As the IT industry continues to grow, everyone gets excited about the next big thing. We have all heard frequently used buzzwords such as Cloud and Big Data, and now the focus is on Artificial Intelligence and Machine Learning. What does that actually mean in the cybersecurity Industry? How do we leverage it?
It is important to make the distinction between AI and Machine Learning. They very often go hand in hand because Machine Learning is a subset of AI. John McCarthy defined Artificial Intelligence as: “The science and engineering of making intelligent machines.” Arthur Samuel defined Machine learning as: “A field of study that gives computers the ability to learn without being explicitly programmed.”
In 1964, Isaac Asimov, wrote about a visit to the World’s Fair of 2014: “The world of A.D. 2014 will have few routine jobs that cannot be done better by some machine than by any human being. Mankind will therefore have become largely a race of machine tenders.”
On a number of levels I agree with this statement. We have seen evidence of this across a number of other industry sectors. A couple of examples to highlight this could be Uber replacing call operators/route planners in the Taxi industry,or Ocado with their warehouse robots that autonomously pick your shopping the items for your home deliveries. There are many other incredible examples across the globe and have been huge advances in this technology area.
In recent years this area has seen significant growth and serious investment. Why? I think there is an obvious direct correlation in the rise of available cloud computing power from large cloud vendors which has led to accelerated growth in this area. Previously without access to these services, the initial investment and development costs required for innovation purposes in this area were quite cost prohibitive.
Humans vs Machines
If we take the example of the humble Rubik cube and its 43 quintillion combinations. In 2016 Feliks Zemdegs from Australia broke the Guinness World Record by completing it in 4.73 seconds. This is miles faster than me and my screwdriver as a child. The following year in 2017, up stepped the machine challenger designed and built by Ben Katz and Jared Di Carlo. Their robot completed the Rubik cube in an astounding 0.637 seconds.
The difference here highlights the way the technology and industries are heading. Not only was it faster, but the other advantages of the robot are that it will not tire, need a lunch break, to go home to his family and take the weekends off. So there are obvious benefits to deploying this technology in the right area.
Machine vs Machines
When I visited Infosecurity Europe in June 2019, one of the exhibitor stands had a “black box” penetration testing solution. This could be deployed within your own network, and it would use Machine Learning and known patterns to attack with within to help identify gaps.
Clearly if there is an increasing amount of fully automated AI and Machine Learning-based attacks available for the “good guys” to buy, then there must be an equivalent owned by the “bad guys” hard at work 24x7. Therefore, our defenses need to also respond in the same way and the only logical conclusion is that you need machines to fight machines.
That said, my view for the foreseeable future is that these enhancements we are seeing right now will not replace our staff, but augment their skills sets: empowering them with greater tools to perform their jobs faster and more efficiently to get better results. In the scenario where one million new events happen overnight, the data reported in the system will be vastly different to the day before.
There is a need to interpret that and understand where the data came from, what has happened and why. AI and Machine Learning would be able to do that, but a mix of human and AI will provide much better context. Equally important is the ability for our staff to correct/ reverse or police any of the changes made that actually weaken our position or do not align with the business goals.
The challenge is because there is no single attack vector, no single product that defends us – how do we align our defenses? How do we make best use of AI and Machine Learning?
1 – Understand your environment. Know your assets and which store your critical data. Where are your weak points – how do you rectify them?
2 – Focus on the right thing to automate. If there are known processes, start with them and monitor closely and validate the results.
3 - Weigh up the cost of automation vs the cost benefits. As with everything, are you trying to fix a £100k problem by spending £1 Million?
4 – Augment your staff skills sets. This is where AI and ML come in to play. By providing them tools to monitor and protect the environment that can:
- Process information much faster and at scale
- Correlate information across a number of sources to spot related behavioral patterns/ anomalous behavior
- React fast and make decisions on our behalf
- Detect, Protect, Alert, Repeat
5 – Regularly review. The ever changing threat landscape and new techniques mean we have to be adaptable to change. This means reviewing often to ensure our focus is in the right area.
Nobody can predict the future. In the same article that Ashimov wrote, he mentioned “Jets of compressed air will also lift land vehicles off the highways, which, among other things, will minimize paving problems.” What we do know is that large vendors continue to develop in this area at pace.
There are lots of exciting opportunities to creatively solve the challenges. The ever-changing threat landscape and new techniques mean we have to be adaptable to change. The important thing is how you make use of the choices available to provide the best level of protection.