The market for AI in cybersecurity is expected to soar. According to the market research firm Markets and Markets, sales and support of AI software and services will reach $38 billion by 2026 — up from nearly $9 billion this year.
According to the research firm, the market drivers for investment continue to grow, including the rise of IoT and connected devices, increasing cyber-attacks, regulatory concerns, increased complexity of cloud environments. The researches deemed constraints on the market to be the inability of AI to stop zero-day and advanced threats and rise in insider cyber threats. “Limited number of cybersecurity and AI professionals, and lack of interoperability with existing information systems pose major challenges to the AI in cybersecurity market,” they wrote.
Now, I certainly don’t agree that AI’s inability to stop advanced attackers is a constraint, nor that AI won’t be effective against insider threats. Sure, it will. Anything that can help identify deviations from normal behavior and help to rapidly identify policy violations will help mitigate insider related risks.
However, it's wrong to look at AI information security investments as a stand-alone market. While there will be generalist cybersecurity AI deployments, most AI and machine learning will be deployed within specific domains. There will be malware-specific AI, network traffic AI, AI that analyses user behavior, and AI that helps with data loss prevention, and identity management. For the near future, I think probably the foreseeable future, these tools will supplement and not directly replace security professionals.
What has happened is business-technology environments have grown much more complex. Rather than a central IT department deploying IT, many departments are deploying and choosing their own clouds.
Today there are more apps and data spread throughout more locations than ever. Workloads are spread across multiple clouds, rather than being tucked within a private data center, which means there’s more data spread and access credentials that must be secured. There’s also the rise of complexity associated with mobile devices and the digitization of more business processes with software bots.
A survey last year, Closing the IT Security Gap with Automation & AI in the Era of IoT, which surveyed 4,000 security and IT professionals across the Americas, Europe and Asia found that the IT security gap and the lack of visibility into what every user and device is doing while connected to the IT infrastructure will help drive AI investments.
According to that Ponemon survey, a healthy percentage of enterprises are using some form of AI in their security products today. To be exact, the survey found that twenty-five percent of respondents said they currently use some form of an AI-based security solution, with another 26 percent stating they plan on deploying these types of products within the next 12 months.
You can certainly expect that level of adoption to soar.
An area where it’s clear that AI can help enterprises is in better understanding their architecture and security technology deployments. Let’s face it, no one can understand today’s environments without the help of machine intelligence, there are just too many entry and exit points. Too many apps. Too many users, and too much data spread about.
As we wrote in As Cloud, Cybersecurity Grow More Complex, Enterprises Lean On AI, “through machine learning, such environments will be able to be modeled from the perspective of the attacker. Analysts will be able to more effectively defend their systems based on the most vulnerable choke points, the business value of data, regulatory controls, and similar factors. Another is how machine learning and AI will enhance malware detection. It’s possible to rely on clustering and classifying algorithms to more accurately and rapidly determine if a file or activity is malicious or friendly.”
That report also found that compromised legitimate users are considered the greatest risk by respondents, and that the IT security skills gap leaves the IT infrastructure vulnerable to attack. “Only 38 percent of respondents are confident that attacks inside the IT infrastructure can be detected before they cause a cybersecurity breach, resulting in data stolen, modified or viewed by unauthorized entities. Fifty-one percent of respondents say attacks that have reached inside the network have the potential to do the greatest damage,” that report stated.
It's clear that enterprise architectures are too complex, and too dynamic, for humans to model. Through machine intelligence and analytics, enterprises will be able to create highly accurate and dynamic models of their environments, analyze vast amounts of data, and simulate complex attack scenarios.