AI + ML: what it means for IT and InfoSec

We continue the AI and ML-focused series with this third and final blog that places the two front and center. Not just that, but both technologies are compared and contrasted based on how they impact information technology and security and some of the critical roles that are defined within each department.

Does AI spell the end of IT by being able to manage itself? How about ML, does its inclusion undermine the need for human security professionals to triage and remediate incidents? While the answer to those and similar questions varies on a multitude of levels, the short answer is: probably not.

This is not a slight to either human professionals or the prowess of the advanced technologies, but rather to say that there is still much more that we can collectively learn from one another as you’ll no doubt see below. Furthermore, some technologies aren’t as fully baked at this point in time, referring to known issues that will undoubtedly work out over time but as they exist today are better suited to augmenting existing teams and enhancing processes.

But first, let’s have a brief recap of AI and ML.

AI recap

The first blog in this series answered the question “What is AI?” while providing a clear explanation of what artificial intelligence isn’t. It also dove into the cybersecurity space to highlight the benefits organizations are gleaning by incorporating AI-based solutions into their security strategy to identify and thwart novel threats to their security posture.

ML recap

Next in the series, we answered the question “What is ML?”, a subset of AI known as machine learning. In the second blog, we explain the similarities and differences between AI and ML – and yes there is clearly a difference – while discussing some use cases for implementing endpoint security that includes ML to discover zero-day attacks, provide deep insight into endpoint telemetry data and automate tailoring of protections against threats on the fly to name a few.

Impact on information technology and security

It’s a fairly safe bet that most advancements in technology impact the custodians tasked with managing the devices that access and interact with data – as well as their respective security. AI and ML are not exempt from this, with both technologies actively being included in several ways that benefit a variety of tasks performed by IT and Security teams.

But does better include making life easier for various stakeholders or will the inclusion of AI/ML spark the flame that will detonate the careers of IT and Security professionals worldwide?

Anything can happen, surely. But as Mark Twain said best, “the rumors of my death are greatly exaggerated.” In this case, the state of the union sees great promise for information technology and security professionals currently working, as well as prognostications continue to bode well for those seeking to get a role in IT and InfoSec for the foreseeable future.

Still, anything can happen, right?

Right. So, let’s look at five of the top IT and Security roles – applicable to any industry – to see just how they stack up against AI/ML to gain a better understanding of how these advanced technologies really impact the persons in these roles.

Software Developers

Application and services developers are crucial to the security posture of organizational devices, data and the overall health of the infrastructure. Put simply: if the software is developed using outdated security protocols – or devoid of them entirely – then security on many levels suffers greatly. This extends through all processes and workflows making it much harder to protect against threats and attacks from bad actors.

One of the greatest concerns is that AI can write effective, secure code, seemingly eliminating the need for seasoned devs. For example, ChatGPT has been used to cobble together complete neural network code or a Javascript function. But can it be relied upon to take over development in a full-time capacity?

Some would argue no because, unlike humans, AI cannot fully comprehend nor ask the requisite questions to fully flesh out what a customer is looking for in a solution. Furthermore, many development roles from entry-level to senior levels require a mix of both technical knowledge and communication skills alongside a clear understanding of the software development lifecycle (SDLC). Mid-to-senior roles often find themselves managing teams of coders and programmers, requiring greater communication skills as well as project management, clear understanding of how apps are developed and how they function in real-world environments and the ability to maintain impeccable documentation relating to developed solutions.

AI may not be ready to tackle such dynamic roles that often require a subtle understanding of human traits and communication that is both direct and indirect – sometimes even unspoken. On the flip side, AI is more than capable of performing code reviews, vulnerability scanning with vulnerability prioritization and even aiding in the development of code, with such tools as GitHub Copilot, which is based on the OpenAI Codex. This cloud-based plugin was developed by GitHub and OpenAI works by autocompleting code right from within your integrated development environment (IDE).Among the assistive features are to:

• Generate solutions to programming problems
• Describe the input code in English
• Translate code between supported programming languages
• Converting comments into runnable code
• Autocomplete chunks of code, methods and/or functions

Systems Administrators

Managing devices, applying patches and generally ensuring that users remain productive on the devices they’re using for work – and able to access organizational resources securely with little to no interruption is the crux of the sysadmin’s role. Sometimes IT’s function is separate from the Security team, other times they are one and the same, depending on the organization’s structure.

