What AI Can do for Cybersecurity Now
Artificial Intelligence (AI) providers promise impenetrable defenses for business security creating, some say, a premature sense of peace of mind.
AI vs. ML
What might be touted as AI is actually machine learning, and there is a distinct difference according to the CEO of the cybersecurity defense firm Malwarebytes, Marcin Kleczynski. It is important, Kleczynski says, to learn the difference, because it can be confusing to customers.
Machine learning algorithms used by security companies focus on large data sets to “learn” what threats to watch out for and how to respond appropriately. When malicious programs are identified, machines assign a unique identity to them, and monitor customer devices to make sure the these identified signatures do not appear.
But machines rely on input of new data to create unique conclusions. For example, Amazon’s Alexa personal assistant combines the information a user provides, with solutions in its data base, to return answers. AI takes data input further by not only drawing conclusions but also creating unique solutions. So while machine learning can personalize web content and other tasks, AI acts more like the neural network in the human brain, classifying images in web content, drawing conclusions and applying this new information to other purposes.
What can AI do for cybersecurity?
AI can be a huge timesaver for security professionals because the technology goes beyond detecting threats and automating some of the workload. Systems are capable of rationalizing normal network activity and fixing situations on their own. Chief Technical Officer of McAfee, Steve Grobman, indicated AI support will reduce IT and cyber security staffing needs, allowing core human personnel to increase their own effectiveness. This is good news because there is a severe shortage of advanced IT workers, with employees in the field working an average or 55 hours per week. Employers are relying on growth in automation to relieve staffing woes.
AI systems are already categorizing attacks based on threat level, though cyber professionals say systems need to increase accuracy. Regardless, machine learning systems, paired with the deeper learning of AI, adapt how threats are interpreted over time, providing serious competition to cyber criminals.
AI systems that directly handle threats on their own do so according to a standardized procedure or playbook. Rather than the variability (and ultimately inaccuracy) that comes with a human touch, AI systems don’t make mistakes in performing their function. As such, each threat is responded to in the most effective and correct way.
Since AI continues to rely on human input when processing data, cyber security is often playing catch-up as artificial intelligence interprets human understanding of a threat. Rather than looking at human interaction as a detractor, Grobman views human-machine teams as essential to solving difficult cybersecurity challenges:
“If you think about other areas that are taking advantage of machine learning or AI, very often they just improve over time,” Grobman said. “A great example is weather forecasting. As we build better predictive models for hurricane forecasting, they’re going to continue to get better over time.”
As advancements are made, the bad guys are getting more sophisticated, too. Though AI cybersecurity models are increasingly effective in detecting threats, bad actors are learning how to interrupt these models.
For investors, artificial intelligence is big business. JPMorgan anticipates AI will make up 1.8 percent of global enterprise budgets by 2021. This may seem like a small number, but it is a 600 percent increase in spend over 2016 budgets.
As cyber threats increase and get more sophisticated, compounded by a shrinking cybersecurity workforce, we are still in the infancy of discovering AI’s capabilities. AI systems, however, are already addressing advanced security problems, and seem one of our best opportunities to handle future generations of cyber-attacks