Using AI in Cybersecurity
The Growing Problem of Enterprise Network Security
When it comes to integrating AI-based processes into security, it isn’t just useful; it’s become essential and is rapidly becoming mission critical to organizations of all sizes.
The rapidly expanding attack surface of virtually every enterprise, with the proliferation of Internet of Things (IoT) devices and cloud systems is a leading reason why artificial intelligence (AI) has become essential in security.
Organizations have moved from securing thousands of devices to potentially millions. Within this new surge in network traffic are billions of time-varying signals, all of which must be analyzed to assess risk. Security is becoming incredibly more complex in just a handful of years because there is far more to attack.
Add to this the fact that malicious attackers also have AI at their disposal: Their attacks have become more sophisticated and frequent – with AI allowing them to automate breach attempts. Those threats can’t possibly by handled manually with even the largest organizations now suffer from a severe lack of security professionals.
Many organizations exploit cloud technology to expand their digital operations geographically, but the downside is that this expansion augments network complexity and the attack surface further.
The global cost of a typical enterprise data breach has reached $3.86 million, according to a report by Norton, requiring an average recovery period of 196 days. The problem is getting worse to the point that enterprise security is now beyond human scale. New allies are needed in this effort, with AI in cybrsecurity rapidly becoming a much-needed savior.
How AI in Cybersecurity Solves Problems
If the list of new complications that have entered the cybersecurity mix is daunting, there’s nonetheless a positive: for every complication, there’s an AI opportunity. The list is long:
Automated threat detection. With AI, threats can be detected before they become costly. The security system can potentially be trained to detect a dedicated denial of service attack (DDoS) attack long before it becomes critical.
Threat exposure. Through AI, it’s now possible for a security system to be frequently updated on both global and industry-specific threats, and to prioritize them according to their local potential to occur.
Asset management. It’s stated above that much of the problem today is the proliferation of IoT, which opens up the attack surface; AI helps manage the burgeoning ocean of devices, to navigate their firmware updates and security patches, where no human security professional could reasonably be expected to do so.
Gap detection. In large and complex networks, it’s likewise prohibitively difficult for human professionals to test for potential gaps in security; AI can, however, handle it.
Self–learning systems. AI in cybersecurity makes it possible for a system to learn as it grows, with each success and failure, self-tuning to become increasingly efficient and effective.
Breach risk prediction. With self-learning, device management, ongoing gap detection and threat exposure, the system can learn to predict the risk of breach under a wide range of scenarios, and even to prioritize those risks – making it possible for the human security professionals to focus their attention on the greatest ones.
And a couple of AI positives fall into the category of “aftermath” – useful features to have when an attack has succeeded:
Incident response. AI can provide the detailed context of the attack and its impact for subsequent study, so that the human team can understand what went wrong and how cybersecurity can be improved.
“Explainability.” AI can assist in surfacing root causes for defensive failures, making it easier to improve both infrastructure and deployment, rather than just policy and management.
Specific AI in Cybersecurity Innovations
As AI offers new functionality and potential for new cybersecurity threats, how do these play out as explicit features?
Threat hunting. A common feature offered by many cybersecurity vendors. It refers to automated threat scanning, a proactive rather than reactive approach: The system is doing more than simply monitoring endpoints for known intrusions. It’s actively analyzing traffic to detect not only known patterns but unfamiliar ones of possible concern.
The former approach – signature-based detection – is somewhat effective, being able to corral 90% of known threats. AI however can do much better, analyzing network traffic data and seeking out patterns of all kinds, thus spotting the unexpected. But this, unsurprisingly, will result in a flood of detection of things that might be threats, but aren’t, leading to wasted time. Many vendors, then, accommodate a hybrid approach: signature-based detection for the routine stuff, AI-based pattern analysis for the rest.
Vulnerability management. The management of network vulnerability is getting more difficult.
More than 20,000 new vulnerabilities were reported in 2019, an increase of 17.8% over the previous year. Many vendors offer tools and features for mitigating that vulnerability (see “Threat exposure” above). This is a feature to look for in evaluating any cybersecurity vendor platform.
Network security. Though it may seem a mundane concern, it is alarming to consider how many attacks succeed simply because rules or policies weren’t distributed through the network in a timely fashion, or firmware updates or patches weren’t applied in all devices. Many cybersecurity vendors now offer AI-driven policy and update management – an obviously effective if unglamorous consideration.
Some Unusual AI Cybersecurity Use Cases
All of the AI cybersecurity features and functionality detailed above is well-established; but the field is growing so rapidly and successfully that a wide range of less obvious but still interesting applications can be found. Here are a few:
- Gmail uses AI machine learning to block more than 100 million spam messages a day – many of which are phishing threats or other potential intrusions; Google’s AI can passively analyze mobile endpoint threats.
- S. Homeland Security uses an AI cybersecurity system called AVATAR to screen body gestures and facial expressions to identify potentially dangerous persons.
- IBM Watson, with its cognitive training features, is able to offer machine learning for customized threat detection in non-traditional scenarios.
- The California company Armorway combines AI with game theory to augment its threat prediction offering.
This is just a sampling; it isn’t overstating to say there are nearly as many customized cybersecurity defenses deployed today as conventional ones.
It should be clear that cybersecurity is such a sprawling field at this point that no single vendor can address every threat or concern. Selecting a vendor, then, becomes a matter of prioritizing an organization’s most pressing cybersecurity needs and choosing a vendor that most closely aligns with those needs.
In embracing AI, the cybersecurity vendor community has produced an array of innovative offerings. It makes for a rigorous search, but chances are there’s a vendor that can provide just the functionality for even the most obscure cybersecurity use cases.
A Final Caution
All of this is good news, of course, but there’s some not-so-good news. While the modern enterprise would be foolish not to consider all of the above, there are also some more sobering considerations.
The amount of resources required to implement cybersecurity is considerable. Almost everything mentioned above is costly, resource-intensive, and ongoing. Upper management must be willing to make a permanent commitment.
AI-based cybersecurity depends on training data, and that’s hard to come by. This is true of any machine learning system, and all the more so in the complex landscape of cybersecurity. The systems get better over time, but it’s essential to be patient in the early days.
The malicious attackers know everything you know, and they have the same tools.
That’s perhaps the most sobering point of all. But it also underscores the urgency of folding AI into cybersecurity, doing it now, and doing it right.