The term ‘artificial intelligence’ can be broadly described as an IT system’s simulation of human intelligence processes, such as the ability to adapt, solve problems or plan.
These abilities enable AI to mimic human-like cognitive functions, revolutionising industries by providing advanced decision-making abilities and automation across diverse applications.
With the advent of OpenAI’s human-like conversational AI model, ChatGPT, AI has become widespread in everyday life.
However, the huge interest in, and rapid uptake of ChatGPT and other Large Language Models (LLMs) has resulted in organisations exploiting the term “artificial intelligence,” seeking to capitalise on its appeal. The term AI is often used loosely and can refer to a variety of different technologies. With so many companies boasting that they have AI capabilities, it’s essential to be able to distinguish ‘real’ AI solutions from those that simply claim they are based on the technology.
Distinguishing real AI
The most common misconception about AI is that it is synonymous with automation.
The reality is that automated systems must be manually configured to execute monotonous and repetitive tasks. AI systems, on the other hand, adapt independently once they have data to process. While AI does leverage aspects of automation, it goes beyond simply executing tasks.
Here are the key differences between real AI and technologies purporting to be based on it:
Training:
AI systems use machine learning (ML) to generate algorithms that continuously learn from data they are fed, and use statistical algorithms to identify patterns.
On the other hand, there are also intelligent systems that don’t use AI. These systems are simpler and just follow sets of predefined rules and instructions. Imagine it like a flowchart: if this happens, do this; if that happens, do that. They don’t learn or adapt like AI systems do; they simply follow whatever rules they’re given.
Continuous learning:
AI is designed to continuously learn and improve over time. As new data is made available, an AI system can retrain itself to enhance its capabilities and accuracy – just as we’ve seen with every new iteration of ChatGPT. However, solutions that rely on automation are limited in scope, and can only perform specific tasks within the constraints of pre-programmed rules.
Decision-making:
AI is designed for non-repetitive tasks, so it can analyse situations and make decisions without human intervention – whereas automated systems are incapable of making autonomous decisions.
Benefits of real AI for cybersecurity
AI has great potential when used in cybersecurity. It can quickly analyse vast amounts of data and detect patterns indicative of cyber threats, enhancing threat detection and response capabilities. By leveraging AI algorithms, cybersecurity systems can adapt and evolve to counter new and sophisticated cyber attacks more effectively. Automation makes it possible to combat automated bot attacks and alleviate alert fatigue, enabling analysts to apply their knowledge and skills more efficiently.
Real AI offers benefits such as:
- Improved performance over time:
Solutions using ML improve performance over time due to the ability to learn from experiences and network patterns to refine their effectiveness. This brings new levels of adaptability to security defences and steps up accuracy in detecting anomalies in standard network activity.
- Improved threat detection:
Thanks to its ability to learn and adapt to changes in malicious cyber actor behaviour, AI improves threat detection by identifying patterns that human analysts cannot – or at least identifying patterns much faster. It adds value when detecting unknown threats and is a powerful ally when dealing with customised APT (advanced persistent threat) attacks.
- Helping address talent shortages:
Through analysing large amounts of data, AI can identify patterns, anomalies, and potential threats much faster than human analysts. These capabilities don’t mean human expertise isn’t relevant, rather, they allow us to stay ahead of the curve by discovering evolving threats and detecting attacks in near real-time. In this respect, AI enables us to do more in less time; an enormous benefit to cybersecurity teams struggling with talent shortages.
- Better endpoint protection:
AI-based endpoint detection and response tools such as WatchGuard’s EPDR and EDR establish a behavioural baseline for endpoints. WatchGuard’s Zero Trust Application Service, included in both solutions, only allows applications classified as ‘trusted’ to run on each endpoint.
Execution of malicious applications and processes or unknown applications are classified in a maximum of four hours and blocked by AI in 99.98% of cases – and WatchGuard’s technical experts block the remaining 0.02%.
AI-powered XDR solutions, such as WatchGuard’s ThreatSync, which uses these security products as a foundation, can continuously learn, adapt, and improve its threat detection and response capabilities.
By using AI and ML technologies to alert us to potential threats in real-time and across multiple domains, it reduces mean time to detection (MTTD), adds greater visibility and enables multi-product response. Simply put, these measures help build more robust security.
So to distinguish ‘real’ AI in cyber security, we can employ a simple test – assessing whether the system demonstrates genuine learning capabilities, such as the ability to analyse and adapt to new threats autonomously, rather than merely executing predefined rules or algorithms.
Real AI systems should also show demonstrable efficiency in processing large volumes of data, identifying complex patterns, and generating insights beyond what traditional approaches can achieve.
What is clear is that AI is a definite boon in the ever-evolving battle against cyberattack – just ensure the tools and solutions you are buying into are really AI-driven.
Manu Santamaria joined WatchGuard in 2020 and he is a senior product manager and oversees WatchGuard’s End Point Security products. An industry veteran of 25 years, Manu has spent the last 15 years working as a product manager, defining and launching successful products and services. All while gaining a deep understanding of customer challenges, market climates and industry trends.