If we were to call out one concept which has been most used to market cybersecurity products and solutions then it would be “Artificial Intelligence” or “Machine Learning”. To be honest, the terms have been so overused that it has created a sense of skepticism and numbness among the buyers regarding these claims. It is difficult to identify vendors which offer true value aimed at addressing a specific security challenge.
So, Gartner decided to jump right into the middle of this conundrum and dissect the hype from reality. We launched an extensive Case Based Research (CBR) initiative based on “Grounded Theory” to identify how exactly AI and ML are being used in the context of cybersecurity. Grounded theory is a proven and the most prevalent approach to qualitative data analysis
As a starting point, we referred to a research done by our team member, Nat Smith, a couple of months back for some solid foundational guidance. In his document, Emerging Technologies: Emergence Cycle for AI in Security, Nat identified that majority of the AI developments aimed at security can be grouped into six technology use cases –
- Malware detection
- Analyst visualization
- Attack detection
This research is based on analyst interpretation of results produced by study of patent data from United States Patent and Trademark Office, dating from 2010 through 2019 using ML techniques.
For our CBR study, we decided to dive deeper into the attack detection use case. This clubs all the innovations which use AI methods and techniques to discover attacks based on traffic observations. The use case can be further broken down into four smaller groups:
As part of our CBR study we intend to interview both vendors, who offer these innovative solutions, and customers, who are using these in actual deployments. The information collected be used to build an extensive data repository which will then be diced and sliced from multiple angles. Some of the angles we plan to explore include identification of top use cases, adoption patterns among customers, GTM challenges and the top innovators in this space to name a few.
We are still midway through our study and have already uncovered interesting insights which we plan to publish soon. The final goal is to publish a series of research notes to help eliminate all the hype and buzz around use of AI and offer a clear and true picture on the actual state of things.
So stay tuned for some interesting research from me and my team Elizabeth Kim, Mark Driver and Rustam Malik on use of AI in security for attack detection!