target audience: TECH BUYER Publication date: Jul 2023 - Document type: IDC Perspective - Doc Document number: # US50933923
A CISO's Guide to Artificial Intelligence
This IDC Perspective discusses how IDC defines AI in cybersecurity. Combinations of artificial intelligence (AI) and machine learning (ML) have influenced the cybersecurity landscape for the better of 15 years. What computers have always been able to do is make correlations to the bytes, files, hashes, and code that comprise a network. However, for all of the improvements in computing and years of refining algorithms, so much of operating the network and the cybersecurity software that protects the network are still manually intensive processes.
After all of this time, recent developments in generative AI and, more specifically, ChatGPT are seemingly addressing the cybersecurity manpower gap. IDC calls it "autonomizing the SOC." The process of realizing a fully autonomous SOC involves several intermediary steps, but the new efficiencies in evidence are:
- The availability of enriched data at the time of the incident investigation
- The ability to generate an instantaneous response based on the type of attack is increasingly automated
- The implementation of analytics to discover unmanaged devices in the network
- The development of natural language processing (NLP) that enables threat hunting and security querying at the speed of speech
"AI is improving SOC processes and empowering security analysts; the power comes at a critical time as organizations struggle with hybrid, multicloud complexity and a chronic workforce shortage," said Frank Dickson, group vice president, IDC Security and Trust Division. "However, the hard work is not about the AI at all, but creating and enabling the security data foundations that will allow AI to create outcomes. Regardless, the cause for overall optimism is real."