Artificial intelligence (AI) applications for cybersecurity tasks are attracting increased attention from the public and private sectors. Estimates indicate that the cybersecurity AI market will grow to a net worth of $34.8 billion by 2025. The latest national cybersecurity and defense strategies of several governments explicitly mention AI capabilities. At the same time, initiatives are emerging worldwide to define new standards and certification procedures to build user confidence in AI.
Traditional cybersecurity controls have become obsolete
For most security scenarios, AI enables capabilities that go beyond the identification of known threats. AI models can determine the maliciousness of a file without prior knowledge of the file, relying instead on analysis of the file’s innate properties. With sufficient quality data available, AI techniques easily outperform traditional prevention approaches based on signatures or indicators of compromise (IoC), which retroactively look for artifacts left behind by an attacker during a breach.
Applying AI to cybersecurity
AI is ideally suited to solve some of our toughest problems, and cybersecurity certainly falls into that category. With today’s ever-evolving cyber attacks and proliferation of devices, machine learning and artificial intelligence can be used to keep up with the bad guys, automate threat detection and respond more efficiently than traditional software-based approaches.
At the same time, cybersecurity presents some unique challenges:
- A vast attack surface.
- Tens or hundreds of thousands of devices per organization.
- Hundreds of attack vectors.
- Major deficiencies in the number of trained security professionals.
- Masses of data that have gone beyond a human-scale problem.
A self-learning, artificial intelligence-based cybersecurity posture management system should be able to solve many of these challenges. Technologies exist to properly train a self-learning system to collect data continuously and independently of all information systems in your company. This data is then analyzed and used to perform pattern correlation between millions and billions of signals relevant to the enterprise attack surface.
The result is new levels of intelligence that feed human teams in a variety of cybersecurity categories, including:
- IT Asset Inventory: Obtaining a complete and accurate inventory of all devices, users and applications with access to information systems. Categorization and measurement of business importance also plays an important role in inventory.
- Exposure to threats: Artificial intelligence-based cybersecurity systems can provide up-to-date knowledge of global and industry-specific threats to help make critical prioritization decisions based not only on what could be used to attack your business, but also what is likely to be used to attack your business.
- Effectiveness of controls: It is important to understand the impact of the various security tools and security processes you have employed to maintain a strong security posture. AI can help you understand where your security program has strengths and where it has gaps.
- Prediction of default risk: Taking into account IT asset inventory, threat exposure and control effectiveness, AI-based systems can predict how and where a breach is most likely to occur, so you can plan the allocation of resources and tools to areas of weakness.
- Incident response: Artificial intelligence-driven systems can provide improved context for prioritizing and responding to security alerts, for rapid incident response, and for discovering root causes to mitigate vulnerabilities and prevent future problems.
Making AI in cybersecurity trustworthy
Nascent standards and certification methods for AI in cybersecurity should focus on supporting AI reliability, rather than trust.
Conceptually and operationally, supporting AI reliability is different from promoting AI reliability. AI reliability implies that the technology can technically perform cybersecurity tasks successfully, but the risks of the technology behaving differently than expected are too high to give up any form of control or monitoring over the execution of the delegated task.
3 ways Artificial Intelligence in cybersecurity can be trusted:
- In-house development: The most common forms of attacks on AI systems are facilitated through the use of commercial services that offer support for AI development and training, such as virtual machines, natural language processing, predictive analytics and deep learning.
- Adversarial training: AI improves its performance through feedback loops, which allow it to adjust its own variables and coefficients with each iteration. That is why adversarial training between AI systems can help improve their robustness, as well as facilitate the identification of system vulnerabilities.
- Parallel and dynamic monitoring: Limits in assessing the robustness of AI systems, the deceptive nature of attacks, and the learning abilities of target systems require some kind of constant (not merely regular, i.e., time-lapse, but continuous, 24/7). Monitoring is necessary to ensure that divergence between the expected and actual behavior of a system is captured early and quickly, and addressed appropriately.
Use of AI by adversaries
IT security professionals can use artificial intelligence and machine learning (ML) to enforce good cybersecurity practices and reduce the attack surface rather than constantly chasing malicious activity. At the same time, government-sponsored attackers, cybercriminal gangs and cybercriminals can employ these same artificial intelligence techniques to defeat defenses and avoid detection.
As AI matures and increasingly moves into the cybersecurity space, companies will need to protect against the potential downsides of this exciting new technology:
- Machine learning and artificial intelligence can help protect against cyberattacks, but hackers can thwart security algorithms by targeting the data they train on and the warning flags they look for.
- Hackers can also use artificial intelligence to break through defenses and develop mutant malware that changes its structure to avoid detection.
- Without large volumes of data and events, AI systems will provide inaccurate results and false positives.
- If data manipulation goes undetected, organizations will have difficulty retrieving the correct data feeding their artificial intelligence systems, with potentially disastrous consequences.
Summary
In recent years, AI has emerged as a necessary technology to augment the efforts of human information security teams. Since humans can no longer scale to adequately protect the dynamic enterprise attack surface, artificial intelligence provides much-needed analysis and threat identification that cybersecurity professionals can act upon to reduce breach risk and improve security posture. In security, AI can identify and prioritize risk, instantly detect any malware on a network, guide incident response and detect intrusions before they start.
AI enables cybersecurity teams to form powerful human-machine partnerships that push the boundaries of our knowledge, enrich our lives, and drive cybersecurity forward in a way that seems greater than the sum of its parts.