For or against artificial intelligence?

The trend of artificial intelligence deciphered in 7 questions that all companies must ask themselves today.

Artificial intelligence is the technology of the moment. Here are 7 points that will allow companies to better understand this new type of software.

How to explain the current interest of the security sector for AI?

Two more or less concurrent factors have contributed to the increased interest in artificial intelligence (AI) in the field of security. First of all, big data technology has become widespread and has become accessible to as many people as possible. Calculation is no longer the prerogative of major players in the new technologies sector and research institutes. The increase in computing power, especially through cost-effective cloud solutions and easy-to-use tools, has enabled a much wider range of users to apply sophisticated machine learning and artificial intelligence algorithms to solve their problems.

At the same time, companies and security solutions vendors have realized how difficult it is to fight against cybercriminals, who are constantly able to find new ways to infiltrate corporate networks without being detected. For IT teams, updating predefined rules and creating new ones is an extremely expensive and unsustainable solution to specific threats. According to a recent study conducted by the Ponemon Institute, the human costs associated with the implementation and regular maintenance of a SIEM amount to an average of $1.78 million per year for companies. Hence the frustration felt by IT teams who favor solutions requiring the least customization and adjustments possible, and equipped with a self-learning capacity.

What are the main advantages of artificial intelligence technologies?

AI offers two main advantages. First, most AI and machine learning solutions are self-adaptive, and require little customization and maintenance. They analyze how things are going in a given environment and adapt to the situation. They also lead to a significant reduction in maintenance costs.

Second, they are able to detect problems and attacks that they have not been explicitly programmed to identify. This is what we call "unknown" threats. Professionals within companies can thus hope to stay one step ahead of attackers in the game of cat and mouse that is security.

What are the main concerns about adopting AI?

These algorithms make more nuanced decisions than the rules we're all used to. The question is no longer whether something is allowed or not, or whether an action is malicious or harmless. We are entering a universe of probabilities and thresholds.

Moreover, there is very often a clear gap between the mode of operation of an algorithm and our ability to understand how it could arrive at such and such a conclusion. To achieve the best results, an algorithm follows a process that is in many cases impossible to fully explain or grasp. If this decision has significant consequences, such as the cancellation of a transaction, the suspension of an account or the launch of a costly investigation procedure, it is very frustrating not to be able to quickly and 100% understand the reasons which motivated this choice.

Another more difficult problem to grasp, but just as real: AI is devoid of conscience and ethics. It simply learns and reproduces the way humans make decisions, or optimize parameters, in order to achieve an optimal result that does not always correspond to the one we are really looking for. Applied naively, algorithms can amplify our biases and create systems that discriminate against certain people, or even make decisions that a human being would find ethically unacceptable. The emergence of self-driving cars has sparked a lively debate in this respect, but the same problems arise in other areas, notably cybersecurity.

Will the AI ​​trend take hold in the world of cybersecurity?

Artificial intelligence is already the big trend and the hottest technology. And perhaps also the most overrated. However, one thing is certain: everyone is talking about it and many are experiencing it. As we progress in the use of AI, the industry will stop treating it as a panacea or a catchy marketing technique, and will eventually find these algorithms an adequate field of application.

We will continue to need traditional control structures and measures, just as we need both locked doors and police forces to ensure our physical security, but we can probably ease controls by relying more on technical advanced analytics.

Is AI the best way to combat the growing risk of insider threats?

AI is certainly a weapon that will occupy a very important place in the defense arsenal. In terms of insider threats, the greatest difficulty comes from the fact that, in order to carry out their misdeeds, the perpetrators of malicious acts use the privileges granted to them in the normal course of their duties. Limiting access, generating detailed audit logs and strengthening monitoring will certainly help reduce risk, but there will always be employees who will need access to sensitive data and who can, because they are human, commit malicious acts. or be blackmailed. AI, and in particular behavioral analysis, can be used to recognize changes in work habits and inform security teams in real time.

How to manage the synergy between AI and the human dimension of operations?

The goal is not to replace human beings, but to allow them to devote their resources to activities that are of real importance. Computers can process huge amounts of data quickly and that is what they should be used for. On the other hand, human beings understand each other, perceive intentions and communicate with each other. The best AI tools offload us from tedious menial tasks and help us solve more important problems. Of course, we must keep in mind that these are means and not an end: we must define objectives and choose the most appropriate tools to achieve them.

Without AI, can cybersecurity be doomed?

This statement by the Director of NASA is quite relevant. Several arguments can be put forward to support this point of view. However, there will be no turning back. Security remains something of an arms race and attackers will continue to develop ever more sophisticated and stealthy programs and other hacking tools that allow them to infiltrate networks undetected. Security teams will have to continue their efforts if they do not want to be defeated.