This IDC Perspective discusses how IDC defines AI in cybersecurity. Combinations of artificial intelligence (AI) and machine learning (ML) have influenced the cybersecurity landscape for the better of 15 years. What computers have always been able to do is make correlations to the bytes, files, hashes, and code that comprise a network. However, for all of the improvements in computing and years of refining algorithms, so much of operating the network and the cybersecurity software that protects the network are still manually intensive processes.After all of this time, recent developments in generative AI and, more specifically, ChatGPT are seemingly addressing the cybersecurity manpower gap. IDC calls it "autonomizing the SOC." The process of realizing a fully autonomous SOC involves several intermediary steps, but the new efficiencies in evidence are:The availability of enriched data at the time of the incident investigation The ability to generate an instantaneous response based on the type of attack is increasingly automated The implementation of analytics to discover unmanaged devices in the network The development of natural language processing (NLP) that enables threat hunting and security querying at the speed of speech"AI is improving SOC processes and empowering security analysts; the power comes at a critical time as organizations struggle with hybrid, multicloud complexity and a chronic workforce shortage," said Frank Dickson, group vice president, IDC Security and Trust Division. "However, the hard work is not about the AI at all, but creating and enabling the security data foundations that will allow AI to create outcomes. Regardless, the cause for overall optimism is real."
Please Note: Extended description available upon request.
Executive Snapshot
Situation Overview
Defining Artificial Intelligence
Artificial Intelligence as Applied to Security
User Behavioral Analytics — Somewhere Between Machine Learning and Artificial Intelligence
It's Not About the AI; It's About the Data
Data Framework Structures
Data Management
Data Curation
Concerns and Considerations in Leveraging AI
Present Limits to AI
Hallucinations and the Role of the Analyst
Data Security and Privacy Risks
To Presort with Labels or Without Labels Creates a Question of Privacy