Artificial Intelligence (AI) has gotten a lot of attention in recent years as its adoption has skyrocketed across industries and use cases, effectively forging its way into a “mainstream technology.” However, cybersecurity is where you may have not heard about it much. Well, actually, you’ve probably heard about it in cybersecurity, but I’ll bet it’s sounded a bit “buzz word-y,” right? Much of the talk about AI has been forward-looking, focusing on what “could be” versus what is actually available today.
Attackers are increasingly using sophisticated AI to bypass traditional defenses, so it’s time for AI to take center stage in cybersecurity. However, there’s a clear reason as to why AI has remained on the tip of every cybersecurity marketer’s tongue (myself included), but hasn’t been fully realized: the hardware problem.
AI’s hardware problem
From our point of view:
Cybersecurity products, from the past and present, are largely hardware-based, with only a handful of these products being truly cloud-native. Cybersecurity products must be built for and delivered from the cloud to fully realize the benefits of AI and realistically deploy it. The future benefits of AI to improve cyber defenses rely heavily on the adoption of cloud-based cybersecurity solutions.
In this blog, I'll cover the components of AI’s hardware problem in cybersecurity:
- Deployment and compute power;
- Out-of-band AI; and
- How Zscaler is positioned to bring AI to cybersecurity in a meaningful way
There’s no AI without good data
Data is at the heart of AI, but without good data, AI models are inaccurate and essentially useless. Good data spans a wide range of scenarios and is delivered in a constant stream, helping ensure the model can render accurate verdicts across a wide range of scenarios. You might be thinking, “my hardware security appliances collect a lot of data, isn’t that enough?” The short answer is no; let’s talk through what a broad set of good data looks like.
Security appliances do collect data so they can perform their intended function, however, the data is “stuck” on a single appliance, or within your organization’s set of appliances. Your organization’s data or the data a single appliance can collect isn’t nearly enough for the AI model to continuously learn and adapt. Even if you store this data in a SIEM for analysis, which is great for incident response and investigation, the data is still “stuck” in that you can’t directly enforce security controls based on the AI model’s verdicts. Ultimately, the end goal is to create a network effect of shared, but differentiated data points that gives the AI model more to work with. Security appliances are not built to create a pool of high-quality data.
Deployment and compute power
AI is compute-heavy, meaning it takes a lot of computing power for an AI model to run its calculations before reaching a verdict. The security appliances of today may have the necessary compute power to effectively run AI models, but can you say that about appliances from 5 years ago? What about even as recent as 3 years ago? Or 1 year ago? Hardware vendors recognize their limitations and are moving their AI/ML functionality to the cloud, creating a slow, out-of-band analysis and enforcement flow. As AI models expand in sophistication - and as a result, expand the need for more compute power - appliances find themselves consistently behind the needs of today and tomorrow. Which leads into our next topic: deployment.
It’s hard to imagine a world where organizations can realistically keep every single one of their appliances up to par with the requirements of advanced AI. Take a second to think about what it would cost your organization to purchase and consistently update your appliances to meet the needs of AI. Note: security appliances with the necessary compute power for AI usually fall into the “really expensive” category.
The burden of managing compute power with appliances for AI cannot be on organizations, it must be on the vendor to deliver that kind of capability natively. Without this responsibility model, AI will not get put to effective use in cybersecurity.
Zscaler & AI
Let’s bring this all together into how AI can actually work in cybersecurity. The bottom line: cloud-delivered security. Zscaler was born in the cloud and for the cloud, eliminating the hardware problem for AI in cybersecurity. How do we do it? Simply put, Zscaler:
- Has great data: By analyzing 300+ trillion signals from 200+ billion transactions every single day, we have a robust data set for our AI models to learn from (for reference, that’s 35x the amount of Google searches per day). We get this data from our customers (network effect), across all industries and geographical regions which enables our AI models to see a large array of situations, making them better at determining verdicts for their intended purpose.
- Is cloud-delivered: Gone are the days of worrying about your security appliances being able to handle the compute power necessary to implement AI into your cyber defenses. Zscaler is delivered from the cloud, ensuring that you’ll always have the resources necessary to implement AI and that you won’t have to go through tedious update or upgrade cycles.
- Performs inline AI and enforcement: Don’t let threats pass through your appliances while out-of-band analysis gives you retroactive verdicts. Zscaler’s revolutionary zero trust architecture terminates every connection inline, performing AI analysis and enforcement of security policy inline.
To summarize, cloud-delivered security is required to effectively and realistically bring innovative AI to the cybersecurity market. Without it, there are only empty vendor promises and headaches on the horizon. Zscaler is making massive strides in delivering innovative AI-powered solutions that you’ll want to take advantage of.
To learn more about new and exciting AI-powered innovations coming to Zscaler, register for Zenith Live.