Enterprise buyers are on track to spend more on, and further leverage, cyber security tools that employ artificial intelligence (AI) and machine learning to combat digital threats, according to new research by Cisco.
The vendor’s 2018 Annual Cybersecurity Report suggests that the accelerating uptake of AI and machine learning in the security space can be attributed to efforts to reduce attackers’ time to operate as they begin to weaponise cloud services and evade detection through encryption, used as a tool to conceal command-and-control activity.
The research informing the report involved more than 3,600 respondents across 26 countries, with chief information security officers (CISOs) and security operations (SecOps) managers in several countries and at organisations of various sizes asked about their security resources and procedures.
According to Cisco, while encryption is meant to enhance security, the expanded volume of encrypted web traffic – both legitimate and malicious – has also created greater challenges for cyber security professionals trying to identify and monitor potential threats.
Indeed, Cisco threat researchers claim to have observed more than a threefold increase in encrypted network communication used by inspected malware samples over a year.
The vendor suggested that machine learning technology that can, over time, effectively learn how to automatically detect unusual patterns in encrypted web traffic, cloud, and IoT environments, can help to enhance network security defences. As such, this technology is high on the priority list of to-level enterprise buyers.
“Chief information security officers (CISOs) interviewed for the Cisco 2018 Security Capabilities Benchmark Study report that they are eager to add tools that use artificial intelligence and machine learning, and believe their security infrastructure is growing in sophistication and intelligence,” the report stated.
“However, they are also frustrated by the number of false positives such systems generate, since false positives increase the security team’s workload.
“These concerns should ease over time as machine learning and artificial intelligence technologies mature and learn what is ‘normal’ activity in the network environments they are monitoring,” it said.
Automated technology is also playing an increasingly important role in enterprises’ security infrastructure, the report suggested. When asked which automated technologies their organisations rely on the most, for example, 39 per cent of the security professionals surveyed said they are completely reliant on automation.
At the same time, 34 per cent indicated that they are completely reliant on machine learning, while 32 per cent said they are completely reliant on artificial intelligence.
Behavior analytics tools are also considered useful when locating malicious actors in networks, with 92 per cent of security professionals saying such tools work very, to extremely, well.
“Last year’s evolution of malware demonstrates that our adversaries continue to learn,” Cisco senior vice president and chief security and trust officer, John N. Stewart, said.
The research behind the report also found that organisations reported significantly more security breaches affecting over 50 per cent of systems than did the organisations responding to last year’s report survey.
In 2017, 32 per cent of security professionals said breaches affected more than half of their systems, compared with 15 percent in 2016, Cisco said, with the business functions most commonly affected by breaches being operations, finance, intellectual property, and brand reputation.