Which type of threat actor would benefit the most from accessing your enterprises new machine learning algorithm?

1. Network threat analysis

Companies today digitize more and more of their operations. They update old and develop internal -- often hybrid -- networks. These vast network topologies are not only complicated; they also require extensive network security resources to manage all communications, transactions, connections, applications and policies.

At enterprise scale, this amounts to enormous investments -- not to mention risks of error. AI in cybersecurity supports this grizzly challenge in a few ways. Significantly, AI in cybersecurity monitors all incoming and outgoing network traffic to mine for suspicious activities and classify threat types.

2. Malware detection

Malware is an umbrella term for an ever-evolving category of code or software that is intentionally designed to harm. While malware detection has been around for years -- often matching suspect code with signature-based systems -- machine learning is now shifting toward inference techniques.

In its analysis of massive amounts of data, event types, sources and outcomes, AI in cybersecurity detects the presence of malware before malicious files are opened. It also identifies types of malware. This is critical because malware continues to evolve alongside other advancements, from bots and botnets to malvertising, ransomware and beyond.

To date, the availability of tens of millions of labeled samples from both malware and benign applications have rendered this one of the most successful applications of deep learning and AI in cybersecurity. Well-trained algorithms rely on big, accurately labeled sets of data.

3. Security analyst augmentation

The enterprise hacker cat-and-mouse game represents an important and dangerous dynamic in cybersecurity innovation.

AI in cybersecurity is best at managing the volume of potential threat vectors. As such, human analysts remain the essential arbiters of controls, knowledge and explainability. Today, machine learning augments human analysts in two critical ways:

1. AI automates repetitive tasks. For example, it triages low-risk alerts or tedious data enrichment tasks in order to free up analysts for higher-value or strategic decision-making.
2. Machine learning raises the baseline of threat intelligence. As a result, human analysts start with higher-order threats, surfaced using machine learning to more rapidly analyze, curate, visualize and suggest potential actions.

Tests show that the ideal cybersecurity performance or accuracy is often a combination of human and AI -- not either alone. Augmented security tools will likely be essential for security teams in the years to come. In fact, some technology on the market already supports UI tools to enable cyberexperts to incorporate threat types to retrain machine learning models and configure specific fixes based on the problem.

4. AI-based threat mitigation

Cybersecurity technology and risks evolve in lockstep with AI. Today, companies must train machine learning algorithms to recognize attacks perpetrated by other machine learning algorithms. For example, hackers were discovered to have used machine learning to identify weak points in enterprise networks. They used this information to target points of entry via phishing, spyware or distributed denial-of-service attacks.

Other threat actors have developed smart malware -- or even artificial hackers -- to personalize attacks tailored to victims' specific contexts. AI-based attacks demonstrate AI's common value propositions: rapid scalability, behavioral analytics and personalization. These capabilities can be used nefariously in breaches, outbreaks or other security incidents.

The enterprise hacker cat-and-mouse game represents an important and dangerous dynamic in cybersecurity innovation. It remains critical that organizations wield investment to protect, especially as legacy systems cannot be easily updated or replaced.

The above use cases are but a few of the numerous applications for AI in cybersecurity. For all the potential, machine learning is not a silver bullet; it is a just a tool. And remember: Avoid silver bullet thinking, but consider the silver lining. Despite vendors' lofty marketing, the reality is that enterprise security landscapes are vast, dynamic networks. They must be constantly monitored, audited and updated based on ongoing unpredictable internal and external threat vectors. To define what is anomalous requires defining what is normal. This is extremely difficult, as computing and economic environments transform so rapidly.

While traditional signature-based methods of threat detection -- not to mention humans -- have blind spots, so too do machine learning techniques. Clear intention for application is paramount for any tool, and the output is only as good as the data input. Finally, as with any action-reaction, there is cause for optimism: Ever more sophisticated threats are sparking a renaissance of ever more sophisticated mitigation tools.