Though we’re easily enamored with new technologies like artificial intelligence and machine learning, do they actually help us solve real problems in the SOC like reducing Mean Time to Resolution (MTTR)? Credit: Thinkstock Read a security related press release or been to an event recently? You’ve no doubt been wondering how you managed to do your job all this time without Artificial Intelligence (AI) or Machine Learning (ML).Do these technologies really live up to the hype or are they just the latest in a series of new buzzwords?NOW AVAILABLE: Industry’s First Machine Learning Incident Response Platform that Gets Smarter with Every Analyst Action!Despite being positioned as the latest “silver bullet” in security, neither are new concepts. Artificial Intelligence, which in layman’s terms is simply making a computer think like a human, was first discussed at a Dartmouth Summer Research Program in 1956. Similarly, Machine Learning, which is broadly considered a type of Artificial Intelligence and is defined as giving computers the ability to learn without explicit programming, was pioneered by an IBMer named Arthur Samuel in 1959.Though decades old, Artificial Intelligence and Machine Learning are both garnering interest in the field of cyber security. Recent research by ESG surveyed 412 cybersecurity professionals to assess and characterize their knowledge of Artificial Intelligence and Machine Learning as it relates to cybersecurity analytics and operations. The findings show a confusion in the market which is no surprise given the uprise in promises made by vendors. Two interesting, yet conflicting stats that I noticed in the ESG research are that although 70% don’t understand where Machine Learning and Artificial Intelligence fit in their organization, 82% plan to deploy it! Clearly we have an opportunity for education.Artificial Intelligence is a broad term and represents technologies with many approaches, from simply creating rules to handle specific tasks, to highly-sophisticated algorithms that learn correct behavior. Machine Learning is thought to be the most promising form of Artificial Intelligence. Machine Learning uses algorithms and data to learn without being explicitly programed. This corrects a major limitation with other forms of Artificial Intelligence where rules must be created to handle specific tasks requiring foresight and programing for all possible outcomes in advance. There are many forms of Machine Learning including Decision Tree Learning, Inductive Logic Programming, Deep Learning, Clustering, and others like Reinforcement Learning. Security Automation & Orchestration platforms are beginning to use Reinforcement Learning, which is a simple form of Artificial Intelligence (and Machine Learning) that automatically determines the actions required to get the best outcome. In the context of SA&O platforms, Reinforcement Learning can make recommendations based on event data, ultimately suggesting automation playbooks that can help solve real problems in the SOC. Guidance when dealing with “known unknowns” (i.e. those cases when we know about the threat, but aren’t sure how to respond) is valuable to new and experienced analysts alike.Though we’re easily enamored with new technologies like Artificial Intelligence, Machine Learning, or even Reinforcement Learning, it’s always useful to step-back and ask the bigger question. How do any of these new technologies help us solve real problems like reducing our Mean Time to Resolution (MTTR)?The reality is that no one technology provides the “silver bullet,” each merely adds another dimension to the solution. While perhaps not as fresh to the market narrative, foundational capabilities like architectural maturity, community collaboration, an open & extensible ecosystem, and feature completeness often do more to make an impact than the “latest thing.”That’s not to say artificial intelligence, machine learning, reinforcement learning, etc. don’t have a place. I think they’ll play an increasingly important role in the future in providing guidance to an analyst that enables a new level of security handling, one where threats with no associated procedures can be handled effectively through intelligent guidance.Let’s not get carried away though. Artificial intelligence, machine learning, reinforcement learning are great ways to augment – though not outsmart – the analyst. Related content opinion The security operations platform: automation, orchestration and more As the security automation and orchestration market matures, features like collaboration, event & case management, plus reporting and metrics are growing in importance. Learn how burgeoning security operations platforms are finding a place in mod By CP Morey Mar 14, 2018 5 mins Technology Industry Access Control Cloud Security opinion Automating and orchestrating security operations (and saving $1 million per year) Learn how one organization automated phishing investigations to build a business case for security automation and orchestration. By CP Morey Jan 17, 2018 4 mins Security opinion How collaboration and community fit into the security industry Security automation and orchestration requires collaboration and community for success. By CP Morey Dec 04, 2017 4 mins Unified Communications Security opinion 5 security automation playbooks that pack a powerful punch Can these five simple "utility playbooks" for security automation provide as much value as their larger, more complex counterparts? By CP Morey Oct 18, 2017 4 mins Technology Industry Machine Learning Data and Information Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe