AI-built Cybersecurity: Our Best Defense Against Today's Cyber Attacks
With the amount of cybersecurity jargon and terminology that exists on websites, brochures, and in conversation, it’s easy to assume that “AI” is just another marketing buzzword being used to sell security products.
However, while perceived as new and shiny, artificial intelligence is a real technology that represents a fundamental shift in how companies are better protecting themselves from cyber attacks to ensure that their information – and reputations – stay intact.
More importantly, AI may, in fact, turn out to be our best, sustainable, defense against cybercrime.
First, let’s take a step back and look at the overall problem. Cybersecurity threats are growing in both quantity and sophistication at an outstanding rate, with AI and other automated techniques being used to create new malicious and shapeshifting code.
It’s become a true numbers game that is turning the traditional model for threat detection on its head, made even more dangerous by the fact that attacks are now deliberate and strategic in nature.
Historically, AI cybersecurity companies create profiles (signatures) of newly identified malware by reengineering malicious code.
These signatures are then distributed to their protection software via a constant stream of updates, ensuring that the solutions can spot and protect against those specific attacks. This would be much like distributing photos of known bank robbers to all the banks, knowing that they would be able to spot and stop those specific robbers if they walk in.
While effective against known threats, this approach starts to break down quickly due to the fact that most new malware has never been seen before.
Additionally, the human cost and resources required to re-engineer malware become unsustainable due to sheer scale. To go back to our analogy, how does a bank proactively stop a brand new criminal on their first (and potentially only) robbery?
And here lies the beauty of AI for cybersecurity. By training a machine learning model on hundreds of thousands of samples of known malware that have been captured in the wild, the model learns what genetic, code-level features and characteristics commonly exist in malicious files. Then, when deployed in a cognitive agent, the model can look for those markers and predict whether the file is harmful or not.
This has tremendous implications. First, it means that previously unknown files can be analyzed in real time without any previous context or signature reengineering. This provides a true solution to combat never-before-seen malware that is then deployed in a sustainable fashion.
Additionally, because signatures are no longer required, AI eliminates the constant stream of signature file updates that once sucked the performance away from millions of legacy antivirus users. This means that users can operate with minimal disruption.
But at the end of the day, not all AI is created equal. First, from a technical perspective, cybersecurity companies are not quite yet AI companies. Though they may use machine learning in their approach, their models are still heavily biased towards what the staffed threat researchers tell the model to look for.
This is a different approach that an AI company would take, where they would use cutting-edge research and new techniques to keep each model unbiased and let data determine what characteristics to prioritize and train on. In essence, this practice is the only way to get truly objective results that directly correlate with higher threat prediction accuracy and fewer false alarms.
In other cases, software vendors are looking to capitalize on the AI buzzword by appending machine learning models into their solution without fully eliminating signatures and rules in their approach. This does little to reduce the known performance impact on users and it’s unnecessary, given that we can solve this problem today with technology.
Unfortunately, the attacks won’t stop. Just in 2019 alone, major companies and municipalities continue to be targeted.
It's time we fight fire with fire.
And it’s becoming impractical and irresponsible to not leverage AI in today’s security stack.
As you learn more and get started, ask yourself:
- What are my personal and business risks if I get breached through my business?
- What does my current cyber program look like and is it enough?
- What technologies can I apply now in order to improve my protection?
The good news? It has become easier than ever to adopt AI technology, with a new SparkCognition solution designed for small businesses.