AI and Machine Learning Must Be Used Strategically in


            Cybersecurity

            by Dustin Hillard, chief technology officer, eSentire





            Malicious actors have the upper hand. This is clear from the ongoing data breach headlines involving
            companies with talented and diligent security organizations. A successful adversary campaign need only
            find a single flaw in an enterprise defense, while security teams are dealing with the increasing complexity
            of more instrumentation, tools, data and alerts that are being pushed as the only way to protect against
            threats and detect successful intrusions.

            The tech industry has responded with claims that AI and machine learning will save the day. In reality,
            though, they could actually exacerbate the existing problems and perpetuate the disadvantaged posture
            of security teams today. There are three common challenges associated with AI that can deteriorate
            defenses:



            Challenge #1: More False Positives

            Organizations have rapidly adopted AI to detect security issues, but so far the result has been an increase
            in alerts that security teams must add to workloads that are already maxed out. It is easy to build models
            that detect new potential threats, indicators of compromise or anomalous behaviors. On the surface, it
            appears that these provide additional security, but in reality, this just generates more false positives that
            distract overburdened security operations teams from seeing real threats.







                                 138