ISACA publishes AI in security white paper
Cybersecurity professional association ISACA has published a new white paper detailing the use of artificial intelligence (AI), machine learning (ML) and deep learning (DL) in cybersecurity.
The new publication seeks to explore uses of the technology in the security domain to determine what is working and what needs changing, as well as encouraging trends for the future.
Interviews with some of the engineers behind the technologies seek to determine whether marketing tactics obscure reality when it comes to new security technology.
Of the 13 engineers interviewed, none felt that the marketing associated with the products they were working on was completely accurate with respect to advertised capabilities. But they were optimistic that the ways the technology was evolving would address this issue.
The research found that engineers believe ML helps most significantly in areas including network intrusion detection and security information and event management systems (SIEM), as well as in phishing attack prevention and offensive cybersecurity application.
On the other hand, developers felt ML was overused in some areas. Another trend explored in the paper involves malicious uses of ML and DL in attacks such as social engineering or phishing.
“Machine learning’s gradual adoption in cybersecurity has led to good results, and there are innovative products in the market that should take ML and DL to new levels,” said Keatron Evans, principal security researcher, Infosec, and lead developer of the publication.
“However, it’s possible cybercriminals may be outpacing the cyber defenders when it comes to developing and employing new technologies, and not all ML/AI-based products are as innovative as they claim to be. Cybersecurity professionals need to continuously educate themselves to be able to not only stay on top of the latest developments, but also discern which technology tools will best meet their needs.”
There was a stark increase in both the number of publicly disclosed data breaches in 2021 and the...
Password-only cybersecurity will become less effective in 2022, with passwordless authentication...
Disaster recovery (DR) plans have evolved into a central mechanism for safeguarding enterprises...