Saltar al contenido
Capgemini_research-and-insights_Reinventing-cybersecurity-with-artificial-intelligence--The-new-frontier-in-digital-security
Cybersecurity

Reinventing Cybersecurity with Artificial Intelligence: The new frontier in digital security

Shoring up cybersecurity with AI.

The deeper we foray into the Internet Age, the more organizations turn to AI to raise our productivity, improve sales, or enhance our experiences. Now, they are also turning to it to shore up their defenses against the crime that inevitably follows. We wanted to learn more about how they are doing this, and, more importantly, how they can do it better.

Listen to our experts in this podcast to find out more.

Transcript

Richard Starnes:

Hello, this is Richard Starnes. I’m the chief security strategist with Capgemini. And I have today with me Luis Delabarre, who is the global cybersecurity CTO, and Sumit Cherian who is a Capgemini researcher with our Research Institute. And today we’re going to talk about artificial intelligence in cybersecurity and the new report we have just released. So Sumit, can you tell us a little bit about the methodology about how this report was created?

Sumit Cherian:

Thanks, Richard. For this report we surveyed 850 senior executives from IT information security, cybersecurity, and IT operations in seven sectors across 10 countries. We also conducted a number of in depth interviews with industry experts and academics. Apart from this, we also analyzed 20 unique use cases to get an idea of the levels of implementation of AI in cyber security and to understand the potential benefits of implementation. Overall this is an emerging topic, something that our clients are becoming more and more interested in.

Richard Starnes:

Interesting. So we hear a lot about artificial intelligence in the media these days. And it means different things to different organizations and to different markets. Luis, why do you think that artificial intelligence is becoming a real focal point in cybersecurity these days?

Luis Delabarre:

Very good question, Richard. I think that today we, I mean globally we’re facing a fact: our cyber analysts are overwhelmed by threat. They are overwhelmed by complexity and volume. You know that we are every day facing new type of attacks, but also a lot of volumes, a lot of very high, intensive attacks. So AI would be one of the key technologies to help our cyber analysts. For example, as a kind of new type of attack, we have more and more, you know, machine speed attacks. So you know, everybody knows about ransomware. Ransomware is not new, but the number of ransomware is increasing. But there are also other type of machine speed attacks. So we definitely need to have AI embedded into cybersecurity to face this machine speed attack. And of course, today I will say that the decision makers, the CISO or CIO even, they understood that AI would help them to face this new type of attacks and this increasing volume of attacks.

Richard Starnes:

One of the problems that we’ve gotten in cybersecurity these days, and that it’s a global issue, is that the number keeps increasing about how many cybersecurity positions there are left to be filled. The last report that I saw was 1.5 million positions are unfilled as of today. So you think that the artificial intelligence will be able to help us address that skills gap? What do you think?

Luis Delabarre:

when I say you know that the machine speed attacks are increasing, it means that in order to face these type of attacks, we will need to have AI or different techniques that would qualify as artificial intelligence, used the machine speed attacks, but not only, I mean it’s not a question of being very reactive and very quick in the answer. It’s also, as you said, to be able to do it because less and less people, skilled people are available on the market. So nowadays I think that AI would help us because it’s easier to have one person or small team in order to set up, configure, tune, improve the AI engine, and then you know, automatically face or response to all these attacks. So definitely AI will help us to address this problem with the resources, with people.

Richard Starnes:

One of the interesting things that we’ve been seeing lately come into cybersecurity is artificial intelligence being actually used by the cyber criminals as well. The biggest example that I know of to date is using artificial intelligence engines to create phishing emails. And the irony of that is the AI engines will create phishing emails faster, more accurately, and with a higher degree of a response than the humans can. So if we’re not using AI, certainly our opponents are.

Luis Delabarre:

You’re right, Richard, and you know, when we say that we need to be faster and more efficient in the response or in the remediation to these attacks, of course not only cyber security will be involved because there is other type of technology. I’m talking about, for example, orchestration. But unfortunately, when you succeed to make your high mediation or response automated, or orchestrated, still you need some people to configure the threshold, to configure the rules and so on. So this is where AI’s a real improvement in this field because based on the AI technology, you will be able to learn and to react without having someone involved to set up this threshold or to modify the rules. So you’re definitely right, attackers or hackers are using cybersecurity to craft new attacks or to be quicker in the design of new attacks. And thanks to AI we’ll be able to fight against them. It’s a kind of race. You’re right.