That said, the role often sees admins dealing with a lot of moving parts. Some of it requires technical skills, others require soft skills – but all necessitate a clear understanding of the tasks and how they impact stakeholders at all times. Failure to do so may result in downtime, loss of data and just as important, potential loss of revenue.

Solutions like mobile device management software have yet to fully incorporate AI or ML into their codebase, but many solutions have implemented automation to significantly aid IT in their quest to manage an ever-expanding list of device types – both personal and company-owned. These automations can also be extended by integration with other solutions, like endpoint security to further address incident response and remediate identified threats. But still, the workflows, even automated ones, are not typically tied to AI/ML, leaving SA as a largely “human-managed” role.

Security Analysts

The Swiss army knife of the InfoSec world! From actively monitoring endpoints for threats to upholding best practices, implementing secure processes and workflows to reviewing and analyzing reports to managing any number of security controls on and off the network. Security Analysts, depending on the organization’s requirements for that role, could potentially be responsible for any number of tasks related directly to the security posture of the organization.

Regardless of how broad or granular your role may be, there are a number of functions that can be addressed through ML technology. This is not an endorsement that ML should be used to eliminate the human component from this role, but rather to identify some of the crucial tasks that ML has proven to handle quite well – and in some cases – far better than its human counterpart thanks in no small way to the increased productivity capability of leveraging computing resources to make short work of tedious tasks, such as:

• Proactively monitor endpoints and networks for anomalous behaviors
• Respond to detected incidents in real-time
• Correlate telemetry data and review reports to identify threats
• Dynamically assess endpoint health and network traffic, adapting protections on the fly to fortify protections
• Perform threat hunting using multiple resources to identify and prevent both known and unknown threats and risky behaviors
• Integrate with other solutions to automatically remediate compliance issues
• Provide a holistic solution that comprehensively protects as it learns from deviations to baselines, heuristics and comparative analysis and normal business operations

In this space, ML can perform a lot of the heavy lifting. Not all perhaps, but quite a significant amount. That said, computers aren’t perfect – neither are humans for that matter – but when computers can and inevitably break down, humans are still required to perform these tasks. Not to mention that, like the other roles mentioned here, IT and Security-related roles require something of a human touch and understanding…that’s something that even the most sophisticated AI/ML architecture available today simply cannot replicate.

IT Auditor

When it comes to compliance, auditors are called upon to verify that systems, software, hardware, data and users are all operating within the parameters required of the regulatory governance that guides the region, industry and/or organization. More specifically, they are there to prove that each process and workflow – and everything tied to or that uses them – are compliant.

For regulated environments, compliance is table stakes to business continuity. Without it or worse, should they fail to meet compliance requirements, the consequences could be dire for the organization and/or its stakeholders.

Hence why the criticality of getting compliance right also requires the human touch. Not that computing systems and advanced technology like ML aren’t leveraged to ensure that endpoints are aligned with policies but that they also remain that way. In the event that an endpoint falls out of compliance, policy-based management executes to mitigate the risk, bringing the affected endpoint(s) back into compliance.

Many ML-based solutions are aligned with frameworks that support multiple compliance initiatives. This is a tremendous help for IT when ensuring compliance remains top of mind for all required processes, workflows, functions, users and equipment. But at the end of the day, a human is responsible for maintaining this assurance, stepping in when something slips past the layers of security to mitigate the risk manually and to interface with third-party auditors performing assessments of an organization’s compliance with regulations.

Digital Forensics Examiner

Investigating cyber crimes and gathering digital evidence lies at the core of the computer forensics analyst roles. Following the trail to figure out how bad actors penetrated an organization’s defenses, identifying what they took and how are some of the key requirements of this job.

It requires technical and security knowledge, criminal and legal awareness and a healthy dose of programming won’t hurt either. Another requirement: the investigator must be a human. Even though a majority of the investigative work revolves around technology and specialized software is used on dedicated computers to gather, store and analyze forensic evidence, the role (as of this writing) requires a highly trained and authorized individual, like a certified examiner or member of law enforcement to not only find evidence of crimes but also may be called upon to testify in a court of law to validate their findings – a critical function neither AI nor ML are legally able to provide.