AI in cyber-security - are we trying to run before we can crawl?

While walking around the larger industry shows, those hosting say more than 140 vendors, it doesn't take long to realise that artificial intelligence and machine-learning are the current'it' girls of the cyber-security industry. In an effort to define what'artificial intelligence' actually is, Luger & Stubblefield described in their 2004 book on artificial intelligence, that an ideal "intelligent" machine is a flexible rational agent that perceives its environment and takes actions that maximise its chance of success at some goal based on a complex set of calculations. As notifications from UBA, SIEM and threat intelligence systems continue to grow, artificially intelligent systems are being touted as the solution to the fatigue experienced by SOC teams who have to try and figure out what to do with each threat, and whether or not they should investigate it further. Research from security company Hexadite, a security automation company, claimed that 37 percent of cyber-security professionals face 10,000 alerts per month" with 52 percent of alerts turning out to be false positive. He responded: "Highly repetitive and intricate tasks may be well suited for a machine rather than a human.