Machine learning, deep learning, generative adversarial networks and other AI technologies have burst onto the cybersecurity scene over the last year. Software vendors and MSSPs are scrambling to bring their particular flavor of AI cyber security to market and claim their stake as industry leaders.
While AI has quickly become table stakes for an effective security posture, some of it can also seem to be overhyped in some respects. In this post, we’ll aim to cut through the superlatives and provide a few thoughts on the role of artificial intelligence in cyber security.
Artificial Intelligence in Cyber Security Does Not Replace Traditional Tools
By claiming that AI will replace traditional tools while lowering labor costs and probably making coffee at the same time, some advertising has put AI on a pedestal that it may not have achieved yet.
Here are some things that AI cyber security definitely will not replace. Security teams will still need to keep around:
- Employee training and a security-sensitive culture
- Smart policies and processes
- Qualified architects, managers, engineers, and analysts
- Rock-solid, layered infrastructure with effective controls around it
If you find yourself saying, “Wait, that’s 95% of my security program,” you’re right. Artificial intelligence in cyber security is a complement to a well-run cyber framework, not a replacement for it.
Must-Ask Questions When Evaluating AI Cyber Security Tools
We all have seen that technology can be promoted with grand promises backed by sometimes disappointing results. To avoid a dud in your AI implementation, you may want to sit down with your security team and your vendor rep to go over a few questions:
- How do your AI algorithms actually work? How mature is the technology? What are its blind spots?
- How well does it avoid false positives and false negatives?
- How do you measure the incremental benefits and the expected ROI?
- How will it protect us from insider threats?
- What’s your definition of ‘real-time’?
- Which attack vectors, file type, operating systems do you cover?
- How frequently does it need to be updated?
- How does it handle APT’s, zero-days and zero-hours?
- What outside support are we going to need to implement and maintain this?
- How much additional training will we need to use this effectively?
- Does it produce usable reports that actually mean something?
- What results have your other clients seen from it?
- Does it outperform what I already have, or will it be just another software bloating up my network?
Pitfalls to Avoid When Implementing an AI Cyber Security Solution
Adding software to your organization’s toolkit is rarely a trivial matter, and even less so when you’re dealing with AI. Here are some potential mistakes when deploying an AI cyber security tool:
- Expecting a “set-and-forget” solution that will replace the whole security program: See the first section of this post.
- Thinking that an in-house developed solution will be best-in-show without exploring other available options.
- Expecting that the AI tool won’t require any customization or integration.
- And possibly the most delicate one: Thinking it’ll all work out on automatic pilot without specialized AI expertise on your team or assistance from AI safety experts.
The fact of the matter is that it is no longer viable to delay implementation of robust AI cyber security tools. Bad actors have already started using AI.
A talented cybersecurity team and company-wide awareness trainings go a long way. Artificial intelligence in cyber security simply brings a needed support structure that can assist your teams to prevent attacks and accelerate mitigation if needed. As businesses undergo the digital transformation, it is imperative they also leverage new developments in cyber capabilities and include them in their thinking from the very beginning of their process. Cyber security cannot be an after-thought.
CyVent is a Certified Partner of global leaders in augmented intelligence applied to cybersecurity. Our cutting edge, AI-driven solutions help organizations transition from the classic remediation approach to security to a more pre-emptive posture, which ultimately increases prevention, decreases times-to-resolution and automates cybersecurity operations.
To thwart cyber attacks, the traditional approach has been to focus on the perimeter to repel intruders. But over time the perimeter has become a sieve. Today’s hackers easily break through it or find ways around it. In fact, a new study by RiskIQ estimates the cost cybercrime at $856,000 per minute. AI cybersecurity solutions directly address these challenges, which is why many now view the technology as the future of cybersecurity.
Going Beyond the Perimeter Is the Future of Cybersecurity
Focusing on defending the perimeter has been akin to wearing a Hazmat suit in a hostile environment: Any small perforation, and you were doomed to unexpected consequences at the hands of hackers who had the time and intellect to play games with your critical assets.
Not only are perimeters fragile and the gap in available talent huge, but most IT teams are often so stretched for resources that they can’t keep up with the updates necessary to protect against the myriad attacks that can penetrate a company’s external defenses. WannaCry was just an example of that.