Richard Starnes:

So Sumit, how are organizations benefiting from AI and cybersecurity? What is your take on that?

Sumit Cherian:

Organizations are definitely benefiting a lot, Richard. AI in cybersecurity enables a faster response to breaches. They found that the overall time it takes to detect threats and breaches is 12% lower with AI. AI also increases the efficiency of cyber analysts. For example, cyber analysts spend considerable time going through data logs and incident time sheets. By offloading some of that work to AI, cyber analysts can spend more value added time analyzing the incidents identified by the AI cyber security algorithms.

Sumit Cherian:

And finally, all this ultimately lowers the cost to detect and respond to breaches. Using AI for cyber security definitely enables organizations to understand and reuse threat patterns to identify new threats. And this leads to an overall reduction in time and effort to identify incidents, investigate them, and remediate threats, which can lower costs by an average of 12% according to our survey.

Luis Delabarre:

Yes, you’re right, Sumit. That’s what we call the augmented analyst. So definitely right. Yes.

Richard Starnes:

Well, one of the things that I like about artificial intelligence in cybersecurity goes back to what both of you were saying is, these seams in the soar create a lot of noise. We’ve been having IDS, IPS, and now the next generations of seams. And they still, you know, the noise is still very, very prevalent. So what artificial intelligence is going to be able to do is get our analysts’ eyes on actual critical security incidences rather than piling through a bunch of things that aren’t.

Luis Delabarre:

Yeah, you’re right, Richard, and I would like to take it just one short example to explain my thought about that. You know before, I mean without any AI embedded, you have a low capability to follow some values, you know, in your information systems. With AI embedded, if you want, for example, to just make sure that the volume of data change in and out from every workstation is, I would say compliant, with the model you learn, I mean with AI is very easy. You just set the system to say “hey, by the way, just monitor the amount of data in and out from every workstation, and if there is any deviation against the model learn, you just raise an alert”. And doing this without any AI is not possible. So definitely AI will help us on this.

Richard Starnes:

With the increasing complexity of networks and applications and the rush in the dev ops area to continuously change output and create new output, cybersecurity can be a bit like a game of Whack-A-Mole. So where should organizations focus their cybersecurity initiatives? We have finite budgets in an almost seemingly endless array of challenges. So where do you think that focus should be?

Luis Delabarre:

To answer to your question, Richard, there is an easy guess: of course detection. Detection is key. This is where we use a lot of machine learning techniques to improve the detection rate and also to be able to detect unknown attacks. So definitely detection is key. And this is where companies, and I mean our customers and also vendors, partners, are investing money to improve detection.

Luis Delabarre:

But of course we want also to be more predictive. Everybody wants to be more predictive because instead of just reacting to problems you try to predict. Unfortunately today, there is less investment into prediction because it’s not easy. It means that you require analytics in place, safe learning, immune system, based on these analytics. So it’s less easy or, more complex to implement.

Luis Delabarre:

And the third one is response. So in response, today I think, and we touched upon the subject before, but the response will benefit a lot about AI.

Luis Delabarre:

Back to your question, and if we split or if we do a kind of breakdown of the cybersecurity in three different domains: network, application, and endpoint. You’re right. The people were investing, or they were using artificial intelligence more in network security first because, you know, as I said, for detection, it’s an easy guess. You implement one box at the right place in your network, and you should be able to detect a lot of different type of attacks. Of course, with different types of or different levels of complexity. So network security was the first domain where AI, and it’s still the case, is implemented.

Luis Delabarre:

But of course, application is also a very important domain where we should invest because you know that applications are shifting to the public infrastructure like cloud and other types of infrastructure. In that case, applications are less easy to secure. And artificial intelligence will help us to secure these applications. So the investment in AI for the security of the application will increase.

