Shortly after Zscaler acquired TrustPath, (where I was the CEO and co-founder), I was out on a hike with a non-technical business friend. During the hike, my friend asked, “I know what AI can do for self-driving cars, but what can it do for the cybersecurity industry?”
For the next 20 minutes, I explained the fine details of why AI was needed in cybersecurity and how more companies should be leveraging it, but it didn’t resonate with my friend. I didn’t get that “ah-ha” moment that I was looking for, which told me I didn’t do a very good job explaining it to someone who wasn’t very technical. I likely lost my friend five minutes into the conversation.
When I got back to my work desk, I thought to myself, “How can I better answer this next time, in a way that’s simple and easy to digest?” I can talk day and night about AI because it’s what I’m passionate about. AI has shaped my career. So why didn’t it click this time?
For months, this question bothered me. Nearly every day, I thought about why AI is needed in cybersecurity. I drafted different elevator pitches on how the future of cybersecurity relies upon AI. Then it clicked with one word: scale.
The Upcoming “Scale” Challenge
Scale can mean so many things in a technology stack and can mean so many things in the cybersecurity world too.
Customers want a well-designed security architecture that can scale linearly and beautifully along with the capacity needed.The cyber industry has made a lot of good progress on this front in the last decade with the adoption of the cloud-native architecture.
However, the sophistication level and the elusive nature of modern cybersecurity threats have been increasing non-linearly, and the cybersecurity industry is facing a much higher “scale” challenge in the coming decade.
To my hiking friend, I should have talked about scale, because only AI and machine learning technology will be able to help the cyber industry meet the super-high scale challenge. Only AI and machine learning can cope with the exponential growth of cyberthreats and the order of magnitudes of higher scale requirements of the cyber world.
Gone are the days we could throw in cybersecurity professionals into reverse engineering, configuration management, and responding to alerts. Cyberthreats are so rampant that CISOs worldwide would love to have hundred more of the resources they currently have, but unfortunately, will never get.
How AI Addresses Scale
AI can help the cybersecurity industry deal with the scale challenge because AI technology is the force multiplier for cybersecurity professionals in two major areas.
1. The policy area. The current policy scale is at a human scale and at a very coarse granularity. The enterprise users that belong to the same department often have the same static policy.
For the enterprise to have zero-trust security, they not only need a zero-trust architecture but also a zero-trust digital assistant to help them do the proper configurations. If a business wants to do granular, dynamic, and contextual zero-trust configurations in a shop with 10,000 users and 10,000 applications, you can’t simply hire 200 people and have them work 24/7. Instead, AI can make appropriate recommendations automatically so that humans only need to do the confirmation.
2. The threat area. The conventional threat detection method is reasonably effective, yet at the same time, the bad guys have increased their rate of making variations of threats by several orders of magnitude. They also have become much more elusive. In order to detect such a large quantity of elusive threats, one needs a very large army as a starting point.
We are familiar with the elusive nature of the Solar Winds supply chain attack that impacted major companies like Microsoft, Cisco, and government agencies like the U.S. Department of the Treasury and the U.S. Department of State back in 2019. This threat could potentially have been discovered months earlier, had the industry had hundred times the amount security professionals monitoring various metrics, but it’s unrealistic to expect to have that many resources readily available. However, AI has the potential to uncover this type of stealthy threat by combining the power of data with the power of data science and domain knowledge.
Cloud-native security helped to deliver the scale requirements for the cyber industry in the last decade. Similarly, AI-native security will help to deliver the next phase of the scale requirement for the cyber world.