By Estelle Chiu, Customer Success Manager, Horangi Cyber Security
Artificial Intelligence (AI) is at the frontier of a new techno-tsunami that is transforming the way we live and work.
“Historically, an AV researcher might see 10,000 viruses in a career. Today there are over 700,000 per day,” says Ryan Permeh, chief scientist of Cylance. Could AI be the solution to solving the big data problem, and bridging the widening workforce gap in the Cyber Security industry?
Intelligent machines now have the power to make observations, understand requests, reason, draw data correlations, and derive conclusions. Not only could AI help to effectively detect anomalies and tackle manpower shortage, but it could support rapid incident response operations against zero-day threats.
Is AI the answer to patching all the flaws in our security systems? Or is it making IT professionals redundant? Beyond the hype, any future-proof business must consider the applications and implications of this incoming wave.
The Power of machine learning
Traditionally, cybersecurity has relied on rules-based or signature-based pattern matching. With anti-virus (AV) for example, researchers at AV companies find malware and generate signatures that can be used to check files on an endpoint to see if they match a signature of known malware. This means that one can only detect malware that is known, and that matches a virus definition or signature.
With AI, machine learning can provide an alternative to traditional cybersecurity solutions. Instead of relying on code signatures, machines can analyze the behavior of the programme and use machine learning to find a match, where that behavior is predictive of malicious code. With 2.5 quintillion bytes of data created daily, online platforms constantly have to provide content that is relevant. Netflix does a great job at classifying movie genres and giving movie recommendations. Through machine learning, service providers like Netflix, are able to automatically categorize and offer suggestions by aggregating across the entire database of films and users.
Ability to detect and predict new, complex threats
Conventional technology is past-centric and depends heavily on known attackers and attacks, leaving room for blind spots when it comes to detecting abnormal events in new-age attacks. The limitations of older defense technologies are now being addressed through machine learning.
For example, privileged activity within an internal network can be tracked, and any sudden or significant spike in privileged access activity could denote a possible insider threat. If it is found to be a successful detection, the machine will reinforce the validity of the actions and become more sensitive to detecting similar future patterns. With larger amounts of data and examples, machines can better learn and adapt to spotting anomalies, more quickly and accurately. This is especially useful as cyber attacks are becoming increasingly sophisticated, and hackers are coming up with new and innovative approaches, of which older security technologies would be slow to detect.
Ease burden on cybersecurity personnel
Machine learning is most effective as a tool when it has access to a large pool of data to learn and analyze from, reducing attack surfaces through predictive analytics. The volume of security alerts that appear daily can be very overwhelming for the security team. Automating threat detection and response helps lighten the load off of cybersecurity professionals who have to contend with prioritizing cybersecurity-related issues and can aid the detection of threats more efficiently than other software-driven methods.
As substantial quantities of security data are being generated and transferred over networks every day, it becomes progressively difficult for cybersecurity experts to monitor and identify attack elements rapidly and reliably. This is where AI can come in and expand their monitoring and detecting operations, making sense of the copious data. Machine learning can help cybersecurity personnel respond to scenarios that they have not specifically encountered before, replacing the laborious process of human analysis.
AI and machine learning also assist IT security professionals in achieving good cyber hygiene and enforces robust cybersecurity practices. The tables are turned as cybersecurity becomes less about an incessant pursuit of hunting down malicious activity, and more about continuous prevention, prediction, and improvement. It could also become a part of the solution for the widening talent gap in the cybersecurity industry.
Limitations of AI and machine learning
One of the greatest challenges would be the adoption of AI technology. For a machine learning engine to perform well, it must retrieve the right data, extract the correct features, and cast the appropriate angle on those features. If trained poorly, it will make inaccurate predictions. Such models are only as good as the data that is fed in. Companies who only do end-point detection are missing out as they lack the data required to leverage on AI.
According to research by Cylance, 62 percent of security experts believe that there will be an increase in AI-powered cyber attacks in the near future, and therefore, AI may be used as an intelligent cyber weapon. Bad actors could significantly develop their phishing attacks by using AI to circumvent machine learning-based phishing detection systems. In an experiment by Cyxtera, two attackers were able to use AI to improve their phishing attack effectiveness from 0.69 percent to 20.9 percent, and 4.91 percent to 36.28 percent, respectively.
Seeking human-machine symbiosis
“Cyber attacks aren’t a statistical phenomenon. There is a human attacker behind these threats. We have a living and breathing adversary on the other side of the internet, coming up with new methodologies, daily,” Kevin Lee, executive chair of Horangi Cyber Security.
Many cybersecurity experts have bold opinions on whether machines should be responsible to manage something as complicated as cybersecurity. According to IEEE, human and organizational responsibility for decisions should still be made by the people of the organization and its systems. Refusing to acknowledge the machine’s actions and pushing the liability on them is foolish and could give rise to a regulatory and public backlash.
Only a human can understand the business context of why an attacker might be after a piece of information and what their motivations are. Machine learning is an effective tool against both known and unknown malware, as it can identify and understand malicious activity when applied properly. However, it should not be the only solution. “The combination of human and machine is superior to machine alone or human alone,” said Lee.
Ultimately, the future requirements of cybersecurity are an interplay of advances in technology, legal and human factors, and mathematically verified trust. Effective cybersecurity should be about striking a balance between human and machines. Where computers cannot, humans make sense of the data by ensuring machine-suggested actions have business value too. Humans bring the business, legal, and commercial value into decisions, whilst machines have the capacity and speed to analyze and interpret big chunks of data. Both human intelligence and artificial intelligence must work symbiotically for optimal results. This is the way towards a comprehensive solution that protects against the full spectrum of threats facing today’s businesses.
Image by Gerald Altman/Pixabay