Cybersecurity, a huge industry worth over $100 billion, is regularly subject to buzzwords. Cybersecurity companies often (pretend) to use new state-of-the-art technologies to attract customers and sell their solutions. Naturally, with artificial intelligence being in one of its craziest hype cycles, we’re seeing plenty of solutions that claim to use machine learning, deep learning and other AI-related technologies to automatically secure the networks and digital assets of their clients.

But contrary to what many companies profess, machine learning is not a silver bullet that will automatically protect individuals and organizations against security threats, says Ilia Kolochenko, CEO of ImmuniWeb, a company that uses AI to test the security of web and mobile applications.

While machine learning and other AI techniques will help improve the speed and quality of cybersecurity solutions, they will not be a replacement for many of the basic practices that companies often neglect.

Artificial intelligence won’t automate cybersecurity

“In cybersecurity today, we overestimate the capacities of machine learning,” Kolochenko says. “When talking about AI, many people have this illusion that they can just plug in software or hardware that is leveraging AI, and it will solve all their problems. It will not.”

According to Kolochenko, one of the main causes of data breaches and security incidents is lack of visibility on company data and assets. Organizations are growing larger and more fragmented, and they’re not doing a good job at keeping tabs on all their data and computing devices.

“Organizations are becoming so large, so clumsy that they have no idea where their data is stored, who has access to their data, how many devices, cloud storages, IoT devices, etc. they have, and all this leads to a very expansive, continuous and inevitable incidents and data breaches,” Kolochenko says.

This is an area where machine learning won’t help. Organizations need to have proper processes and practices in place to keep a continuous inventory of their digital assets. “If you do not have a process—even a paper-based process—of how you do things, who is responsible, who is accountable, who has the capacity to do continuous inventory, AI will not help,” Kolochenko says.

Machine learning will automate repetitive tasks, if it has the right data

This doesn’t mean, however, that machine learning is not without use in cybersecurity. It will still help network administrators to identify safe behavior and potential threats by accelerating the process of searching through data.

“AI can support you and accelerate you and take care of some routine time-consuming tasks and free up your team to spend their efforts on really complicated and more important tasks,” Kolochenko says.

Machine learning can specifically help in tasks that can’t be represented in classical rule-based algorithms. “We consider using artificial intelligence only when software solutions that don’t use big data and machine learning can’t provide you with meaningful outcomes, where we don’t know in advance all possible combinations, all possible use cases,” says Kolochenko.

Kolochenko also reminds that a prerequisite to using machine learning is to have the right training data. Not having data in proper amounts and quality will result in AI models that give the wrong signals or produce biased results.

“If you want to make sure the machine learning model will provide you with reasonable answers, you have to make sure that the data is comprehensive and it’s relevant. If you don’t have any data, you’d better reconsider reviewing the use of machine learning,” Kolochenko says, adding that many of the startups that talk about AI and cybersecurity don’t have the data required to solve the problems they advertise. “For every startup the biggest challenge is where to obtain reliable data,” he says.

Machine learning and anomaly detection

cybersecurity broken lock