"AI's Potential Impact on Threat Detection - TechTarget"

The cybersecurity landscape has been undergoing a significant transformation over the past few years, with an increasing reliance on artificial intelligence (AI) and machine learning (ML). "There has been automation in threat detection for a number of years, but we're also seeing more AI in general. We're seeing the large models and machine learning being applied at scale," said Josh Schmidt, partner in charge of the cybersecurity assessment services team at BPM. 
 
AI uses sophisticated algorithms to sift through and analyze massive volumes of data nearly instantaneously. Its ability to identify patterns and anomalies that could signal potential threats far surpasses human capability both in terms of speed and accuracy. 
 
One particular type of AI—ML—has found widespread use within threat detection systems. However, other forms are also utilized depending upon specific requirements. 
 
"AI is looking [at the IT environment] and asking, 'Does this seem like something an attacker would do or something a user wouldn't do?' and alerting on that," explained Allie Mellen, principal analyst at Forrester Research. 
 
For instance, User Entity Behavior Analytics products employ AI algorithms alongside ML to distinguish unusual behaviors not consistent with typical patterns shown by users or entities. This analysis relies heavily on enormous amounts of data concerning how users interact across enterprise networks, including software usage as well as hardware access points. 
 
Beyond mere identification of possible threats, AI plays another critical role—validation. It helps ascertain whether flagged activities indeed pose genuine threats or if they are just benign behavior mistaken for malicious activity due to certain similarities. 
 
An array of analytical approaches can be employed by an AI-based tool for detecting threats, from identifying them initially right up to automatic remediation in some cases. Association rule learning is one such technique where relationships between different steps involved in an activity are analyzed; any resemblance between these steps' sequence with known cyberattack patterns sets off alarms about potential security breaches. 
 
Other tools focus more on finding outliers within regular activities that could be indicative of threats. Some use clustering to map users into different groups, helping define what normal behavior looks like and thus making it easier to spot deviations that could signal potential threats. 
 
Mellen added, "So there are layers in how we see ML used. And you can stack these and layer these different methods together to get a more accurate assessment of what's going on." 
 
AI is also proving instrumental in enhancing the work experience for analysts dealing with threat detection by providing them guidance about the best course of action when responding to specific potential threats. 
 
While most enterprise security teams acquire AI tools as part of their security software packages from vendors, some Security Information Event Management (SIEM) providers offer a 'bring-your-own machine learning model', facilitating better or more targeted detection based on applications being used within an enterprise. 
 
Some large organizations have taken this one step further by developing their own AI capabilities. These companies believe they can create superior threat detection systems using proprietary algorithms applied over their own data lakes at cost points lower than those offered by vendors, although only time will tell whether such approaches indeed bear fruit.