Does Cybersecurity Have a Future Without AI?

Weekly managed security insight from Shiv Singh, CISSP , CEO of LINEARSTACK .

Artificial intelligence (AI) is an exciting business, economic, and technical capability organizations cannot seem to get enough of when considering their organization's risk from the latest changes in the cyber threat landscape. This disruptive capability has several use cases, including increasing cybersecurity response capabilities to help prevent advanced persistent threats.

The role of AI within cybersecurity is a Two-Fold Discussion.

Security operations teams continue to upgrade their existing security adaptive control layers with AI-embedded capabilities. These adaptive controls include cloud-based email security, intrusion prevention, and layer 7 web application firewalls. Security solution providers, including Imperva, Cisco Systems, Microsoft, Palo Alto Networks, and Thales, have significantly invested in AI and machine learning (ML) in their various solutions, including security automation, deep visibility to help with the response to cybersecurity threats, and using behavior analytics to detect never seen potential threats.

What role does a managed security service provider (MSSP) play in assisting clients with the cybersecurity AI strategy? MSSPs hold many vendor certifications from the major solution providers. Many of their engineers have expertise in AI and ML capabilities. AI presents opportunities for MSSPs to expand their service offerings around AI-enabled security operation centers, next-generation intrusion prevention systems, and advanced threat intelligence from their Large Learning Models (LLM) and Natural Language Processing (NLP) datasets.

What is the Role of AI in Cybersecurity?

A successful AI program within an organization requires talent, financial capital, and executive sponsorship. Some of these challenges to AI, include the following:

·?????? Misguided expectations of what AI is and how it works

·?????? The misunderstanding of the cost of AI

·?????? Confusion around AI delivering a return on investment (ROI)

Understanding What AI is Expected to Deliver.

AI delivers insight and trends by processing structured and unstructured data through the LLM and NLP. The output gives organizations valuable information, including detecting complex behavior-based cybersecurity attacks within a predictive analytics model. Chief information security officers (CISOs) recognize the value of AI by moving the security strategy from reactionary to proactive protection.

Another critical piece in setting expectations regarding AI is time and investment. LLMs take several weeks to several months to process the data. The computing costs to process LLMs are costly. Depending on the amount of information being processed, some LLMs could cost the organization thousands or even millions of dollars. Companies like Databricks and Snowflake are creating cost-effective solutions within their cloud instances, and Lakehouse's are much lower points to give clients the needed resources to develop custom LLMs.

The cost of an AI investment could be broken out into several sub-areas, including:

·?????? Cost of LLM processing, including cloud computing and Lakehouse/data storage.

·?????? Cost of talent, including keeping data scientists and data analytics engineers.

·?????? Cost to migrate to AI-powered cybersecurity solutions.

The cost of AI is expensive. However, organizations expect this investment to help reduce costs in several areas to help balance the financials. AI can help save the company in the following ways:

·?????? Security Operations and Automation- AI can help detect and respond faster to cybersecurity with predictive behavior analytics. This advancement will reduce the cost per cyber-attack, resulting in lower cybersecurity insurance premiums and fines.

·?????? Back-office Repetitive Processes - AI is critical in reducing and automating repetitive tasks in several back-office areas, including human capital management, finance, talent recruitment, and purchasing.

·?????? Software Development - CoPilot AI continues to be a highly effective means of developing new source code. CoPilot provides code suggestions to application developers. This capability has improved software development by 30% and completed more tasks in less time. CoPilot also has improved product quality along with automation remediation capabilities.

These financial success factors help organizations develop cost models to help set the correct financial expectation of AI.

Ultimately, cybersecurity will not exist without AI, even with unrealistic expectations and out-of-control cost models.

#AI #ML #Cybersecurity #SecOps #managedsecurity #NOC #SOC #NDR #MDR #XDR #automation #goverance #regulation #services #accountability #Costmodeling