Chief information security officers (CISOs) have their hands full trying to keep one step ahead of clever and well-funded cybercriminals. The good news? Artificial intelligence, or AI, is a growing presence in the fight.
AI, a term often used interchangeably with machine learning, runs sophisticated algorithms that educate themselves about the latest vulnerabilities by looking for patterns hidden in multigigabytes of threat data.
“AI is front and center in the cybersecurity industry,” says Doug Cahill, group director and senior analyst at the Enterprise Strategy Group. “It’s being implemented at every layer of an organization’s defenses: for websites, cloud apps, email and end-user devices.”
Here’s a look at AI developments in cybersecurity, and tips for how to select the AI service that works best for your team:
A Safety Net for Human Error
Human vulnerability exploited by email-launched phishing attacks remains a highly successful way to breach security defenses. Ninety-six percent of social engineering exploits in 2017 used email as the delivery vehicle, according to the “Verizon 2018 Data Breach Investigations Report.”
AI bolsters security by going above standard cyber defenses to vet an email’s source. Consider what happens when a new message hits an organization’s email gateway. A standard anti-virus program will first check the sender’s identity against a list of trusted or banned sources to accept or block the message. But if the veracity of the sender is unknown, the security program applies AI to inspect the sender’s address, characteristics of the message and any embedded URLs or attachments, looking for clues.
“AI algorithms are getting more accurate at finding patterns that indicate malware as cybersecurity vendors run them against absolutely massive collections of known good software and known bad software,” Cahill says.
The same pattern-recognition capabilities that spot suspicious characteristics for email can also spot tell-tale signs of file-less malware infections in scripts and administrative tools, Cahill says. Similarly, AI analyses will raise a red flag if someone who signed in from California at the beginning of the day tries to log in from Hong Kong a couple of hours later.
Experts warn that successful breaches are a matter of when, not if, even for the most diligent organizations. Many organizations take weeks or months to discover infections, the Verizon report notes, giving malware plenty of time to spread across networks and stealthily exfiltrate valuable information.
The use of AI in security technologies promises to shorten discovery time frames. It can monitor large volumes of network log data quickly to spot patterns revealing unusual behavior indicative of malware. When AI can alert an organization of suspicious activity more quickly, the security team can limit the damage.
“AI is front and center in the cybersecurity industry. It’s being implemented at every layer of an organization’s defenses: for websites, cloud apps, email and end-user devices.”
Four Elements of an AI Game Plan
AI capabilities are a hot topic among cybersecurity experts, so nearly every vendor is quick to promise cutting-edge AI capability. It’s up to CISOs to determine which solution will be best for their unique requirements. The decision process should start with four important considerations:
Assess the quality of machine-learning algorithms. Algorithm effectiveness is an important way to differentiate vendors and products, but evaluations can quickly turn into highly nuanced technical discussions, making apples-to-apples comparisons difficult, Cahill says. “If an organization has the resources, it should create a test bed environment to gauge product performance using copies of its production data,” he says. That provides live and actual performance data.
Investigate related capabilities. Cahill also advises that companies look beyond algorithms to what related capabilities vendors offer, such as security training for end users and technical instruction about AI for the security personnel.
Evaluate each solution’s ability to use AI to automate some security tasks so your staff can work more efficiently. The intense competition among companies for cybersecurity skills is creating a talent shortage that challenges CISOs to attract and retain experienced people. AI can provide a solution to that. “Evaluate how well the AI solution can automate the tasks that employees are now performing,” says Jon Clay, director of global threat communications for security company Trend Micro. “AI may enable them to perform other, more important tasks within security operations.”
Weigh the value of working with a managed security services provider (MSSP) that uses AI-based technologies for its services. Not only will an MSSP give organizations access to the latest AI innovations, but it will also lessen the need to hire highly paid AI experts for their own security teams, Cahill says. Depending on the size of an organization, hiring a security staff with AI knowledge and then keeping them trained can be costlier than moving to managed services. An MSSP acts like an extension of the business’s IT team and ensures access to updates and patches as soon as they are available.
Although AI can enhance security, it’s not a cure-all. “AI won’t solve all your security problems,” says Raja Patel, vice president and general manager of corporate products at security company McAfee. “Think about it as a way to advance the security posture, not as a silver bullet.”
“Make sure you’re getting the full benefits of the security programs you’re already using to secure the environment,” Patel says. That includes upgrading security software to the newest versions to get the latest capabilities and updates.
Additionally, CISOs should assume hackers are also implementing AI to uncover vulnerabilities in systems. Gaps like these fueled the global WannaCry ransomware attack in 2017.
“Every time we come out with a new mousetrap, the bad guys will work to find ways around it,” Patel says. But in the global security arms race, having AI in place is going to become an essential part of the toolkit, especially as hackers look to use it for their own ends. In addition to other security protocols, AI programs can help keep the good guys one step ahead.