Many of our customers have been asking about Artificial Intelligence (AI) and Machine Learning: asking whether AI tools exist that can protect their businesses more effectively than conventional cyber security solutions.
AI is very much a buzzword in IT and security at the moment, there’s a vast amount of potential in this technology and businesses and organisations are keen to explore it. Better protection, less downtime and disruption, and cost savings are all motivating factors that make AI solutions look extremely attractive.
However, AI is not a golden bullet. In fact, I would argue that currently we don’t have any applications that truly use AI to protect IT systems. We’re not yet at the AI level because security systems can’t rewrite their own code to compensate for weaknesses in current code: can you imagine how much of a QA nightmare that would cause for you? And what happens when you need to patch?
Instead, what we currently have available is Machine Learning, the first step to AI, which is already being used in many cyber security tools like BroadBot Plus.
How Machine Learning Works In Cyber Security
The current landscape in cyber security with general pattern matching means that an attacker can spend as much time as they like studying your business or organisaton; some can spend several months or years learning about your environment, systems and detection mechanisms. When they have found a way around those measures they move in for the kill. The ball is then in your court. You’re probably using a system that has generic pattern recognition for a broad range of industries, but few or none for your specific way of doing things.
The attacker’s months of research on a new technique to counter your defences is now met with your capability to detect and thwart them in less than fifteen minutes. If you succeed, no loss to them, they just keep researching until they get it right. They only have to be lucky once, but you have to be lucky every time.
When AI and Machine Learning comes into the game it exceeds our human ability for quick thinking. It can do things such as detect anomalous behaviours or patterns and alert on them for a human or some systems to take action. AI and Machine Learning have the potential to have a better ability to recognise such attacks and take actions to counter them.
Currently those actions are limited. As mentioned above, AI would mean security systems could rewrite their own code to remove vulnerabilities. Machine Learning on the other hand can take certain actions such as blocking risky users depending on predetermined rulesets. The technology doesn’t necessary replace security analysts and reduce salary costs to the business; instead it processes vast amounts of data to free up your team’s time to focus on other more complex activities.
So far, so good. But while there are some gains to be had by using Machine Learning cyber security tools, there are also limitations.
- It’s biased. Machine Learning will take the first few patterns you give it and create new patterns based on those. It won’t necessarily be able to apply someone else’s patterns to your specific context. You send it in the direction you want it to go and it will continue
- It can also be poisoned. It’s been observed that malicious actors can input bad data into your system to throw off your Machine Learning algorithm and make it look in completely the wrong places. A bit like figuring out what the drug sniffing dog likes as a reward, and then leading them straight to the reward so they don’t find the drugs
- It needs to learn. It doesn’t know everything about your environment until it does. For example, if your company is 10 years old, has constantly changed and improved processes and use cases in that time – and you then apply a Machine Learning product tomorrow – it has missed 10 years’ worth of data and needs to be constantly told what’s normal in your environment and what isn’t. Another example, as a retailer your webserver load increases significantly just before Christmas due to more people buying stuff, which only happens once per year. Machine Learning might see that as an attack the first few times
This is why a combination of traditional defence combined with Machine Learning is the best current defence. So, what happens when the bad guys start using their AI against your AI? It’s just a matter of who has more powerful and smarter systems at that point.
Our approach at Invinsec is to protect our customers using a combination of traditional cyber security tools and Machine Learning. Security products like BroadBot Plus have basic and advanced Machine Learning capabilities but also use a host of other threat intelligence and monitoring tools to protect businesses and ensure incidents are dealt with quickly and appropriately. For more details click here.