Report: AI can be Applied in 55% of Cybersecurity Countermeasures

Positive Technologies conducted a study on the key applications of artificial intelligence in cybersecurity. According to the report, AI can be utilised in more than half of the cybersecurity countermeasures outlined in the MITRE D3FEND matrix. As many as 28% of countermeasures already incorporate AI assistance, with a further 27% expected to be covered by AI-enabled solutions currently in development.

With the help of artificial intelligence, defenders can proactively identify, predict, and prevent relevant cyber threats. For instance, AI helps guard against potential data breaches by recognising sensitive information within documents and flexibly adjusting their content according to the task at hand and the user’s clearance level. Additionally, AI technologies can be employed for automated security testing: in PT Dephaze, for example, generative AI helps generate the most likely passwords for a specific target, analyse text files, and produce a final report.

At present, artificial intelligence is most actively applied in cyber threat detection, such as analysing user behaviour, network traffic, and data on executable files. Experts believe that, in future, AI will assist in gathering network intelligence and detecting or tracking software tools and services that may be unknown to the IT department and cybersecurity team. For now, organisations can keep their IT infrastructure data current through vulnerability management solutions such as MaxPatrol VM. It is anticipated that AI will soon be capable of more realistically simulating user and system behaviour, generating honeypots, and enabling continuous biometric authentication.

A key advantage of AI-enabled cybersecurity tools lies in their ability to detect previously unknown threats. For example, the behavioural analysis tool in PT Sandbox and the machine learning assistant BAD (Behavioural Anomaly Detection) in MaxPatrol SIEM have repeatedly demonstrated this capability. By identifying anomalies and potentially dangerous behavioural patterns, the ML model helps uncover zero-day vulnerability exploits and activity from unknown malware.

“One of the goals of embedding AI in cybersecurity solutions is to create an ‘autopilot’ that accelerates incident response while significantly reducing the burden on cybersecurity personnel. This is particularly important given the talent shortage and the growing number of cyberattacks using artificial intelligence. The effectiveness of this concept was proven by our metaproduct MaxPatrol O2 during the Standoff 13 cyberbattle: the autopilot detected and prevented attacks, stopping red teams from breaching a replica of Positive Technologies’ IT infrastructure,” stated Roman Reznikov, Cybersecurity Research Analyst at Positive Technologies.

Moreover, AI significantly expedites incident-related decision making by providing additional context to SOC teams — explaining security system alerts and offering recommendations. It also helps automatically create a response scenario to quickly counter an attack, providing several options with varying levels of human involvement. This approach is used in MaxPatrol O2, a metaproduct developed by Positive Technologies.

Nevertheless, the use of artificial intelligence in cybersecurity faces a number of challenges, requiring high-quality training data and the expertise of top-tier professionals. On one hand, novel AI modules aid in defending against cybercriminals; on the other, they also represent a potential target for attackers. It is advisable to adopt a responsible approach to the development and implementation of new technologies — carefully assessing the risks and adhering to general recommendations for personal and corporate cybersecurity.