Security AI usage has surged, and enterprises are reaping the benefits. In its 2022 Cost of a Data Breach Report, IBM found that organizations deploying security AI and automation incurred $3.05 million less on average in breach costs – the biggest cost saver found in the study. According to the study, organizations using security AI and automation detected and contained breaches faster.
However, while leveraging AI clearly makes a difference, organizations must implement the right architecture. Applied within a big data architecture, AI delivers the most potential to enhance security, accelerating an organization’s defenses from human speed to machine speed by increasing:
To understand why AI has become so vital to security, consider its use case in regards to application programming interfaces (APIs). APIs support a dizzying array of digital applications, and companies are rolling out and updating APIs at record pace. In fact, the Q1 2023 State of API Security Report found that 37% of organizations update their APIs weekly.
Because APIs transport highly sensitive and lucrative data, they have also become a target for cybercriminals.
API attacks differ from almost anything else we’ve seen in security. With APIs, attackers focus on finding flaws in application logic. Bad actors probe and prod at APIs over and over again to look for holes and uncover vulnerabilities and implementation gaps.
Because organizations can’t know every possible application logic flaw that exists when they put an API into production, these attacks can be extremely difficult to detect. Security testing in development covers only a small part of application logic. Without knowledge of application logic flaws, fast detection of the probing activities of attackers becomes essential for securing a company’s data.
Only AI can spot the anomalies in behaviors across millions of API calls and correlate them over time to identify the poking and prodding of a bad actor looking for an application logic gap. Existing security mechanisms, including WAFs and API gateways, lack the context to spot these interconnected activities.
In her June 2022 RSA keynote, Innovation, Ingenuity, and Inclusivity: the Future of Security is Now, Vasu Jakkal, Microsoft CVP of Security, Compliance, Identity and Privacy simply summarized why AI is so uniquely equipped for fast detection:
“One of the most effective use cases for AI in cyber is detection. AI is incredibly great at accessing large amounts of data and classifying this data to determine what is good and what is bad.”
AI-powered solutions instantly spot deviations in behaviors that indicate a potential problem.
By quickly and accurately analyzing huge amounts of data, AI accelerates threat detection so companies can respond faster.
Cybersecurity attacks continue to rise. Looking again at the API security use case, 94% of organizations say they have experienced some security issue with their production APIs over the past year, and 31% had experienced a sensitive data exposure or privacy incident.
In addition to the increasing number of attacks, data volumes are rising. The amount of data to be protected has grown exponentially – making security even more complex. Only AI can scale to analyze such voluminous data in near real time to spot attacks.
AI can determine if something new is happening within the environment in a way a human cannot due to the sheer volume of digital data. Likewise, traditional application security solutions work at the scale of just a single transaction at a time.
Finally, organizations must recognize that attackers themselves are applying automated AI to improve their attacks. Defenders cannot combat these new AI threats without also harnessing AI security capabilities themselves.
Amazon CEO Andy Jassy, while he led AWS, famously said, “There is no compression algorithm for experience.” This truism applies to AI more than any other technology. You simply can’t shortcut the process of learning for AI algorithms. They need time and exposure to get smarter, to deliver the benefits of crowdsourced experience.
In security, AI algorithms must run for years in 1000s of customer environments to gain the learning needed for accurate detection. Until they get those years of experience, AI algorithms will likely trigger significant false positives and false negatives. In fact, when AI in security gets a bad rap, it’s often because the algorithms were too immature to deliver effective results.
Well-tuned AI algorithms, however, will do more than just flip a switch when they find an issue. They will provide extensive insights and details about the nature of the security gap and how to fix it.
Next-gen AI security solutions also make it possible to easily distribute the value across multiple departments, bringing recommendations back to the development team, for example. AI can bridge the gap across teams that have a different level of involvement – and a different angle of interest – in security learnings.
AI has emerged as the top defense against cybersecurity threats. With massive automated attacks increasing and an expanded attack surface created by digitalization, organizations need the ability to quickly analyze hundreds of attributes. AI continuously monitors environments to identify points of weaknesses or changes and raises a red flag to overcome obstacles in real-time.
However, just saying “AI” isn’t enough. The solution needs the right architecture – culling insights across cloud-scale big data – and sufficient time in the market to quickly recognize patterns and spot threats within the enormous volumes of data being shared across today’s systems.
With a proven and mature model, AI delivers more benefits by learning from past incidents and connecting the dots to correlate historical incidents to thwart similar types of attacks before bad actors can reach their full objective.
Security improvements have always been gained through increased context. Next-generation AI security solutions give organizations unparalleled context with deep intelligence to pinpoint malicious activities and surface vulnerabilities before they can be exploited.` We simply can’t defend today’s digital world any other way.
This article first appeared in Forbes.
It’s extremely important to make sure your OAuth implementation is secure. The fix is just one line of code away. We sincerely hope the information shared in our blog post series will help prevent major online breaches and help web service owners better protect their customers and users.
We want to thank our customers, partners and friends for the calls and messages to our team showing your concern and support.