Traditional prevention-focused, perimeter-based, manual security measures were already obsolete before anyone discussed AI-based cyberattacks. Enterprises were already flooding with hundreds—often thousands—of alerts, and hundreds of thousands of malicious files, to analyze every day. And conventional rules-based cybersecurity had already begun to fail against the plethora of unknown attacks—and often unknown attackers—facing enterprises.
By the end of 2017, organizations already faced attackers who produced a flood of complex threat data much greater than they could handle with human-only teams. The addition of AI to automate and accelerate cyberattacks will offer a significant problem in 2018. But it is not a new problem—it is an escalation of the data-focused threat landscape we have already been contending with.
AI will only deliver one big game change in 2018— cybersecurity providers will begin to deploy their own AI-driven defenses as a standard service.
In 2018, at a base level, AI will give cybersecurity providers the power, speed, and precision they require to effectively handle the accelerating influx of threat data produced by modern cyberattacks. AI-driven systems will work much faster than any human could, and give cybersecurity experts the ability to contend with their massive volume of endlessly varied cyberattacks.
AI will provide value throughout the entire IT stack, and enhance the entire spectrum of cyberdefense activities. It will assist cybersecurity teams as they perform error-free monitoring of the entire IT stack, collect and analyze security data from different data repositories, track various threats, calculate existing vulnerabilities, and triangulate existing breaches. In the event of a breach, the proper AI-driven system will offer intelligent recommendations for threat response, and allow cybersecurity teams to limit damage from a threat within minutes.
Properly deployed, AI will give organizations near-real-time detection to their attacks. And, when properly applied to threat anticipation, AI will provide pre-emptive detection of attacks, by informing organization about which new threats are likely to strike them, and giving organizations effective preventative capabilities for the first time in years.
These capabilities are already deployed by best-in-class modern cybersecurity providers. But as cybercriminals increasingly leverage their own AI to augment their attacks in 2018, these capabilities will be seen as increasingly necessary at every level.
2018 will likely be a year of transition for AI in cyberdefense. Many organizations are still using an MSSP, or have developed an internal SOC, which do not offer mature, end-to-end AI capabilities. But as more organizations adopt a Managed Detection and Response (MDR) service, AI will become a standard element of every effective security posture.
Organizations are waking to this need. Currently, 56% of organizations are actively deploying or investigating security as a service. That percentage will only increase in 2018, as AI continues to act as a major force in both cyberattacks and cybersecurity.