Over the years, computing speed has grown exponentially –multiplying more than 3,000x since 1991 – to the point where even a $5 Raspberry Pi can now run deep learning algorithms. So it’s not a surprise that, in recent years, focus has shifted to using AI cybersecurity to complement traditional defenses in many ways and neutralize stealthy, unknown threats that may have already breached the perimeter before any irreparable damage to network or data is done.
Applying Artificial Intelligence in Cybersecurity
In AI cybersecurity programs, which are now being embedded in companies’ networks, endpoints and data are evolving into immune systems that allow internal defenses to shorten the dwell-time and pre-empt the devastation that can follow a breach.
While there is no need to abandon the perimeter, today’s smart CISOs are squarely focused on increasing their AI-driven pre-emption capabilities and boosting their own auto-immune systems. Artificial intelligence in cybersecurity is by no means perfect yet, but cybercriminals are already using automation and machine learning 24x7x365. In the never-ending cat-and-mouse game, AI is slated to continue gaining ground to build predictive capabilities and strengthen defenses for the foreseeable future.
To learn more about how AI is impacting the future of cybersecurity, download this white paper from Darktrace: Machine Learning in Cybersecurity.
Machine learning and artificial intelligence have exploded onto the cybersecurity scene over the last year. Software vendors and MSSPs are scrambling to bring their particular flavor of AI cyber security to market and claim their stake as industry leaders.
While AI has quickly become table stakes for an effective security posture, some of it can also seem to be overhyped in some respects. In this post, we’ll aim to cut through the superlatives and provide a few thoughts on the role of artificial intelligence in cyber security.
Artificial Intelligence in Cyber Security Does Not Replace Traditional Tools
By claiming that AI will replace traditional tools while lowering labor costs and probably making coffee at the same time, some advertising has put AI on a pedestal that it may not have achieved yet.
Here are some things that AI cyber security definitely will not replace. Security teams will still need to keep around:
- Employee training and a security-sensitive culture
- Smart policies and processes
- Qualified architects, managers, engineers, and analysts
- Rock-solid, layered infrastructure with effective controls around it
If you find yourself saying, “Wait, that’s 95% of my security program,” you’re right. Artificial intelligence in cyber security is a complement to a well-run cyber framework, not a replacement for it.
Must-Ask Questions When Evaluating AI Cyber Security Tools
We all have seen that technology can be promoted with grand promises backed by sometimes disappointing results. To avoid a dud in your AI implementation, you may want to sit down with your security team and your vendor rep to go over a few questions:
- How do your AI algorithms actually work? How mature is the technology? What are its blind spots?
- How well does it avoid false positives and false negatives?
- How do you measure the incremental benefits and the expected ROI?
- What outside support are we going to need to implement and maintain this?
- How much additional training will we need to use this effectively?
- Does it produce usable reports that actually mean something?
- What results have your other clients seen from it?
- Does it outperform what I already have, or will it be just another software bloating up my network?
Pitfalls to Avoid When Implementing an AI Cyber Security Solution
Adding software to your organization’s toolkit is rarely a trivial matter, and even less so when you’re dealing with AI. Here are some potential mistakes when deploying an AI cyber security tool:
- Expecting a “set-and-forget” solution that will replace the whole security program: See the first section of this post.
- Thinking that an in-house developed solution will be best-in-show without exploring other available options.
- Expecting that the AI tool won’t require any customization or integration.
- And possibly the most delicate one: Thinking it’ll all work out on automatic pilot without specialized AI expertise on your team or assistance from AI safety experts.
The fact of the matter is that it is no longer viable to delay implementation of robust AI cyber security tools. Bad actors have already started using AI.
A talented cybersecurity team and company-wide awareness trainings go a long way. Artificial intelligence in cyber security simply brings a needed support structure that can assist your teams to prevent attacks and accelerate mitigation if needed. As businesses undergo the digital transformation, it is imperative they also leverage new developments in cyber capabilities.
CyVent is a Certified Partner of Darktrace, a global leader in machine learning applied to cybersecurity, whose technology can detect and autonomously respond to cyber threats that legacy systems miss. Learn more about Darktrace’s capabilities in this white paper.
Updated on May 7, 2019
It’s no surprise to anyone that digital threats are evolving and becoming more complex than ever before. As attackers take their game to the next level, an organization’s cybersecurity program should grow and become smarter along with them. The latest step forward in digital defense comes in the form of machine learning and Artificial Intelligence algorithms that combine the reliability of traditional signatures with the power of Big Data analytics.
