There are few industries artificial intelligence (AI) will not touch, but the security industry has only begun to scratch the surface of its potential.
While unsure of the future applications of AI in the security world, Kurt Roemer, chief security strategist at Citrix, believes that AI needs to play a large role to keep on top of the issues that keep presenting themselves as a threat to the security industry.
“AI is going to have a huge role in security and it ultimately has to because the security problem is extremely complex and it’s much more than an individual or even a well established security team can keep up with,” Roemer told ZDNet.
“What AI can bring to bear is providing security professionals with actionable intelligence and with areas where they only need to make decisions,” he said. “Workflows happen automatically and security according to plan happens in the background at all points in time without the humans in the loop.”
As the AI systems are built around a set of decision points and boundary conditions, Roemer said the AI system also needs to understand when such boundary conditions are exceeded or when there is an unplanned event, and to involve the humans at that stage, giving them what he called actionable intelligence to be able to make a human, but well educated, decision.
“It’s something that we don’t have today and many security organisations are still mired down in a lot of details and managing firewalls where AI really should be doing that for us,” he said.
“The firewalls, the intrusion detection systems, and all the information feeds that are coming in, what vulnerabilities exist, and how that applies to the organisation shouldn’t be something that people have to keep up with right now.”
Instead, Roemer said people should be presented with the information and just be given the ability to make decisions on where to take it from there.
When embracing the AI path, Roemer did warn that all responsibility should not be handed over to AI as such a system could have great appeal to threat actors.
“If you have a malicious insider or if you have an attacker that was able to get in and make changes to the AI system that’s running the organisation looking for security issues, you could basically turn off security for the entire enterprise just by manipulating the AI system,” he said.
Similarly, Roemer also said that if there were a bug or vulnerability in the AI system, or it was not configured or maintained properly, organisations could potentially find themselves without a correctly operating security system.
“The AI system really needs to have someone watching it, monitoring it, so that you understand that it has integrity,” he said. “You need to have somebody watching the watchers.”
Despite progressions in the industry, Roemer said there are still vendors and customers looking for the silver bullet security solution, noting that it of course is going to be very elusive.
“Most organisations are understanding that it’s not so much about security anymore or the technical measures that people used to concentrate on but it’s more about risk management and managing a very complex set of risks in today’s digital world requires you to have multiple solutions,” Roemer said.
“That’s one thing the security industry needs to be better at and that’s having the interoperability between vendors and solutions so that they can all work together more effectively.”