The State of AI in Cybersecurity 2023: Insights About Top Solution Categories
Explore AI in Cybersecurity: Top solutions, current deployments, and future trends. What’s driving the industry?
In this final blog of my 4-part series about The State of AI in Cybersecurity, we take a look at Aberdeen’s research findings about the leading AI / ML-enabled solution categories, both current and planned. In case you missed them, here are the first three:
- The State of AI in Cybersecurity 2023: The Good News — and some Ongoing Challenges
- The State of AI in Cybersecurity 2023: The “Lake Wobegon Effect” — Where Every Enterprise is Above Average
- The State of AI in Cybersecurity 2023: Insights About Use Cases
As part of our State of AI in 2023 dataset, Aberdeen asked respondents about the current and planned use of a dozen cybersecurity solution categories — selected in large part because, for several years, leading solution providers in these categories have already been incorporating traditional AI / ML-based capabilities:
Network Security (e.g., monitoring, detection, response)#1 |
Data Protection (e.g., DLP)#2 |
Endpoint Security
#4 |
Cybersecurity Posture Ratings (e.g., “risk scoring”)#5 |
---|---|---|---|
Information / Event Management
#6 |
Insider Risk (e.g., user behaviors)#8 |
Application Security (e.g., Software Composition Analysis)#7 |
Bad Bot Detection and Mitigation#12 |
Log Management
#9 |
Identities and Access (e.g., adaptive authentication, credential stuffing / ATO prevention)#10 |
Email / Web Security (e.g., anti-phishing)#3 |
Counter-Fraud
#11 |
Source: The State of AI 2023; Aberdeen, October 2023
The rankings of these selected solution categories, in terms of current deployments among all respondents in Aberdeen’s study, are also shown above. The number of these selected solution categories currently deployed at a given enterprise ranges from 2 to 8 (median: 4) (statistically, this is the 90% confidence interval).
Among the top 10 solution categories, most are part of the eight core cybersecurity capabilities that you’d expect enterprises to prioritize:
- We understand our environment’s systems, applications, and service providers.
- We keep our systems and applications securely configured.
- We keep our networks, systems, and applications patched and updated.
- We protect and back up our important data.
- We protect our network.
- We manage our users, their accounts, access to resources — and their behaviors.
- We maintain visibility into what’s happening in our environment.
- We are in a position to respond and recover when something goes wrong.
For example, Endpoint Security solutions are aligned with core cybersecurity capabilities #2 and #3.
Among the top 10 solution categories, two are also worthy of highlighting in light of broader enterprise security trends and drivers:
- Cybersecurity posture ratings (e.g., “risk scoring”) reflect the growing importance of managing third-party risks. For example, many organizations find it convenient to use independent services that provide “risk scores” for their suppliers and partners as part of their third-party risk assessments. (In Aberdeen’s view, these are more properly thought of as “vulnerability scores” — i.e., they provide valuable insights into the potential frequency of a threat actor exploiting a vulnerability, but this must be combined with the corresponding impact of a successful exploit to be about risk truly.)
- Application Security (e.g., Software Composition Analysis) highlights the growing percentage of open-source code on enterprise software development projects. A software composition analysis is an automated audit of your codebase to provide critical visibility into the scale and scope of open source usage — and to produce the information you need to manage the licensing-related and security-related risks from using open source to an acceptable level.
As we wrap up this 4-part series, it’s worth repeating that these selected solution categories have integrated traditional AI / ML capabilities — in which computers perform specific tasks based on pre-programmed rules and algorithms. Going forward, we can expect leading cybersecurity solution providers to incorporate net-new capabilities enabled by generative AI — for example, automated content creation (such as reporting and policy recommendations) or natural language interfaces to help technical staff accelerate their real-time research and investigations.
As always, Aberdeen will incorporate these evolutions into its ongoing research projects in cybersecurity. To our community of technical professionals, a big thank you for your ongoing contributions!
Why do you think generative AI will be a game-changer for cybersecurity? Let us know on Facebook, X, and LinkedIn. We’d love to hear from you!
Image Source: Shutterstock