Will Artificial Intelligence improve security in 2020?
Artificial Intelligence (AI) and Machine Learning (ML) are two of the most hyped buzzwords in the last few years. Will they pass the peak of the Hype Cycle and deliver more true business value and improved security in 2020?
AI at its best
The truth is that AI is a very diverse beast. It has potential in many different areas; especially so within cybersecurity. Already today AI is very efficient at predicting and preventing threats where new variants of malwares can be detected and blocked, even ones that have never been seen before and don’t exists in any signature libraries. This is a great implementation of an AI engine that enables true Zero Day Protection—the ability to provide protection against malware not previously seen in the wild. This approach can be combined with scanning for known threats with signature too. It’s complementary—it doesn’t have to be a binary choice. The fundamental mathematical model that is built up to train the AI engine to detect malware is fed with lots of samples – samples that are marked good or bad, in order to teach the model how to classify different file types.
AI on its way up
Artificial Intelligence can also be used in other scenarios within cybersecurity such as in SIEM and SOAR solutions. Here the needs are to detect threats and abnormal user behaviors by processing log and event data from multiple sources in a network. There can be different ambition levels but in general the AI maturity in terms of solutions delivering true business value is lower here. There is a big potential but still most AI generated insights lead to recommendations for human actions rather than full closed loop automation. Why? Because looking at log data for anomalies requires lots of data.
Do they know it’s Christmas…?
We are approaching the holidays and with this in mind it’s easy to relate to the complexity and power of AI. How would a system be able to know that my online behavior during Christmas and New year is normal if it never experienced it before? We need to help it by training it with lots of data.
Excluding special events—typically time-based anomaly detection algorithms require 3-4 relatable sets of datapoints to compare too. E.g. any given Thursday requires the same granularity of data for all Thursday’s 3–4 weeks in history. But clearly that doesn’t help for special events like those at the end of the year—or during an election—or other similar events. To understand one election is deviating from previous ones. You need comparable data.
Will AI be a threat or an opportunity?
It’s a constant battle where the attacking side also utilizes the latest technologies. AI is used to learn user behaviors of potential victims to personalize phishing attacks or adopting malwares to enable them to pass undetected. There are also huge economical resources and potential gains in cybercrime.
But used in the right way AI is also a great opportunity. To detect malware, it’s awesome. To spot anomalies in behavior on your network it’s useful as a guide. It can mark interesting events, but the power of action may stay with the human security manager for now. The power of AI is to give good and fast recommendations—something we like to call Prescriptive Analytics.
Who will win the battle during 2020?
What we know for sure is that there’s risk of a lot of losers and therefore a need for good protection. AI is here to stay, and cybersecurity will continue to evolve with technology innovation – the best approach for CISO’s is to utilize it with small steps to take advantage of its power but not letting it take over decision making.
Merry Christmas and a Happy New Year!
Read more on how to know your protection status in our whitepaper