Last year presented the tech industry with many learnings. However, with General Data Protection Regulation (GDPR) right around the corner, the biggest lesson many enterprises are learning is that it is damaging to think that their existing security systems will be sufficient to protect them in the long term.

With a constantly evolving threat landscape, there have been many cases whereby individual device security has been found wanting. With businesses rushing to plug this gap, it is critical that the investments are made in the right areas to stay agile, and keep pace with the rest of the industry.

Utilising a static platform when handling an organisation's security has already become outdated in the cybersecurity space, and it is more often human error that is the weak link in the network security chain. It is, for this reason, that most cybersecurity vendors have already begun implementing aspects of Artificial Intelligence (AI) and Machine Learning (ML) into their products.

Despite this, businesses are having a great deal of difficulty when it comes to letting go of the wheel in this facet of their infrastructure. In 2018, we will see an increased necessity for businesses to rely on this tech in order to keep up with such a fast-paced and volatile security space.

Tireless Sentinels

When it comes to monitoring the network, nothing can learn what ‘normal’ looks like, or respond to any drastic changes, faster than monitoring technology that sits within the network itself.

If CIOs and IT departments rely on individuals keeping their eye on the network, in order to identify and act upon incoming threats, they will always find themselves one step behind. It is for this reason we should anticipate security systems gaining more AI capabilities next year.

It can prove difficult to manually detect and implement the solutions needed to adapt to the current threat landscape. Technology that sits within the network itself, learning what ‘normal’ behaviour looks like, is invaluable and eliminates the risk of human error not picking up on issues or spotting something that is not performing the way it should, until it is too late.

Not only this, but it also frees up time and bandwidth within internal IT teams to be far more proactive in the value they add to the business.

However, there are a lot of trust issues with AI in today’s tech marketplace, especially in the more traditional organisations. While this may stem from the natural distrust in AI that exists in society as a whole, we are beginning to see a shift in perception that will grow in 2018, given the incredible capabilities this technology is demonstrating.

It is key that these positive steps are being made, as many organisations have a false sense of security in their security capabilities, which will struggle to stand the test of time.

Unfortunately, this presents a false sense of confidence that can be fatal to the security of the network. The fact of the matter is, the technology behind ML and AI can’t suffer from overconfidence and preconceived notions of what is “secure”.

By eliminating the human element, the technology will simply do the job of identifying anomalies and mitigating threats, but far faster and better than today’s, largely human latency bound, security posture model.

The Robot Revolution

Despite the clear advantages, there are a number of key barriers to the otherwise inevitable adoption of such technology that must be addressed. These include the need to have the appropriate legislation and accreditation in place for what could be otherwise described as a form of autonomous security, the creation and utilisation of positive use cases and the “human factor” of needing control.

Firstly, it is vital that recognised legal frameworks are in place to ensure organisations can demonstrate compliance with the appropriate standard. Cybersecurity is already seeing giant shifts from a legislative point of view with GDPR only a few months away from coming into effect. Therefore, it is important that the implementation of AI and ML is examined from a legal standpoint.

In the case of the human factor, there is ultimately a reluctance to hand over control of something that has been in our “manually managed and monitored domain” for so long. This is absolutely no surprise, and something that is only a matter of time in many cases.

For example, history shows it took a while for IT teams to adopt the concepts of virtualization on a data centre scale. Moreover, it will take a while for car drivers to take their hands off the wheel, yet these days as passengers in commercial airliners, we think nothing of the planes landing themselves.

With AI and ML grabbing the headlines for a mixed bag of good and bad reasons, when it comes to something as mission-critical as security, this transition will be a challenging yet vital one.

The first step that needs to be taken to build a base of trust in any implementation of AI technology is credible and successful proof cases. While this will undoubtedly take time, next year will be key in building these proof points out.

Ultimately, the shift towards automated technology is vital if businesses, both large and small, are to remain vigilant and secure against the constantly evolving threat landscape. This requires a giant shift in perception amongst security professionals and IT decision makers.

As it is expected with drivers in the near future, security teams also need to learn to take their hands off the wheel and let security technology drive itself. Their organisation’s security may well depend on it.

Paul Griffiths is senior director, Advanced Technology Group at Riverbed Technology.