Using Artificial Intelligence in Cybersecurity

The problem with cybersecurity it that an attacker only needs to exploit a single vulnerability, while a defender needs to protect everything.  Defense has evolved from perimeter defense, to defending all endpoints, to adding automated detection and prevention appliances, to universal threat management that looks at not just north/south traffic passing through the Internet gateway, but also east/west traffic across the LAN between devices.  This is called “defense in depth.”

Cybersecurity continues to evolve.  One of the hopeful trends is the use of artificial intelligence and machine learning to detect attacks and intrusions, and mount a defense more quickly.  This may help turn the tables against attackers and reduce or even end the advantage that attackers have held over defenders.

Computers are great at tasks that humans are bad at.  For instance if you have ever had to look through a security log for information about a breach, you know this is a task you really want to turn over to a machine that has the speed and processing power to separate the desired information form the thousands of events in the log.  A human, on the other hand, is better at the actual analysis of this information.  Artificial intelligence and machine learning show promise to make this sort of information crunching even more useful.  Cybersecurity areas where AI is being tested include:

  • Discovering zero-day vulnerabilities and attacks – AI is being used not just to find and identify the vulnerabilities, but also to patch or defend them.
  • Threat intelligence – Extracting tactical and strategic trends from a multitude of information sources, and using the information to formulate new defenses.
  • Pivoting – Adapting to an adversary’s tactics and techniques and successfully defending against active exploits and attacks.
  • Learning – Using the information gained from individual incidents and creating policies, rules, and defensive tactics to prevent attacks from working a second time.

Artificial intelligence will become an important and increasing part of the software and hardware tools and appliances that businesses will be using to secure their networks and information and prevent attackers from gaining  their objectives.

More information:



About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an instruction for CompTIA’s non-profit IT-Ready Program in the Twin Cities. IT-Ready is a tuition free 8-week program designed to teach students of all ages the fundamentals of IT support to prepare them for an entry level position in Information Technology Support. Graduates of the classes take the exams to become CompTIA A+ certified. Bob is a frequent speaker at conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.