Pulse Community Insights

Discussing the value of artificial intelligence in cybersecurity

Cybersecurity

September 27, 2021
·
7
min read
Artificial intelligence in cybersecurity

Highlighting some of the insights and thoughtful conversations from Pulse on the value of artificial intelligence in cybersecurity.

Artificial intelligence in cybersecurity, as well as machine learning in cybersecurity, are topics we’ve seen gain momentum on the Pulse community over the last few weeks, particularly with CISOs, who are debating whether or not there’s actual value when using AI and ML for security.


In this post, we’ll highlight some of the insights and thoughtful conversations that are happening in our community. If you would like to join the conversation with fellow tech executives, we’d love to hear from you. Sign in to Pulse and contribute your thoughts.


How does AI and ML bring value to cybersecurity, amongst other applications?

“[Here’s an example scenario: six humans working eight-hour] shifts, looking through close to 2-3 billion events in that eight hours, trying to make sense and catch a breach situation before it happens. If there is a breach, game over, right? Integrity is really important. So, we started with basic statistical modeling and things like that with [...] volume, variety[,] and velocity. But it was not scalable. So what I've observed is, when you use [traditional rule-based systems] or statistical modeling, the false positives are way more than the actual signal itself. So practitioners either tune out these rules or ignore the alerts that are coming up. So these 5-6 billion events include at least 300 to 400 million alerts too, in that [one-day] period. Obviously[,] humans cannot look at this and make sense. So that’s where [cybersecurity] becomes a really good use case for AI.”

–⁠ Head of Information and Data Analytics


Is there any progress towards solving AI/ML challenges in cybersecurity?

“Certainly there's progress. There's a bunch of companies that are doing AI/ML analysis with less than 10%-15% false positives, but I think we're still early. This is going to work, but it's not going to be like overnight flipping the switch kind of thing.”

–⁠ Head of Information and Data Analytics


What are some of the top challenges in implementing AI/ML?

“How does one as a security practitioner or an engineering leader go about identifying capability and quality? There's a lot of new things getting released and dropped, but it's not just about evaluation of capabilities. How, as a security or engineering practitioner, do you go about doing your assessment to see where you add value? You could be in a really mature landscape where maybe some of those AI or ML type rules that certain products offer don't provide you as much value upon an assessment or a POC. Does that mean that the product really doesn't add value? Not necessarily.  So as we have this kind of dynamic, does that mean that AI and ML tools will always benefit a less mature landscape better? Possibly.”

–⁠ Senior Director, Security Engineering and Threat Management


Should the ethical issues arising from AI/ML be owned by the CISO?

“I think it's a joint effort with the CISO, Engineering, Architecture, and Operations to maintain and keep AI/ML in check when it comes to security. Each area plays a role in ensuring the security of machine learning and artificial intelligence.”

–⁠ CIO


“[...] you have all these slippery slopes with AI and security, particularly when it's used for identification [...]. One of the things that I learned, and it frustrated me with many peers over the past several years, is that a lot of my security peers said that's not their responsibility. It's not their responsibility if there's a bias built into it, indirectly. They’d say[, ‘Y]eah, but it's not a cybersecurity attack.[’] And I say: build it into your SDLC, build it into your privacy by design, you own it. I look at it from a regular risk perspective, but I also look at these ethical and moral implications because I want to create the principles and compass so that we don't go down the slippery slope...”

–⁠ Malcolm Harkins, Chief Security and Trust Officer at Epiphany Systems


Do you believe cybersecurity solutions providers when they claim they’re using AI?

“There are [cybersecurity] companies that say they have AI. I don't believe that it is what I think is true AI. I suspect it is more advanced rule sets.”

–⁠ CTO


“Unfortunately, so far every vendor that has touted AI or ML in recent pictures is not actually using either. It is the cool new buzzword like blockchain was a couple [of] years ago[.]”

–⁠ Security Director


“In most industries, the Marketing people need something snappy.  Look at [‘cloud’,] which was in operation long before the name came into being. AI is similarly one of those. Computers do not have [‘i]ntelligence’ as yet and all they are doing is learning and not repeating mistakes.  Anti-virus updates are a type of machine learning, but we do not call it AI.”

–⁠ CTO


📊 Quick insights on cybersecurity risk management
Check out our our One-Minute Insight Report, AI in Cybersecurity, that covers:
• Adoption of AI technology in cybersecurity tools
• The perceived benefits and challenges of AI in cybersecurity
• Aspects of cybersecurity that will benefit most from AI

Access data and intelligence from thousands of verified technology CxOs, VPS, and Directors, while engaging in compelling conversations about what's top-of-mind for tech leaders today.

Join the Pulse Community

Join the executive community

Make and shape business decisions with tried-and-true advice and benchmarks from technology leaders

Executives powering Pulse

“With its survey data, Pulse skips the anecdotes and provides deep context and real numbers for the topics that are top of mind for my organization.”
Julie Cullivan photo
Julie Cullivan
Chief Technology and People Officer, Forescout
“Pulse beats any other platform, research company, Slack groups, etc. at getting me the most relevant advice and content. I rely on Pulse for all knowledge and insights. The answers are consistently exactly what I need.”
Roberto Torres photo
Roberto Torres
CTO, Taimingo
“What the IT community has needed is a vendor free, agenda free platform which encourages discussion and debate amongst peers. Pulse has nailed that in both their Q&A and timely reports.”
Lee's headshot
Lee Vorthman
CSO, Oracle
“I love that Pulse is a one-stop shop for all the peer conversations and insights that are presently super scattered and disconnected among various Slack channels and other CIO groups.”
Enrique Jenkins photo
Enrique Jenkins
Head of IT, DoorDash
“Being able to drive discussions on new tech with my peers and getting immediate feedback is exactly what has been missing until Pulse.”
Manjit Singh photo
Manjit Singh
CIO, Toyota
“For the past two weeks, the first news source I check [every morning] is Pulse. I look at Focused Five everyday. Pulse first, then Twitter, etc. You're that good.”
Miguel Borbolla Olea photo
Miguel Borbolla Olea
Director of IT, OCESA
“I’m excited for what the Pulse team have built to better connect the CIO community. It’s been exceptional for many of us in the community to get clarity and aid decision making as we develop our strategy.”
Yusuf Khan image
Yousuf Khan
CIO, Automation Anywhere
"Transformative change and real-time insights can only come from the people who are doing it day to day in an innovative way. I get a wide variety of that insight from Pulse."
Malcolm Harkins photo
Malcolm Harkins
Chief Security and Trust Officer, Cymatic