In the race between cyber security and cybercriminals, the latter have always had a head start. Now security teams can catch up on the lag, thanks to artificial intelligence (AI). Learn from this post how things work out.
Artificial intelligence (AI) is springing ahead in ever more application domains, from chatbots in customer service, to industrial control systems, intelligent smartphone assistants such as Siri or Google Voice, smart video surveillance systems or autonomous drones. And it is on the verge of revolutionising also cyber security: the market is already offering the first solutions with AI, which can recognise cybercriminals’ attacks and tactics practically in real time, analyse them in depth, and fight them back quicker than the existing solutions. And these systems optimise themselves continuously, learning on their own and adapting themselves to current threats and requirements.
The experience of everyday in any enterprise shows how much the need for smart solutions is felt: the growing digitalisation and the ever-tighter networking brought forth by the Internet of Things provide hackers with a growing attack surface. And every day sees the appearance of almost 400’000 new malignant programmes, which means a mind-boggling number of five a second! It is no wonder then, that IT security teams are hardly able to detect attacks in time, and fight them back. To compound things, the defensive strength of traditional systems keeps consistently shrinking. So, it turns out that all of 150 days go by, in average, between a successful attack to an enterprise and the time it is even just identified; and in this time frame, attackers are free to come and go in the enterprise, and embed themselves deeply in its structure.
However, this changes with the deployment of security systems with embedded AI, which can perform breach detection practically in real time. This is made possible by the so-called “Machine Learning”, a subset of artificial intelligence. The roots of this method date back in the 1960s, but only now do we have the required computing power available, as well as access to the required large stores of data and connected evaluation skills; which make the method fit for use in practice.
Two methods of machine learning are most relevant in the domain of cyber security. In the so-called supervised machine learning, the system is fed with known data samples and hacker behaviour; the system abstracts samples and common patterns, and learns how to recognise them reliably in the future. In unsupervised machine learning, instead, the system adapts itself continuously to the environment in which it is employed: in everyday context, it makes itself acquainted with the properties of typical data traffic in the enterprise network, so that after some time it can discover any deviation without fail. The striking force of this defence method is increased by a combination of the two methods: in this way, the spectrum of attacks which can be recognised is enormous.
But we must not think that modern AI has reached here the end of its capabilities. The so-called “deep learning technologies” make machine learning in security systems yet more effective. These methods mimic the way in which the human brain works, and thus simulate a tightly interwoven network of nerve cells; a real “neural network”, placed in hierarchies on several levels. In this way, starting from simple dependencies the network can learn concepts that are ever more complex.
In grasping and solving complicated problem situations,Deep Learning has proved itself superior to highly intelligent and experienced humans, as was proved by a Deep Learning system run by Google, when it defeated one of the world’s best players of “Go”. The number of possibilities in the Chinese board game is too big for any computer to calculate, e.g. those programmed to play chess. In order to win, the computer must understand the tactics and playing individualities of its human adversary.
Which is exactly what Deep Learning can provide also in cyber security: it learns about new threats in real time and autonomy, understanding also the behaviour of the attacker; and recognises totally new malware, tools and types of attacks.
As Security Officer, you are supported on two levels. On one side you can identify, classify and quantify precisely any threat, object or incident with the help of Deep Learning, so that the level and motivation of the threat are clearly outlined. On the other hand, systems that master Deep Learning and the related experience, can foresee which situations can lead to security incidents in the future. This wisdom puts your IT security team in a position to strengthen risk areas, efficiently employing their scarce resources in a more target-precise way than has ever been possible.
Whether AI systems shall finally decide the outcome of the cyberwar is still open to speculation – sooner or later we must expect hackers to adopt intelligent solutions as well. But in the next few rounds the IT security teams must thank intelligent security applications for the decisive advantage they have given them!