It’s often been observed that technological advancement is a double-edged sword – and this is especially true in the realm of cybersecurity. Attackers have been known to use automation technology to stage and sustain their strikes – while those same machine learning algorithms and real-time response mechanisms can help enterprises that suffer an assault to speed up their efforts at remediation.
However, this can only happen if these automated and learning technologies are actually being deployed by enterprise users. With recent security research suggesting that a typical business organization takes an average of 146 days to fix critical software or system vulnerabilities, the penetration of such technology clearly hasn’t reached acceptable levels, yet.
Nevertheless, there’s an increasing level of buzz over machine learning, adaptive technologies, and Artificial Intelligence (AI) – and the roles they can and should play in improving enterprise cybersecurity.
Artificial Intelligence (AI) and Machine Learning Basics
“Machine learning” describes a set of complex mathematical functions or algorithms which enable certain software and systems to observe and record inputs from various sources (such as data streams, user interactions, or system processes) and to make logical connections between what’s being observed and the resulting effects.
Over time, the algorithms allow for increased accuracy in observation, and a greater capacity to form connections between data inputs and their consequences. In effect, the system is “learning”, and improving its performance through experience.
When machine learning combines with automated systems and mechanisms that are capable of performing logical actions in response to information and interactions as they occur, “artificial intelligence” or AI is the result.
In the context of cybersecurity, having a system that’s capable of learning from experience and acting on that knowledge without necessarily being prompted to do so by a human operator has distinct advantages to offer.
Artificial Intelligence in Cybersecurity – Identifying Threats
The enterprise network has extended beyond the campus and in-house data center to include remote sites, branch offices, mobile devices, and cloud deployment. These days, even IoT (Internet of Things) sensors and devices may be involved. That’s a lot of endpoints and a network perimeter which could potentially be spread across the globe.
Hardware and software from various manufacturers, different operating systems or a range of operating system versions (think Android, in its numerous flavors) may also be part of a mix that includes OS, firmware, or application software vulnerabilities which could be exploited by attackers at numerous points. On the attacker’s side of the equation, new techniques and clever variations on old ones are continuously being developed.
Keeping track of all of the threat vectors and vulnerabilities which might affect an enterprise could soon overwhelm even the most gifted IT and security teams. AI can significantly reduce this burden by automating tasks commonly associated with traditional security operations and providing the capacity and speedy response required to better manage the volume and complexity of data generated by an organization’s IT and security tools.
The role of Artificial Intelligence in cybersecurity may even extend beyond relieving the workloads of human operators, to fine-tuning their security operations. Examples would include improving the grouping and classification of information across different data types or data streams, and normalizing data from potential threats to weed out false positives.
Artificial Intelligence in Cybersecurity – AI and Risk Assessment
Once external or incoming data is monitored, filtered and classified in terms of its threat potential (presence of malware, exploits, known threat actors, etc.) some way of putting these observations into a quantifiable business context is required. Usually, this takes the form of a risk assessment, whereby the effects of security gaps or vulnerabilities on critical business functions may be determined or predicted.
Here too, advanced machine learning algorithms can assist in making the correct correlations between business functions and the effects on them of different attack vectors or vulnerabilities, and in establishing appropriate responses to individual risks.
Artificial Intelligence in Cybersecurity – AI and Remediation
With most organizations having accepted the wisdom that falling victim to some form of attack or security breach is inevitable – if it hasn’t happened already – much of their attention is focused on how best to co-ordinate the activities of security and IT operations teams, and how to orchestrate an effective and rapid response.
Based on threat identification models and risk assessments, it’s possible to create automated processes to provide notification of security incidents. Combined with rules-based security policies and benchmark performance thresholds, automated mechanisms, and machine learning can help organizations to optimize their remediation efforts.
Artificial Intelligence in Cybersecurity – AI and Augmented Intelligence
Combining in-house knowledge with online security and threat intelligence sources is one of the ways that enterprises can stay up to date with the latest cyber-threats, trends, and technologies. But collating and packaging all this information so that it can inform the work of security professionals and educate workers in security awareness and best practices become a chore, in itself.
Adaptive and selective learning technologies can help security analysts to filter out what’s most relevant from the streams of incident reports and security intelligence that flood the internet on a daily basis. And AI and cognitive technologies can provide real-time support to users – as they already do, in areas such as spam filtering and the identification of phishing websites.
Limitations of AI
Opponents of artificial intelligence often cite the unrelenting thoroughness of machine learning algorithms and automated responses as the greatest weakness of AI. Unchecked (they argue) it ultimately leads to overkill, in the form of false positive threat identifications and false alerts – tons of them.
At present, even the smartest AI systems lack the discerning eye which a human operator can bring to bear on a threat intelligence or network monitoring report. That’s why a co-operative effort between artificial intelligence and security professionals is often advised.
Human-Interactive Machine Learning
So-called “human-interactive machine learning” systems look to provide the best of both worlds.
On the one hand, the AI part of the system analyzes data from internal security sources, correlating the information with threat data from external sources. Automated processes can “red flag” any anomalies that may be worth looking into – and alert human operators to the existence of these potential vulnerabilities or threats.
Security analysts can study these reports, and identify the most relevant threats. These results can then be fed back into the system, which over time learns to adjust its analysis and reporting in response to the input it’s received from the human operators. As monitoring and analysis become more finely tuned, fewer false positives and more actual relevant threats will be identified.
AI and Job Creation
So we’re still a ways from the dystopian nightmare scenario where artificially intelligent systems and machines make human beings obsolete. In fact, it’s been argued that AI has the potential to actually reduce unemployment in the cybersecurity sector.
With cybercrime costing the global economy an estimated $445 billion each year, there’s currently a shortage of skilled professionals capable of taking on the task of populating the increasing numbers of security operations centers needed for analyzing and coordinating the contributions made by security intelligence databases and the observations of intelligent systems.
Individuals with investigative skill, curiosity, and a willingness to learn and adapt to constantly changing streams of knowledge will benefit from what IBM Security’s vice president of threat intelligence Caleb Barlow dubs “new collar” job opportunities.
Artificial Intelligence (AI), therefore, looks set to have an impact on employment patterns within the cybersecurity realm, as well.
Share this Post