Fighting Fire with Fire – AI, Cyber Security, and Roles of the Future

Artificial Intelligence (AI) as a subject has been around for years, however it is only now that AI as a real possibility is bleeding into public consciousness.

Even the government has started to take notice - in October alone the UK and the US published two government reports on AI, focusing on national readiness and the challenges that lie ahead. Both recognize the importance of creating the skills required for a digital era and AI, and question how we can use automation to the best effect.

Recently, the Government Office for Science published a report titled “Artificial intelligence: an overview for policy-makers”, which pinpoints AI as a future technology driving the Fourth Industrial Revolution. One area drawn out within the report was the effect that AI and automation will have on the labor market, noting that the technology will have an impact on changes in skillset, and that many traditional roles will evolve as a result.

One area in the tech industry that is using AI and machine learning to best effect is cybersecurity. This industry will also see new roles and threats emerging as a result.

Today’s enterprises generate tremendous amounts of data by simply doing business. The data collected reflects the organization's behavior, performance and operations. Therefore it represents a foundation from which enterprises can learn to innovate, reduce costs and improve quality in order to gain a competitive advantage. The "holy grail" of data analysis is the identification and correlation of abnormalities and patterns of behavior, which once understood are transformed into intelligence.

In general terms, machine learning aims to provide intelligence by enabling computers to learn from the data in a similar way to humans, via numerous methods like neural networks, clustering, support vector machine learning and many more.

The cyber-threat landscape is a rapidly evolving one, and machine learning can be one step in coping with its sheer complexity. Cybersecurity threats evolve with technology and adjust to overcome protection mechanisms. As a result, information security analysts have to focus on mitigating the most severe risks first - and in an enterprise, this is a substantial effort.

In the context of cybersecurity, machine learning speeds up the process of initial risk identification and classification, which enables security teams to better manage their incident response function, and more importantly, take preventive actions even before security threats manifest.

Concerns still abound regarding the role of machine learning and AI within our future society. But when it comes to machine learning and AI in cybersecurity, it is not designed to supplant workers but to augment their roles instead.

Computers never sleep - humans do. Within the use case of cybersecurity there are millions of potential combinations of irregularities to detect, and humans simply do not have the time or capacity to check every single one. But a computer does.

Machine learning techniques can greatly reduce the workload of security analysts. They are especially effective at identifying (and hence filtering out) large quantities of potential threats that expose known patterns. These patterns may be highly complex and would otherwise require a large amount of repetitive work if analyzed by a subject expert. This initial filter enables security teams to focus on less common events, which in turn helps identify new threats or undiscovered symptoms of known attacks.

There are a good number of well-established and widely applied supervised machine learning approaches (i.e. classification algorithms) that can be used to mirror the thought process of a security expert when analyzing a particular set of threats. With a sufficient amount of samples, a classifier can then be constructed in order to mimic his or her decision process, and subsequently deployed at scale to automatically classify new samples.

As is often the case where technology innovation joins existing human-managed functions, the introduction of AI into cyber security reduces the ‘standard’ workload of security analysts and allows them to focus on less common events and new social engineering attack vectors, which in turn helps identify new categories of threats.

While hackers are constantly tooling up to enhance the efficacy of their campaigns and widening their arsenal of attack vectors, it’s important that enterprises are also tooling up to stay ahead of the fast evolving attacks methods.

Machine learning is an important step in the evolution of cybersecurity products, but it is not a silver bullet solution capable of closing the enterprise security gap, reflecting the risks associated with the era of big data.

What’s Hot on Infosecurity Magazine?