Computing hub.jpg

IT leaders are reluctant to trust AI in security - here's why they're wrong

Recent massive cyber-attacks have pushed interest and investment in AI-enhanced security, Computing research shows

Cybersecurity is one of the fastest-moving areas of IT. Add in a rapidly evolving technology like artificial intelligence, and even the most informed CISOs struggle to keep up.

Adding AI is the next step in the evolution of cyber tools. Products with AI features learn and act autonomously, taking over time-consuming manual processes and allowing security teams to focus on complex tasks. Research by Computing, in a survey of more than 350 IT leaders, found that interest in the capabilities of AI-enhanced security (AIS) products is high, but willingness to commit is still low.

Despite that, many vendors have already begun to position themselves in the market, including Microsoft, McAfee, Sophos, IBM and Darktrace. Use the graph below to compare these vendors - the major UK market players - against each other, in areas that IT leaders consider to be of particular importance.

https://app.everviz.com/embed/SpdI-ouy\\_/

Hover over vendor names to highlight them, or click them to add/remove them from the chart.

The definition of AI in the wider security space is still unclear. Many vendors claim to be using artificial intelligence, when they're really only automating processes. While trust is always important in security, it is even more important when AI is involved - especially when it comes to choosing a new vendor.

When potential customers are looking for a security supplier, established firms tend to have the edge over newer players - even though new or smaller companies tend to develop more innovative AI features.

Because of this, the market for AI-enhanced security (AIS) tools is mostly supplied by mainstream security companies like McAfee, Sophos, Symantec, Fortinet and Check Point, as well as tech titans like Microsoft and IBM. Darktrace is the only newer entrant to have established a firm foothold in the UK.

Our survey showed relatively low levels of AIS take-up at the moment, with only the most popular solution - Microsoft's Azure Sentinel - breaking double-digit adoption. That isn't entirely unexpected: like other Microsoft products, Azure Sentinel is a default part of many Windows licenses, giving it massive reach.

However, security covers much more than the SIEM services of Azure Sentinel, and half of respondents said they used more than one AIS tool. Layering security solutions like this is common, to get best-of-breed capabilities in multiple areas.

In addition, as IT leaders become more comfortable with AIS tools' capabilities - and massive cyber-attacks like Colonial Pipeline, SolarWinds and Kaseya continue to ravage IT systems - the perception of AI as necessary will continue to rise.

How much do you agree with the statement, ‘AI-enhanced cybersecurity is necessary to operate in today's threat landscape?

N = 350

The AIS Marketplace

Security is long-established, but adding AI is a fairly new innovation. More than half of our respondents were either still in the trialling/evaluation phase, or had been using AIS for less than a year.

Time-saved is often cited as a reason to use AI and automation, but was only the third or fourth reason for adoption in the majority of trials: IT leaders are more focused on the ability to stay ahead of new threats, lower risk, and minimise breach events and financial penalties. The same applies when it comes to judging how successful an implementation has been, with most respondents saying they would look at the number of threats detected, threats that got through, false positives and the speed of resolution before IT time saved.

Several of these areas, especially false positives and ‘staying ahead of new threats', are difficult to measure. Quantifying the strength of any security solution is difficult - it is effectively trying to prove a negative - and even more so when it comes to AI.

For this reason, many IT leaders put a high stock in the vendor, as well as the claimed capabilities of the product, when the time comes to choose a solution. Unlike many other technical areas we've covered, cost-based metrics weren't exclusively at the top of the important factors - instead, respondents focused on the level of support offered and the product roadmap.

Please rate these factors in terms of importance when choosing an AIS vendor

N = 350. ‘Low' = 1-3 out of 7. ‘Med' = 4-5. ‘High' = 6-7.

One element that did not appear on the chart, but that respondents picked out as important, was the vendor's reputation.

"Everything with security is based on trust…How [vendors] deal with everything. So, it's not just they have a good reputation in the market; I want to see how they react with other security firms and how they deal with them. Are they very public about, for instance, people who find problems with their product?" (IT and Security Manager - Insurance sector)

"So, reputation - and that would include who their clients are, who they're currently working with - and trust, which then also connects with the openness factor, hopefully open in the security scene so people are peer-reviewed etc, people know what they're doing. And the other one for me, I always do for everyone is their financial standing. Because a lot of these start-ups as well, when you actually look at them, they could just vaporise quite rapidly." (IT Director - Architects)

This is another factor that makes it more difficult for new firms to break into AI security. Every one of the most popular 10 firms in the UK is large and established - with the slight exception of Darktrace, although it's also now well-funded.

AI is clearly a good fit for security tools, giving users the ability - and time - to respond to new threats and detect unusual activity in their networks. Its adoption is slowed by a variety of factors, not least cost and trust, but as the market develops, prices become more competitive, and large-scale cyber-attacks continue to make international press, we expect use to rise sharply.

You may also like

ChatGPT maker OpenAI could lose $5bn in 2024, report
/news/4340185/chatgpt-maker-openai-lose-usd5bn-2024-report

Finance

ChatGPT maker OpenAI could lose $5bn in 2024, report

Another round of funding may be needed to keep it afloat

CrowdStrike outage to cost $44m per Fortune 500 company, report
/news/4340182/crowdstrike-outage-cost-usd44m-fortune-500-company-report

Corporate

CrowdStrike outage to cost $44m per Fortune 500 company, report

A quarter of top US firms were hit by the update blunder

CrowdStrike: Thousands of typosquatting domains registered after global outage
/news/4339044/crowdstrike-thousands-typosquatting-domains-registered-global-outage

Threats and Risks

CrowdStrike: Thousands of typosquatting domains registered after global outage

CrowdStrike says cybercriminals are attempting to install a new infostealer malware through fake fixes