Using Artificial Intelligence in Cybersecurity

The problem with cybersecurity it that an attacker only needs to exploit a single vulnerability, while a defender needs to protect everything.  Defense has evolved from perimeter defense, to defending all endpoints, to adding automated detection and prevention appliances, to universal threat management that looks at not just north/south traffic passing through the Internet gateway, but also east/west traffic across the LAN between devices.  This is called “defense in depth.”

Cybersecurity continues to evolve.  One of the hopeful trends is the use of artificial intelligence and machine learning to detect attacks and intrusions, and mount a defense more quickly.  This may help turn the tables against attackers and reduce or even end the advantage that attackers have held over defenders.

Computers are great at tasks that humans are bad at.  For instance if you have ever had to look through a security log for information about a breach, you know this is a task you really want to turn over to a machine that has the speed and processing power to separate the desired information form the thousands of events in the log.  A human, on the other hand, is better at the actual analysis of this information.  Artificial intelligence and machine learning show promise to make this sort of information crunching even more useful.  Cybersecurity areas where AI is being tested include:

  • Discovering zero-day vulnerabilities and attacks – AI is being used not just to find and identify the vulnerabilities, but also to patch or defend them.
  • Threat intelligence – Extracting tactical and strategic trends from a multitude of information sources, and using the information to formulate new defenses.
  • Pivoting – Adapting to an adversary’s tactics and techniques and successfully defending against active exploits and attacks.
  • Learning – Using the information gained from individual incidents and creating policies, rules, and defensive tactics to prevent attacks from working a second time.

Artificial intelligence will become an important and increasing part of the software and hardware tools and appliances that businesses will be using to secure their networks and information and prevent attackers from gaining  their objectives.

More information:



About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.