Preface

It seems that every presentation from every security vendor begins with an introductory slide explaining how the number and complexity of attacks an organization faces have continued to grow exponentially. Of course, everyone from security operations center (SOC) analysts, who are drowning in alerts, to chief information security officers (CISOs), who are desperately trying to make sense of the trends in security, is acutely aware of the situation. The question is how do we, collectively, solve the problem of overwhelmed security teams? The answer in many cases now involves machine learning (ML) and artificial intelligence (AI).

The goal of this report is to present a high-level overview aimed at a security leadership audience of ML and AI and demonstrate the ways security tools are using both of these technologies to identify threats earlier, connect attack patterns, and allow operators and analysts to focus on their core mission rather than chasing around false positives. This report also looks at the ways in which managed security service providers (MSSPs) are using AI and ML to identify patterns from across their customer base to improve security for everyone.

A secondary goal of the report is also to help tamp down the hype associated with ML and AI. It seems that ML and AI have become the new buzzwords at security conferences, replacing “big data” and “threat intelligence” as the go-to marketing terms. This report provides a reasoned overview of the strengths and limitations of ML and AI in security today as well as going forward.