Why AI for Cybersecurity?
IT teams face the daunting task of protecting business data and intellectual property stored across a growing number of devices and locations—including endpoints such as PCs, tablets, phones, the Internet of Things (IoT) devices, the data center, the cloud, and at the network edge, where data is created and processed—against a rapidly evolving threat landscape.
It is estimated that endpoint devices are the source of 90 percent of successful cyberattacks1 that now target below the operating system (OS) to gain access to the whole system stack. In 2023, 39 percent of data breaches were found to affect data stored in multiple environments, including on-premises and in the public and private cloud, with the average cost of a breach reaching US$4.45 million.2
Cybersecurity has evolved beyond the scale or ability of humans to triage increasingly sophisticated attacks, and security operations centers experiencing alert fatigue are looking for better tools to automate analysis and remediation across edge-to-cloud infrastructure. Further, 47 percent of security professionals surveyed in the Anomali 2024 Cybersecurity Priorities study said that their security operations centers didn’t provide needed visibility into their infrastructure.3
To address these challenges, businesses are adopting defense-in-depth strategies composed of security solutions that help to isolate and protect data from attacks and AI-enabled technologies that can more quickly detect and automatically respond to anomalies and suspicious behavior.
Benefits of AI in Cybersecurity
The power of AI lies in its ability to rapidly process large and diverse datasets and provide near-real-time insights. When applied to cybersecurity, AI-enabled security solutions enable businesses to monitor systems and identify and react to potential and active attacks, often without human intervention, resulting in tangible business benefits.
- The 2023 IBM Security Cost of a Data Breach report found that organizations that extensively use security AI and automated detection and investigation capabilities were able to reduce data breach costs by US$1.76 million.2
- Morgan Stanley Research estimates that companies globally can save US$112 billion per year by using AI to automate tasks typically done by security analysts, including log monitoring and analysis, alert summarization, patch management, and reporting.4
AI Use Cases in Cybersecurity
While use cases for AI in cybersecurity are still emerging, common uses of AI-enabled security technologies include:
- System and device behavioral monitoring and analysis to establish activity baselines.
- Threat detection, using machine learning and CPU telemetry to help uncover harder-to-detect attacks, identify anomalous behavior, interpret patterns, and provide near-real-time alerts.
- Threat hunting in which systems are monitored for known threat patterns to detect indicators of an attack.
- Automated remediation to preemptively act against new threats or attacks using AI deep learning algorithms trained to react based on previous actions taken in similar situations.
- Vulnerability management in which AI analysis of business systems and applications identifies potential risk areas requiring remediation.
Endpoint Advanced Threat Detection
While AI-enabled security capabilities can be applied to any layer of the technology stack, AI integrated at the hardware level helps to enhance the protection of end-user devices against cyber threats targeted below the OS that evade software-only security solutions.
For example, CPU telemetry and AI-based behavior monitoring can help to profile and detect malware, such as ransomware and cryptojacking, supplementing software solutions.
Additionally, device-based AI capabilities provide reduced latency, improved data control, and lower cost compared to cloud-based solutions, as all data resides on the device, and AI processing and analysis are done locally rather than in the cloud.
To leverage integrated AI capabilities without impacting the end user experience, businesses can consider upgrading their fleet to AI PCs, with processors specially designed to optimize AI workload placement and performance.
Protecting Sensitive AI Workloads and Data
To enhance the protection and privacy of proprietary AI models and workloads and sensitive, confidential, or regulated data, businesses should also consider advanced security solutions that protect data at every stage of its journey—at rest, in transit, and in use.
Common data security options include secure multiparty computing, data tokenization, and homomorphic encryption. However, while these technologies are effective, they can also surface new challenges. An alternative to these options is confidential computing.
Confidential computing enhances the protection of sensitive data without the need to transform it or use unusual coding or tools. Instead, it uses isolation, verification, encryption, and control inside a trusted execution environment (TEE) to protect data confidentiality and integrity.
By implementing confidential computing solutions, businesses can:
- Provide application isolation of data actively being used, drastically minimizing the attack surface and access to sensitive data.
- Provide hardware-level isolation of data within a virtual machine to limit protected access to only software or administrators with explicit permission. This helps mitigate the risk of data exposure, breaches, tampering, or theft.
- Establish a zero trust attestation SaaS that verifies the trustworthiness of compute assets at the network, edge, and in the cloud.
The Future of AI in Cybersecurity
The use of AI to enhance cybersecurity protections through automated intelligent threat monitoring, prediction, detection, and response will continue to develop in breadth, depth, and prevalence, helping to increase the robustness of security solutions.
At the same time, AI-based solutions will not go unchallenged, with bad actors working to attack businesses and the AI-based tools that protect them.
As with any security approach, businesses should continue to evaluate and adjust their approach to take advantage of protection advancements and stay ahead of evolving threats.