Legacy Tools No Longer the Answer to Growing Threats
With the ever-increasing sophistication of today’s security threats, traditional layers of defense like SIEMs, IDS/IPS, and antimalware applications are no longer sufficient. While these tools are certainly effective at thwarting routine port scans or spam emails, the smart security administrator needs to add another layer of security to be truly protected from advanced attacks. Signature-based defenses can’t scale fast enough or stay up to date with critical threats like zero-day attacks or a targeted phishing campaign, and reactive security programs are an open invitation for a data breach. While a business can add more resources to its SOC, or invest in the most engaging security awareness program, an organization’s defense is only as strong as the tools used in that defense. The reality is that security programs built on tools from as recent as 3-4 years ago are already outdated in the face of today’s threats.
Combining Traditional Defenses With Modern Data Analytics
What is the answer to the increasing complexity of these attacks? By pairing the usefulness of legacy solutions with a boost from Big Data, machine learning allows administrators to identify and prevent new or anomalous threats while controlling attacks from traditional threat vectors. Beginning with a baseline of signature files and a sample of normal activity from the network, new security devices can implement machine learning to automatically detect and shut down advanced threats that would otherwise slip past legacy perimeters.
An important component of these AI-driven devices is the ability to aggregate and analyze data from all the environments they are installed in, across multiple customers and industries. For clients who choose to opt-in to the program, smart devices can share their anonymized data in a pool of information from other clients, greatly increasing the samples that algorithms can be based upon. By analyzing data from such a large pool, these devices can leverage predictive analysis to protect an organization from threats that are new to their market but have been seen before in other industries.
In summary, security professionals should be aware that traditional lines of defense are no longer sufficient against today’s evolving threats. Machine intelligence and Big Data are changing the cybersecurity game by combining legacy methods with modern analysis and behavior models and should be seriously considered while building a well-rounded security program. Click here to learn more about machine learning in cyber security.
PHOTO CREDIT: UNSPLASH | JASH CHHABRIA
It’s no surprise to anyone that digital threats are evolving and becoming more complex than ever before. As attackers take their game to the next level, an organization’s cybersecurity program should grow and become smarter along with them. The latest step forward in digital defense comes in the form of machine learning and Artificial Intelligence algorithms that combine the reliability of traditional signatures with the power of Big Data analytics.
Legacy Tools No Longer the Answer to Growing Threats
With the ever-increasing sophistication of today’s security threats, traditional layers of defense like SIEMs, IDS/IPS, and antimalware applications are no longer sufficient. While these tools are certainly effective at thwarting routine port scans or spam emails, the smart security administrator needs to add another layer of security to be truly protected from advanced attacks. Signature-based defenses can’t scale fast enough or stay up to date with critical threats like zero-day attacks or a targeted phishing campaign, and reactive security programs are an open invitation for a data breach. While a business can add more resources to its SOC, or invest in the most engaging security awareness program, an organization’s defense is only as strong as the tools used in that defense. The reality is that security programs built on tools from as recent as 3-4 years ago are already outdated in the face of today’s threats.
Combining Traditional Defenses With Modern Data Analytics
What is the answer to the increasing complexity of these attacks? By pairing the usefulness of legacy solutions with a boost from Big Data, machine learning allows administrators to identify and prevent new or anomalous threats while controlling attacks from traditional threat vectors. Beginning with a baseline of signature files and a sample of normal activity from the network, new security devices can implement machine learning to automatically detect and shut down advanced threats that would otherwise slip past legacy perimeters.
An important component of these AI-driven devices is the ability to aggregate and analyze data from all the environments they are installed in, across multiple customers and industries. For clients who choose to opt-in to the program, smart devices can share their anonymized data in a pool of information from other clients, greatly increasing the samples that algorithms can be based upon. By analyzing data from such a large pool, these devices can leverage predictive analysis to protect an organization from threats that are new to their market but have been seen before in other industries.
In summary, security professionals should be aware that traditional lines of defense are no longer sufficient against today’s evolving threats. Machine intelligence and Big Data are changing the cybersecurity game by combining legacy methods with modern analysis and behavior models and should be seriously considered while building a well-rounded security program.
If you would like to learn more about machine learning in cybersecurity, click here to download "The Enterprise Immune System: Proven Mathematics and Machine Learning for Cyber Defense"...
