Blog WatchGuard

MSP: What role does AI play in cybersecurity?

Artificial intelligence (AI) is playing an increasingly important role in cybersecurity. This is confirmed by a recent Pulse survey of 191 senior executives from companies on four continents: two out of three organizations (68%) say they are using tools that use AI technologies and among those who are not yet using AI, 67% are considering adopting it.

The benefits they cite most frequently are increased threat detection speed (74%), predictive capabilities (67%) and error reduction (53%). Regarding more specific areas of cybersecurity, they highlight network security (65%), access and identity management (64%), behavioral analytics (57%) and EDR capabilities (52%). That's also why 56% believe it will help them reduce cyberattacks that exploit zero day vulnerabilities, such as the incident a few months ago with Microsoft Exchange. For all these reasons, the vast majority of respondents (96%) argue that going forward AI will be essential for cybersecurity in organizations


However, not everything reflected in the survey is positive: 22% believe that it is still too early to say that they are happy with the AI features of their tools. In addition, 50% are concerned about several aspects of the use of this technology, such as the lack of talent to understand or integrate the tools (63%) or the complexity of integrating them into the architecture of the company (hybrid or legacy environments). In fact, several executives admit in the survey that it’s difficult to find people with the right knowledge or skills to implement and manage them properly.


Automation and detection

It should be noted that these AI-related challenges can produce a degree of "alert fatigue." The absence of automated tasks or the adoption of tools that are too complex are an obstacle: lack of time and pressure can generate an attention deficit among professionals that may lead to them overlooking anomalies or serious incidents that affect the entire organization. 

Fortunately, MSPs can help their customers reduce these challenges by deploying advanced cybersecurity solutions that leverage AI, yet are simple to manage and operate from the Cloud.

First, they should use network security tools that provide a high level of predictive security and automate the tasks of IT teams. This will reduce the number of hours they spend on administration by up to 80% and provide a very high threat detection capability, extending from the LAN to the Cloud.

But second, AI must also play a central role in endpoint protection, detection and response (EPDR) capabilities. In this sense, these functionalities must always depart from a zero-trust approach that automatically classifies the vast majority of processes before they run on endpoints, while only a very small percentage is manually analyzed by cybersecurity experts. This ensures 100% of binaries are identified without creating false positives or negatives.

Compartilhe isso: