and delivering the goods as ordered, it’s important to check first and see what you actually have under the hood.

What the Tech Is That?

Carbon Black’s Rick McElroy

“Conceptually, AI is a very sexy topic but the reality is that very little AI is present in most security applications,” says Rick McElroy, head of security strategy at Carbon Black. “Simply rebranding machine learning as AI doesn’t solve the shortcomings of the existing technology.”

Unfortunately, some claims of “AI inside” are more than a rebranding effort and more than a tad misleading.

“As an investor I see this kind of behavior all the time — early-stage companies claim to have AI, but basic diligence proves that to be false. Yet, they’re still able to raise huge amounts of venture capital. A recent VC study (page 99) found that 40% of startups that claimed to have AI were lying,” said William Peteroy, Security CTO at Gigamon, a provider of network security.

The confusion and downright subterfuge of some vendors are off-putting to many buyers and users.

“I’m most excited by some of the newer approaches that are more transparent about how they leverage expert systems which I feel have a stronger probability of driving good outcomes for consumers than machine learning-based approaches,” Peteroy added.

But there is nothing to be gained by judging the real thing by its counterfeits. If you’re not seeing good results from your AI- or ML-based software, perhaps you should first check to see if you bought the actual thing or a pricey knock-off.

“Machine learning/AI technologies have been influencing information security for a long time. Spam detection or preventing fraudulent transactions are just two of many examples of successful AI applications in security,” says Leigh-Anne Galloway, cybersecurity resilience lead at Positive Technologies.

“Statistical learning and ML models are becoming the cornerstone of a wide range of new security products like next-generation antivirus (NGAV) or next-generation firewall (NGFW) products. The main reason for this is that there is no shortage of data to learn from and statistical models have become tremendously good at learning,” Galloway added.

Remember in your evaluations that not all AI/ML is created alike. Some is brand-new, and some is not. However, the only thing that matters is if it works.

“What we are calling AI today in most solutions is machine learning algorithms invented years ago, and commercially viable today because of the compute resources available now. There is still a large amount of algorithmic innovation to come,” says Rick Grinnell, Founder and Managing Partner at Glasswing Ventures.