Artificial intelligence (AI) technologies have the potential to help operational security teams counter an increasingly agile and sophisticated foe and reduce the all-important attack dwell time for organizations, according to Forcepoint.
Neil Thacker, deputy CISO at security vendor Forcepoint - formerly known as Raytheon|Websense - explained to attendees at Infosecurity Europe today that AI could effectively help security operations teams “make the right decisions very quickly.”
It’s the natural next step from deep learning – which itself came on the back of machine learning – but has been subject recently to a deluge of marketing hype from certain quarters of the cybersecurity industry, Thacker argued.
Eugene Kaspersky has even referred to it as the new “snake oil” in information security – referring to the common 19th century practice of fraudulently claiming certain products had miraculous health benefits.
However, with projects like IBM’s Watson and Google DeepMind, strides are being made in AI which could eventually bleed through into genuinely AI-based security products, Thacker argued.
If used correctly, it could help overcome the human resource problems many organizations have with their operational security teams, shortening the time needed to turn a growing deluge of data into “intelligence.”
“You usually need at least six people to run a 24/7 Security Operations Center (SOC), but that’s quite hard to do for most organizations,” he explained.
Dwell time – the duration an attacker is present inside an organization before it realizes – is another challenge facing companies today which AI could help with in the future, the Forecepoint man said.
In 83% of data breach cases analysed by Verizon in its latest DBIR report, victims didn’t find out they’d been breached for “weeks or more.”
The best potential set-up when AI does finally come of age could be in a use case alongside human input, according to Thacker.
“It won’t replace humans anytime soon,” he claimed.
For those interested in pursuing projects in the AI space, it can be tough - and expensive - getting hold of the necessary computer power – although cloud-based tools could help, but guidance documents from the likes of Nvdia already exist and are a good place to start, Thacker explained.
After all, biological neurons in the human brain operate at a peak speed of just 200Hz, seven orders of magnitude slower than in modern microprocessors, which work at around 2Ghz, he concluded.
Stats like these, originally in Nick Bostrom’s book Superintelligence, show that infosecurity AI products might not be too far away.