15 Jun AI – The Next Frontier of Cybersecurity
Global losses due to cybercrime are staggering. Currently, there are well over a million new cyberthreats released into the wild every day, and nearly all organizations have been victims of some sort of cybercrime. At least one study predicts that annual damages due to cybercrime will reach $6 trillion by 2021.
Countering these threats is a very significant and ongoing concern for enterprises everywhere, and security personnel are desperate to find better tools to protect their organizations. One very promising technology that’s relatively new to cybersecurity is artificial intelligence (AI). With the ability to analyze massive amounts of security related data, AI is well positioned to transform cybersecurity—although it won’t be easy or immediate.
Preventing Cybercrime is Hard Work – Better Tools are Needed
Defending against cybercrime is a daunting task. The threats are complex, constantly growing, and forever changing. Security analysts must investigate massive amounts of data. Furthermore, most organizations don’t have enough qualified security personnel to effectively deal with the number of attacks hitting them. There is a huge shortage of skilled cybersecurity professionals, and most organizations simply don’t have the manpower to even look at all of the security alerts they receive, let alone resolve them. The fraction of alerts that security experts do investigate are frequently disjointed, without context, and short of useful information. This makes the security analyst’s job tedious, slow, and frustrating. All too often there isn’t enough comprehensible data to resolve the situation.
It’s obvious that better tools are need to protect organizations from cybercrime. Fortunately, AI has evolved over the last several years and is very good at solving many of the challenges posed by cybercrime.
Cybersecurity Attains AI
Rudimentary AI has been part of the security industry for many years. Spam filters, antivirus tools, fraud detection, and several other sectors have all used various forms of it. But in recent years AI has evolved into a much more sophisticated set of technologies. The amount of useful security data has dramatically increased, enabling new and better cybercrime analytics. Not only is more data generated than ever before, it’s much easier to get. Most network and security systems now include APIs and interfaces that make their data readily available. This sharing of security data allows AI systems to retrieve and process massive amounts of information that wasn’t available until recently.
Within the past year, numerous security startups, academic organizations, government agencies, and large security vendors have invested heavily in cybersecurity related AI. The U.S. government has also announced various programs to accelerate the technology. For example, the Defense Advanced Research Projects Agency (DARPA) has a program to develop AI to thwart cyberattacks.
The technology has also benefited from years of tuning and human improvements. AI systems are only as good as their human designers, and because cybercrime is so complex, it takes years to develop. But with several additional security sectors all working on AI over the last few years, a number of very good products are already on the market.
Example security tools with sophisticated AI include:
- User and Entity Behavior Analytics (UEBA)
- Data loss prevention (DLP)
- Advanced malware & phishing protection
- Cyberattack prediction
- Fraud detection
- User authentication
- Site reputation services
Because of the rapid developments in data retrieval, scalability, security-specific analytics, and other AI technologies, additional cybersecurity solution providers are adding the technology each year.
AI for Cybersecurity Provides Many Benefits
When AI is added to an organization’s security solutions, there are a number of significant benefits. First, AI automatically correlates and analyzes massive amounts of data that would be virtually impossible for the security team to process manually. The reality is that in most security operation centers, analysts must make an educated guess as to which alerts they will investigate. The rest, which can literally be hundreds of thousands or even millions of potential threats are ignored. That’s risky, but happens every day in many organizations. AI can investigate all of those alerts, quickly determining which ones can be safely ignored and which ones require follow up.
When an incident does need to be investigated, security analysts typically need to examine dozens if not hundreds, or even thousands of additional information sources. It’s like finding a needle in a haystack. By applying AI, the time it takes to perform that task can be reduced dramatically.
Second, AI can provide analysts with a hierarchy of information and reports. Thousands of related events can be consolidated into a single, summary alert. For example, if a user’s logon credentials have been compromised, a single sentence can inform an analyst of the situation, specifying if damage is done, or if the only action required is resetting the victim’s password. The analyst can also drill down and see mid-level data to understand which systems were affected. If necessary, detailed data can also be viewed to provide proof points and additional information regarding the incident. AI’s ability to organize data in this manner is extremely useful.
Third, AI leverages the existing security staff—making them more effective and potentially reducing the need for additional, hard-to-find personnel. AI works 24 hours a day, seven days a week. It never tires, or gets sick, and easily scales when the workload increases.
AI Is Vital to Cybersecurity’s Future
AI is rapidly becoming a vital technology. Although it will continue to evolve as computing power increases and its learning compounds, it is already a valuable asset for many security applications.
It is by no means a cybersecurity cure-all. AI is not always perfect and it can be defeated in some situations. That doesn’t mean we shouldn’t use it. We just need to understand its current limitations and continue investing in it to improve its capabilities.
Cybercriminals aren’t resting on their laurels. The security industry needs every tool in the arsenal to effectively fight off their attacks, and AI is one of them.
 Cybersecurity Ventures, 2016 Cybercrime Report