AI brings speed to security

Survey results indicate incident response times improve with AI-based security services.

By Laurent Gil
January 16, 2019
Movement Movement (source: Pixabay)

Organizations that use security tools with artificial intelligence (AI) and machine learning (ML) see a significant decrease in incident response time, according to a survey of 457 security practitioners conducted by O’Reilly Media in conjunction with Oracle.

Twenty percent of IT professionals who rely on traditional security measures said their teams can detect a malware infection or other attack within minutes, according to the survey. But among IT pros who reported using AI and ML security services, that number more than doubled to 45%. The long tail shows a similar trend: only 16% of IT professionals need days or longer to find an infection when AI or ML is involved, versus a whopping 35% for those who don’t use these technologies.

Learn faster. Dig deeper. See farther.

Join the O'Reilly online learning platform. Get a free trial today and find answers on the fly, or master something new and useful.

Learn more
detect a malware infection or other attack

As cyberattacks become more malicious and stealthy, it’s increasingly important to improve incident response time in order to detect and mitigate threats before they unleash their full fury. Eighty-four percent of survey respondents who use ML and AI security services said their response times are within minutes or hours. Among respondents who don’t use these technologies, that number was substantially lower: 66%.

security response times

But AI and ML alone aren’t responsible for this improvement in incident response time. Shorter response times were also associated with the use of security information and event management, antimalware, vulnerability scanning, and bot management software, according to the survey. It’s also worth noting that, because many vendors tout traditional business intelligence techniques as artificial intelligence, some respondents may have said they use the technology when they really use more traditional algorithms instead.

use of security information and event management

AI security services still catching on

Despite the improvements that AI and ML bring to incident response time, the survey showed that most organizations have not yet adopted the technologies. Just 26% of respondents have started to embrace ML and AI security services, and another 28% said they’re interested in learning more about them.

According to the survey report, we can expect increasing interest in AI-based security tools over the next few years, in the same way that AI is making its entry into other industries.

As rapid response times show, adoption may happen very quickly because it can be a useful differentiator between businesses that avoid crippling attacks and those that fall victim to them.

To cloud or not to cloud?

Surprisingly, 38% of respondents are still only using on-premises, stand-alone appliances. A significant proportion of IT professional are using only traditional tools for security and are missing the trend of more modern, scalable solutions.

As for the rest, 51% of respondents employ a combination of on-premises and cloud-based security tools, but just 9% use only cloud-based security services.

One of the reasons why so few professionals have embraced cloud cybersecurity solutions could be the concern of cloud breaches: the potential for data breaches is the top cybersecurity concern IT pros have about using the public cloud.

Security is integral to IT budgets for organizations with CISOs

We asked respondents what percentage of their IT budget went to security. Of those who answered, the vast majority (79%) indicated they spend 10% or less of their IT budget on security.

The results show the lowest category of expenditure (less than 5%) was the most frequently selected response amongst respondents reporting the responsibility for security lies with the director or VP of IT, CIO, or CEO (45%, 46%, and 44% of respondents, respectively).

In contrast, higher levels of spending were cited amongst respondents who reported the responsibility for security fell to the CISO (49% of respondents indicating a CISO also selected 5%-­10% spend).

A smaller budget also means the least modern tools: respondents with the smallest security budgets (less than 5% going toward security) were more likely to deploy security tools only on-premises (49% of these sites, versus 23-26% of sites with higher budgets). This suggests people who move to the cloud are willing to spend more to protect security. We don’t know whether this means cloud security tools are more expensive, that their clients care more about security, or that they feel they are more at risk in the cloud than on-premises.

Additional findings

The report also found the top tools and strategies used to preemptively mitigate attacks on websites and applications are vulnerability scans, privileged access management, network firewalls, and web application firewalls.

About the respondents

We asked the respondents to tell us a little about themselves and their organizations, and the results were similar to those for our resilience survey. For instance, organizational size was dramatically skewed to the smallest and largest: 40% of respondents work in organizations with 1-199 people, while 25% work in organizations with 10,000 or more.

The respondents answer to a wide range of job descriptions, from system administrators and network operations to upper management. And they come from a variety of industries, although two stand out: IT services takes 21% of the share of respondents, and software takes another 15%.

This post is a collaboration between O’Reilly and Oracle Dyn. See our statement of editorial independence.

Post topics: Security