Data. More and more data flows in and out of modern networks at every glance. Data lives on premise, in the cloud, on laptops, phones, USBs, and just about anything else around us including appliances. As helpful as this data is to us, it can be used against us surprisingly easily. So, I’ll ask the question that we’ve all been asking since we gained widespread access to the internet: What is the answer to securing all of this data and keeping it private? Is there an answer at all?
The latest candidate for that answer, and newest buzz word in the industry, is Artificial Intelligence (AI) or Machine Learning. AI seeks to improve the efficiency of cyber security by removing the human component from locating and acting on cyber threats, thereby eliminating human error. While traditional security systems focus on rules and signatures to protect against known behaviors, signatures and attackers, AI aims to be autonomous and to learn for themselves what passes as a secure system. AI systems process the enormous load of logs and alerts that pass through our environments every day without the need for human intervention. Ideally, they won’t ever miss an alert, get tired, or have a sick day to create a backlog. AI systems can also take action on events based on their built-in algorithms by learning what is normal and what is anomalous to make decisions against anything outside of the normal realm of operations. All of this together helps us to scale security in otherwise overwhelming situations, and to eliminate or reduce possible blind spots created by the sheer volume of daily attacks. This is a huge benefit to security professionals that can rely on automated systems to do the bulk of the work, while spending crucial time planning and implementing other aspects of security.
So, why isn’t everyone using AI and Machine Learning already? There are some that don’t trust automated systems to protect their environments completely without the oversight of human eyes and hands, and they wouldn’t be entirely wrong in their thinking. If attackers know what software and algorithms are in use and can have a reasonable understanding of the markings that the machine uses to learn or see behaviors, one could theoretically write a malware that would accurately slip past the AI flags. Even more likely, these systems could simply be set improperly by either the user or the vendor. Improper settings with any form of technology could create large holes or overly restrictive alerts that increase log rates instead of lowering them. Of course, these are problems faced with any security system, the question still remains if AI Machine learning is the answer, or at least the start to an answer, that we’ve been searching for.
Time will tell what eventually becomes our silver bullet against all threats cyber, but for now the best answer remains to build defense in depth. We recommend AI and Machine Learning to defend against advanced attacks, as we believe that the benefits of such an advanced technology can greatly improve the day to day functions of security operations. With this said, we also believe that Artificial Intelligence, Machine Learning, or any new technology should be apart of a wider arsenal of cyber defenses. Old fashioned anti-virus and firewalls prevent the things we know about; machine learning and sandboxing can protect us from some things we don’t; and talented cyber security professionals can be clever enough to find and resolve anomalous behavior and set up their systems properly. All aspects of cyber security should work together to ensure us the highest confidence possible and keep us just far enough ahead of those that would do harm.
However, if you have unpatched systems, accessible from the Internet that contain critical data, AI will not keep you safe. To many organizations are still thinking AI will be the quick fix to sloppy security practices. Build the proper foundation and apply AI as an extra level of protection.