SANS: Security Gets Smart with AI

The concept of artificial intelligence (AI) has been with us since the term was coined for the Dartmouth Summer Research Project on artificial intelligence in 1956.

Today, while general AI strives for full cognitive abilities, there is a narrower scope—this more well-defined AI is the domain of machine learning (ML) and other algorithm-driven solutions and is the point where cybersecurity has embraced AI.

Cybersecurity professionals are always on the lookout for tools to help them to deal with threats and attacks.

As more organizations adopt a policy of continuous monitoring, security teams find themselves with voluminous quantities of monitoring and other operational data.

At the same time, computing power and the science of “data science” has progressed to the point where we can use machines to exhaustively sift the data to detect patterns and then use the patterns to create predictions, which can be tested to create more data, and so on.

Given the ready availability of resources—as well as difficult problems and the largely unknown limitations of AI—there is considerable interest in the subject. However, a lack of clarity remains around AI in general.

How do security professionals view AI in terms of its maturity and fundamental capabilities? How are they utilizing AI? What key technologies underlie AI implementation? What risks and barriers are holding back wider adoption?

In light of the increasing interest and the lack of clarity, SANS surveyed the information security community in late 2018 to access and characterize perceptions of AI’s capabilities and potential to create this report.

Recognizing that communication is the basis of better security, we summarize the results in this paper to facilitate communication among developers, providers and users of AI technology in the information security community.