There is a troubling convergence of trends across the cybersecurity landscape that I have been watching closely. If not addressed, I suspect they could wreak deeper levels of damage and volatility than any we have already seen. Cybercriminals are taking advantage of the expanding attack surfaces being created by digital transformation, the extraordinary ease and accessibility of malware as both off-the-shelf product and emerging profit driver, and the fact that IT teams are often so overwhelmed managing change that they simply don\u2019t have the resources necessary to keep systems appropriately patched and hardened.When we take a closer look, the challenges are stark, but the solution doesn\u2019t require a genius, if we approach it wisely and methodically.\u00a0 After all, genius is 1 percent inspiration and 99 percent perspiration.The problems:\u00a0Keeping up in ways other than just applying speedThe increased speed and variety of malware threatens to overwhelm cyber defenses, much like how a spider traps an otherwise well-armed victim for later digestion. We need to find new ways to counter those attacks. An obvious choice is to match the adversary\u2019s speed with your own. That, though, becomes a horsepower check\u2014an important but sometimes incomplete proposition. Already stretched thin by the velocity of change they must manage to achieve digital transformation, IT teams are scrambling to gather and deploy\u2014in the most efficient ways possible\u2014what resources they do have to keep systems appropriately patched and hardened.Low cost to attack, high cost to defend It is simply not realistic to expect one IT team\u2014no matter how seasoned\u2014to fight back a dark web\u2019s worth of easy-access malware. This shadowy digital black market provides a host of services for their criminal consumers, from building custom code, to commercially available applications that can generate malware, to malware-as-a-service that simply requires pointing an online malware or ransomware application at a target. They even have help desks. CISOs, and IT teams, are tasked with achieving what at times feels impossible. And, in an industry already struggling with too few cybersecurity professionals, it is a dangerous recipe for burnout, turnover and dejection.Forever Zero DaysIf that weren\u2019t enough to contend with, there is the issue of rapid polymorphism. Once malware is released, hackers begin to modify it for their own purposes. Less than 12 hours after WannaCry was released, an entire aligned crime family of variants was unleashed on networks. Originally designed as ransomware, one WannaCry variant was actually a botnet for bitcoin mining. Like a weaponized mutation of legitimate open source development, such polymorphic transformations can happen hundreds of times in a matter of hours, and continue for weeks or months. And I haven\u2019t even talked about self-mutating code, designed to change its signature to become, essentially, forever a zero day.To contend with the growing sophistication of the threats we now face, we must integrate and underpin our sensors, sense-makers, and actuators so they can implement the intent of network security operators, to find and respond to even the fastest and most stealthy threats. There is no dream of \u2018artificial intelligence\u2019 without a means to collect, process, and act on information in an integrated manner that leverages the sophistication of an intelligent response.Related, the\u00a0insufficient number of cybersecurity master analysts and engineers means that we must use the extremely powerful and valuable resource of human expertise wisely. Our best talent must be focused on the most critical decisions, while automated systems handle lower-order decisions and processing.\u00a0Like most big things, a true AI capability will emerge based on key building blocks.SpeedArtificial intelligence, completed too late, is without value. Speed is an essential enabler.Advanced Analytic ServicesTraditional malware detection, such as antivirus signatures, is a necessary, but not sufficient, means for keeping up with the onslaught, especially when they are created and generated in cyber-relevant time. However, since signatures require a one-to-one match, where the modification of malware\u2019s string of digits can make the signature ineffective, advanced techniques harness content pattern recognition language (CPRL). CPRL tears malware apart in a sandbox, looks at behavior and code, and then uses code blocks to identify even modified malware. Good stuff.Orchestrated AnalysisBut while sandboxing is indeed a cybersecurity must-have \u2013 no respectable organization should be without it\u2014we need to look for how to make it even better. At Fortinet, we use the sandbox to not only find the previously-unknown, but use it to automatically send out warnings to others on the network, increasing their insight on what\u2019s bad, and what\u2019s not. We also take advantage of other analytics to create insights, and integrate the results of those discrete analytics into the outline of the attack that might escape a single analytic. The commercial discipline of secure orchestration has emerged as a solution that allows systems to automatically execute many things that operators currently have to do manually.Leveraging Machines To Do What Machines Do BestThe\u00a0insufficient number of cybersecurity master analysts and engineers means that we must use the extremely valuable resource of human expertise wisely. Our best talent must be focused on the most critical decisions, while automated systems handle lower-order decisions and processing. That means that we need to develop and deploy risk-based decision-making engines that\u00a0take humans out of the loop, and instead, put them\u00a0above the loop. After fast, specialized analysis and integration, risk engines are the third major step toward AI. The engines will execute the \u2018OODA loop\u2019 (Observe, Orient, Decide, and Act) for the vast majority of situations. Pre-planned Courses of Actions (COAs) will free-up valuable cybersecurity experts to concentrate on the more difficult decisions, where human cognition and intervention is most required. The most sophisticated of such engines will actually suggest COAs rather than only rely on pre-defined ones.Do As I Mean, Not As I Say: Intent Based Network Security With the core cybersecurity architecture strategies of speed, integration, and automation, enabled by risk-based decision engines, and advanced analytics, we can achieve intent-based cybersecurity. Intent-based security implements the goal of the network operator, without burdening him or her to manage complexity that is beyond human cognitive levels.So, the final steps toward AI are, indeed, within reach. If organizations quickly prioritize the strategic enablers\u2014speed, integration, advanced analytics, risk-based decision engines\u2014they are primed to create a highly efficient security model that utilizes both human and machine resources for what each does best, and does so with extraordinary agility. But if they press forward in a dead sprint to keep pace with a growing army of increasingly sophisticated and empowered threat actors, they may soon feel like they are standing still, eating the dust of the cybercriminals who have already moved on to another attack.