AI is changing cybersecurity, but it's not a catch-all solution

clock • 3 min read

Artificial intelligence is often confused with automation, but they are separate and distinct solutions to a common problem

Automation is changing the way that businesses operate. From the factory floor to back-end IT, automated services and machines are increasing speed and productivity while freeing workers up to focus on more skilled tasks.

‘Automation' is often used synonymously with ‘artificial intelligence', but although automated machines can use AI, they are very different. Automation is rule-based: ‘If A, then B'. AI, on the other hand, is trained to learn, develop and grow using the data it is given. An AI system is constantly in a state of change.

That means that artificial intelligence is a great fit for cyber security, where malicious actors are continuously developing new attacks. The old signature-based style of defence is no longer enough to protect companies' crown jewels: their data.

"Cyber-attackers are growing faster and more sophisticated by the day," said Andrew Tsonchev, director of technology at Darktrace Industrial, the branch of the company that uses AI to secure industrial systems and critical national infrastructure.

"Organisations are facing everything from lightning-speed ransomware to stealthy ‘unknown unknowns' that bypass traditional perimeter defences to silently carry out espionage over long periods of time. Human defenders simply cannot keep up with modern threats, especially as they manage increasingly complex networks."

Ron Davidson, CTO of Skybox Security, said: "Signature-based systems are built around the concept of recognising and blocking the exploit and may require a new signature for each variant. The signature-based system doesn't fix the underlying weakness, though it could shield it for a while."

He added: "Organisations using traditional methods to deal with their own massive volumes of vulnerability occurrences will only see problems compound."

Several companies are now automating their security with the help of firms like Skybox, while others are working in the more advanced realms of AI. Darktrace is the leading organisation pushing this development in security and has the most widely deployed enterprise AI; its award-winning Enterprise Immune System defends against new threats and, like the human immune system, operates without prior knowledge or signatures.

There is no silver bullet for cyber security - Andrew Tsonchev, Darktrace

Tsonchev said: "In response to the global cyber struggle, the cyber security market is flourishing. ‘Machine learning' and ‘AI' have fast become industry buzzwords, but many innovations still require rules and signatures of previous attacks and human pre-programming to work. Developing technology that learns on-the-job in live networks is a difficult feat, and many fail outside the lab."

Speaking from an automation perspective, Davidson said:

"Even with automation, there still needs to be human oversight. Automating patching or change provisioning bring their specific risks to the equation that must be weighed against the reward of any potential time-savings. Considering errors that could be compounded via automated action and the potential for business disruption, a human element in these execution processes may still be best."

Darktrace takes a different view: Tsonchev says that humans need AI, rather than the other way around:

"Ultimately, there is no silver bullet for cyber security. However, businesses need to realise that humans, no matter how expert, cannot predict tomorrow's threat and are being consistently outpaced by fast-moving attacks that will soon be supercharged with their own AI.

"Only genuine AI defences can make sense of constantly evolving networks and stay ahead of novel attackers. Looking to real-world use cases of how these defences are working will help guide organisations in their hunt for effective cyber AI as they arm-up defences."

You may also like
Arm tries to block Copilot+ PC lauch


Part of an ongoing dispute with Qualcomm

clock 18 June 2024 • 2 min read
Ctrl Alt Lead: Computing's new IT leader interview podcast


A quick and efficient way to learn from the best

clock 17 June 2024 • 2 min read
IT Essentials: Party manifestos are a miss for tech


The industry needs more than vague promises

clock 17 June 2024 • 3 min read
Most read

Arm tries to block Copilot+ PC lauch

18 June 2024 • 2 min read

Cyber gang shifts focus to SaaS apps

18 June 2024 • 2 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Security Technology

NCSC CTO: UK tech sector not incentivising companies to build secure software

NCSC CTO: UK tech sector not incentivising companies to build secure software

Calls for market reform to usher in secure future tech

clock 17 May 2024 • 2 min read
Wales launches CymruSOC, the UK's first national cybersecurity operations centre

Wales launches CymruSOC, the UK's first national cybersecurity operations centre

A ‘defend as one' approach for public services

John Leonard
clock 10 May 2024 • 1 min read
How a council consolidated security tools and saved 40%

How a council consolidated security tools and saved 40%

Savings came from lower licencing costs and fewer training and service requirements

John Leonard
clock 24 April 2024 • 4 min read