Infosec Pros Agree Human Skills Matter Most in a Cybersecurity Stack

Share this Share on email Share on twitter Share on linkedin Share on facebook

Artificial Intelligence (AI) and Machine Learning (ML) offer considerable advantages for cybersecurity professionals, especially in the face of the technology talent gap that has left 45 percent of companies with an understaffed cybersecurity team.

New research shows that, while over half of organizations use AI or ML in their cybersecurity stack, nearly 60 percent are still more confident in cyberthreat findings verified by humans than via AI.

The survey by WhiteHat Security of 102 industry professionals at the RSA Conference 2020 shows that AI-based tools make cybersecurity teams more efficient by eliminating over 55 percent of mundane tasks. Nearly 40 percent of infosec professionals feel their stress levels have decreased since incorporating AI tools into their security stack. Of those, 65 percent claim these tools allow them to focus more closely on mitigating and preventing cyberattacks than before.

But AI and ML alone are not the answer to advanced cyber threats. Most respondents emphasize the need for human skills that AI and machine learning simply cannot match.

“Despite the number of advantages AI-based technologies offer, respondents also reflected on the benefits the human element provides cybersecurity teams,” according to the report. “Thirty percent of respondents cited intuition as the most important human element, 21 percent emphasized the importance of creativity, and nearly 20 percent agreed that previous experience and frame of reference is the most critical human advantage.”

AI and ML are tentpoles in cybersecurity, and especially so in network security. Supervised Machine Learning is a predictive model involving labeled data and human experts to train the AI to detect anomalies, and potential suspicious activity in network traffic. Unsupervised ML is a model where the AI trains itself using unlabeled data and no human teachers. Semi-Supervised Learning falls in between these two models, with labels absent in most observations, but present in a few samples. Bitdefender’s network security offering, Network Traffic Security Analytics (NTSA) uses this hybrid machine learning methodology, in keeping with our longstanding use of tunable Machine Learning for cybersecurity.

Semi-supervised ML is critical because, unlike strictly supervised approaches, it does not require only labeled training data. Instead, it readily identifies key patterns and trends in the live data flows, without the need for human input. NTSA uses complex semi-supervised machine learning algorithms to analyze network data at scale and make billions of probability-based calculations based on the evidence that it sees. Instead of fully relying on knowledge of specific past threats, it independently classifies data and detects compelling patterns. From this, it forms an understanding of the normal behaviors across the network and detects any deviation from this baseline that may point to a developing threat.

Learn more about the core principles of Bitdefender NTSA’s at