In a recent Finjan blog ‘Why Can’t Network Security Get Ahead of the Bad Guys?’, we wrote about the difficulty of staying ahead of hackers and attackers. To help address this issue, one industry bright spot is the application of Artificial Intelligence (AI) and Machine Learning (ML) to provide a programmatic approach to building and maintaining improved cybersecurity. In this blog, we unpack that concept in more detail.
What are AI and ML?
AI and ML are often used together in the same sentence or used interchangeably. But they are different:
- AI is software that attempts to create or mimic a decision mechanism similar to the human brain. The history of AI dates back to Alan Turing’s initial work in computer science in the 1940s and then began to pick up speed in the 1950s. Initially, AI was all about mimicking the human brain and that has proven to be a very hard problem. More recently, and this has paved the waved to significant advances, the field of AI has turned its attention to decision mechanisms in more specific fields. Network security is one of those fields.
- ML is a branch of AI, and defined by Computer Scientist and machine learning pioneer Tom M. Mitchell, “Machine learning is the study of computer algorithms that allow computer programs to automatically improve through experience.” ML relies on working with small to large datasets, by examining and comparing the data to find common patterns and explore nuances.
Hence, when we talk about AI and ML applied to cybersecurity, the focus is really around using machine learning to develop advanced algorithms that can anticipate (and stop) future cybersecurity attacks
AI and ML are not Panaceas, but they are Part of the Cybersecurity Landscape
AI and ML are certainly not perfect. Indeed, there are industry experts who downplay AI/ML’s impact on cybersecurity. As outlined by Gartner Research Vice President Augusto Barros, “ML is used to identify known behavior, but with variable parameters. What does that mean? It means that many times we know what bad looks like, but not how exactly it looks like. Although ML-based detection is a different detection method, the process is still very similar to how (vulnerability) signatures are developed.”
That noted, the limitations of human software programmers to deliver cybersecurity solutions at scale is limited. For example, conventional systems utilize Advanced Threat Prevention to detect cyber threats and protect against them. However, about 845 million malwares were detected in 2018 and around 10 million new malwares are created every month in 2019. This is where AI and ML play a key role in cybersecurity; keeping up with, and getting ahead of, attackers and hackers (who are themselves relying on AI and ML).
AI and ML Cybersecurity Applications Today
Recognizing these approaches are not perfect but are now mandatory in the pursuit of cybersecurity, here are some examples of where they are currently be applied:
With the explosive growth in online banks, ATMs, etc., bank fraud is big business. Celent expects the growth of risk management and risk-related regulatory compliance technology spending in 2019 to hit $72 billion. Today, many fraud detection solutions are bespoke or application-based. They are not well designed for detecting fraud in real-time and many generate false positives well in excess of 75%. Banks are using AI and ML to identify “probable” fraudulent transactions and/or sessions and are tightening fraud detection models to lower the number of false positives.
A recent CSO Online article pointed out that 92% of all malware is delivered by email. Trend Micro is developing new machine learning (ML) algorithms to examine large volumes of data to predict if unknown files are malicious or not. The company’s Writing Style DNA technology prevents email impersonation by using AI to recognize the DNA of a user’s writing style based on past emails, which it compares to suspected forgeries. The technology verifies the legitimacy of the email content writing style through an ML model that contains the legitimate email sender’s writing characteristics.
Healthcare Records Protection
Cybersecurity has become a significant concern for healthcare organizations, threatening to cost them $380 per patient record. But, while healthcare security is among the use cases with big potential for artificial intelligence and machine learning, the underlying reality is that both hospitals and hackers have access to the same technologies. “AI is a dual-use technology that can be deployed defensively or offensively,” said Lee Kim, Director of Privacy & Security at HIMSS. “There are malicious uses of AI.”
Recommendations: What can you do now to Implement AI and ML as part of your Security Strategy?
Get acquainted with the underlying technologies and trends of AI and ML and how they are being applied to cybersecurity problems in your industry. Leading organizations like the SANS Institute and RSA have white papers, webinars and educational programs targeted at InfoSec professionals at all levels. This content is generally vendor-agnostic and draws from a wide variety of industry, government and academic experts.
When considering AI and ML based cybersecurity solutions, break your decision-making process into basic questions such as: How does the solution work? How is AI or ML applied and used? What data is used? Has it worked for others? What have been the results?
Go slowly. Apply AI or ML to a test one narrow use case. While your results are limited to that one use case, your learnings can be generalized to other use cases. Review the questions and answers from the “Evaluate” section above to determ