In a recent Finjan blog ‘Why Can’t Network Security Get Ahead of the Bad Guys?’, we wrote about the difficulty of staying ahead of hackers and attackers. To help address this issue, one industry bright spot is the application of Artificial Intelligence (AI) and Machine Learning (ML) to provide a programmatic approach to building and maintaining improved cybersecurity. In this blog, we unpack that concept in more detail.
What
are AI and ML?
AI and ML are often used together in the same
sentence or used interchangeably. But they are different:
AI is software that attempts to
create or mimic a decision mechanism similar to the human brain. The history of
AI dates back to Alan Turing’s initial work in computer science
in the 1940s and then began to pick up speed in the 1950s. Initially, AI was
all about mimicking the human brain and that has proven to be a very hard
problem. More recently, and this has paved the waved to significant advances,
the field of AI has turned its attention to decision mechanisms in more
specific fields. Network security is one of those fields.
ML is a branch of AI, and defined
by Computer Scientist and machine learning pioneer Tom M. Mitchell,
“Machine learning is the study of computer algorithms that allow computer
programs to automatically improve through experience.” ML relies on working
with small to large datasets, by examining and comparing the data to find
common patterns and explore nuances.
Hence, when we talk about AI and ML applied to
cybersecurity, the focus is really around using machine learning to develop
advanced algorithms that can anticipate (and stop) future cybersecurity attacks
AI and
ML are not Panaceas, but they are Part of the Cybersecurity Landscape
AI and ML are certainly not perfect. Indeed,
there are industry experts who downplay AI/ML’s impact on cybersecurity. As outlined by Gartner Research Vice President
Augusto Barros, “ML is used to identify known behavior, but with variable
parameters. What does that mean? It means that many times we know what bad
looks like, but not how exactly it
looks like. Although ML-based detection is a different detection method, the
process is still very similar to how (vulnerability) signatures are developed.”
That noted, the limitations of human software
programmers to deliver cybersecurity solutions at scale is limited. For
example, conventional systems utilize Advanced Threat Prevention to detect cyber
threats and protect against them. However, about 845 million malwares were
detected in 2018 and around 10 million new malwares are created every month in
2019. This is where AI and ML play a key role in cybersecurity; keeping up
with, and getting ahead of, attackers and hackers (who are themselves relying
on AI and ML).
AI and
ML Cybersecurity Applications Today
Recognizing these approaches are not perfect
but are now mandatory in the pursuit of cybersecurity, here are some examples
of where they are currently be applied:
Fraud
Detection
With the explosive growth in online banks,
ATMs, etc., bank fraud is big business. Celent
expects the growth of risk management and risk-related regulatory compliance
technology spending in 2019 to hit $72 billion. Today, many fraud detection
solutions are bespoke or application-based. They are not well designed for
detecting fraud in real-time and many generate false positives well in excess
of 75%. Banks are using AI and ML to identify “probable” fraudulent
transactions and/or sessions and are tightening fraud detection models to lower
the number of false positives.
Email
Hacking
A recent CSO Online article pointed out that 92% of all
malware is delivered by email. Trend Micro is developing new machine learning
(ML) algorithms to examine large volumes of data to predict if unknown files
are malicious or not. The company’s Writing Style DNA technology prevents email
impersonation by using AI to recognize the DNA of a user’s writing style based
on past emails, which it compares to suspected forgeries. The technology verifies
the legitimacy of the email content writing style through an ML model that
contains the legitimate email sender’s writing characteristics.
Healthcare
Records Protection
Cybersecurity has become a significant concern
for healthcare organizations, threatening to cost them $380 per patient record.
But, while healthcare security is among the use cases with big potential for
artificial intelligence and machine learning, the underlying reality is that
both hospitals and hackers have access to the same technologies. “AI is a
dual-use technology that can be deployed defensively or offensively,” said Lee Kim, Director of Privacy & Security at
HIMSS. “There are malicious uses of AI.”
Recommendations:
What can you do now to Implement AI and ML as part of your Security Strategy?
Learn
Get acquainted with the underlying
technologies and trends of AI and ML and how they are being applied to
cybersecurity problems in your industry. Leading organizations like the SANS
Institute and RSA
have white papers, webinars and educational programs targeted at InfoSec professionals
at all levels. This content is generally vendor-agnostic and draws from a wide
variety of industry, government and academic experts.
Evaluate
When considering AI and ML based cybersecurity
solutions, break your decision-making process into basic questions such as: How
does the solution work? How is AI or ML applied and used? What data is used?
Has it worked for others? What have been the results?
Apply
Go slowly. Apply AI or ML to a test one narrow use case. While your results are limited to that one use case, your learnings can be generalized to other use cases. Review the questions and answers from the “Evaluate” section above to determ
The post Advances in Network Security via AI and Machine Learning appeared first on Finjan Blog.