Luis Delabarre:

And last but not least, as I said, end point is also very important because you know that about 70% of the attacks are related in some point to endpoint or to the user, to the end user. So it means that if you succeed to improve your cybersecurity for your endpoints and your user, you lower the risk of being breached or being compromised. So this is the third domain where AI will be, I would say implemented. So as a summary, I would say that network is the easy one, but investments are decreasing a little bit to be invested into application security and endpoint security.

Richard Starnes:

Excellent. One of the things that’s a kind of fairly obvious about artificial intelligence is it’s not going to be one of those pull it off the shelf and get up and running in five minutes type of application. It’s going to be fairly complex, right? So talk to us a little bit about what that roadmap would look like. How does an organization go about that roadmap?

Luis Delabarre:

This is a fairly good point. We know today that the vast majority of our customers are not succeeding to shift from, I would say POC stage to production stage. So we need to help them. And one of the way to help them and it’s the main domain point to answer to your question, is to identify the high potential use case, and you know, and this high potential use case are where our customers should invest their money. So high potential and low complexity. That’s how we try to organize this list. So you know, if you find a use case where the benefits are very high and the complexities a little bit lower, this is where you should start.

Luis Delabarre:

And as an example, to again to answer to your question, we think that if we organize our information system between, you know, IT systems, OT which are industrial systems or in OT, for example, malware detection or intrusion detections, is a kind of a first priority for our customers because you will have a high benefit using AI, and the complexity is quite low because in OT for example, the systems are very, I would say, I mean they are similar. There is no specificity. Once your system is up and running, there is no modification. It has to run every day the same way. So learning is easy and detecting any deviation is easy. So again, in OT, malware and intrusion detection is the first priority.

Luis Delabarre:

But for IT and OT, again, UEBA could be another, I mean user behavior analytics detection could be another a good example because, you know, this is also where learning how the user is using your application, how they use their endpoint, how they use the network, is quite easy and immediately you will be able to benefit the usage of artificial intelligence.

Luis Delabarre:

So back to your point, identifying high potential use case with very low complexity in the implementation is the way to go to improve the efficiency of your artificial intelligence platform or projects.

Richard Starnes:  

Interesting. Sumit, So what were your three big standouts from the report? What are the three things that just really registered for you?

Sumit Cherian:

Thanks, Richard. The key takeaways for me would be: first, organizations across the world are overwhelmed by cybersecurity threats. So to provide some perspective, Cisco blocked 7 trillion threats in 2018 for clients. Second, more and more organizations are turning to AI to help improve cybersecurity. Almost two in three organizations are already planning to deploy AI by next year, so that is definitely a lot of interest. And finally organizations going to implement AI in cybersecurity must take the time to build a roadmap to help move from proof of concept to full scale deployment.

Richard Starnes:

Luis, what are your thoughts?

Luis Delabarre:

You know, reading the report, the first thing that strike me was the, for example, the difference between Europe and US or Asia regarding the financial damage from breach. I was surprised by the number because there is a kind of difference between the two. I don’t think that there is a difference in the number of attacks or the complexity of the attacks, but maybe from a cultural standpoint, the US or Asia, they are more keen to evaluate the impact of the breach.

Luis Delabarre:

The second one was also the fact that I believe, and that’s one of the output of the report I guess, I believe that decision makers, CIO, CISO, understood that, as I said before, AI is one of the technologies they should or they must implement. But this high percentage, I think, is something about 73% admit also that they are not scaling from the POC to production as Sumit said. So we definitely need to help our customers because the compelling event is right now. People understand that they need to implement artificial intelligence for all the reasons we mentioned. But they also understand that there are not today easily reaching the production stage.

Luis Delabarre:

And yeah. And the last one is the fact that the decision makers are, of course, aware of the problem they are facing in cybersecurity. We used to be in the past in a situation where maybe top management was not so involved into these aspects, and now definitely all the boards, CxOs, they are aware of cybersecurity issues, and they are also aware, as I said, of solutions like AI to help them.

Richard Starnes:

Interesting. As a former CISO, and I was reading a report primarily with those glasses on, the thing that struck me was the force multiplier capability of artificial intelligence to get our analysts’ eyes on alerts that matter and off alerts that don’t. Very much a budgetary issue as well as an efficiency and an accuracy issue. I think artificial intelligence is absolutely key to working on that particular issue.

Meet our experts