Cybersecurity has taken a lot of heat lately. Some of that reputation is deserved, considering that many companies are still not taking appropriate action to secure their information. Other companies have employed Artificial intelligence (AI) and machine learning (ML) to detect threats and defend company information against hacking. But the threat landscape is becoming increasingly more difficult to navigate, especially as cyber criminals start to use our own defenses against us.
Two key issues that cybersecurity firms are now seeing are cyber criminals using AI tools to detect vulnerabilities in security tools and implanting malware into AI tools to corrupt their use.
We spoke with Charles Everette, Directory of Cybersecurity Advocacy at the cybersecurity firm Deep Instinct on the evolving threat landscape and how AI can be deployed in cybersecurity.
TA: We can expect that cyber criminals will also be using AI to detect vulnerabilities in our security. What defense do we have against these evolving threats?
Everett: One of the newest trends our threat researchers are seeing is the advancement and the use of Adversarial Machine Learning (ML) by cybercriminals. These attack vectors are a new malicious threat that attempts to utilize machine learning techniques to fool common cybersecurity models by supplying deceptive input to cause a malfunction in a machine learning model and then to bypass their protections. Deep Instinct’s proprietary Deep Learning framework is naturally resistant to these adversarial Machine Learning attacks due to the method of how our deep learning framework was purpose-built from the ground up with cybersecurity in mind. Deep Instinct has gone a step further and made additional enhancements to our so-called D Brain’s architecture to be even more resilient against these adversarial AI attacks. This is an innate function of our product and does not require any special rules or configuration.
TA: How does Deep Instinct defend against the manipulation of your AI during attacks?
Everette: Deep Learning allows us to predict and prevent known and unknown attacks before they can execute, meaning before they can write to memory or disk. It works autonomously without connecting to the cloud. This is very powerful because time matters!
Deep learning has been around for some time – it’s been applied by Tesla to autonomous vehicles, by YouTube and Netflix to their recommendation engines, and by companies like Amazon to image recognition. But the entry to deep learning is high – it involves elite data scientists, requires vast computing power using GPUs, and works on huge volumes of raw data. Deep learning leverages deep neural networks that can solve tasks that machine learning models can’t.
Machine learning requires a human domain expert to define and engineer features for the machine to learn. Deep Learning learns from millions of files of raw data without any direction or interference from humans. The result, quite simply, is deep learning is far more accurate than machine learning-based approaches. Perhaps best of all, there is no feature engineering, so it’s far harder for malware to understand how we work and overcome us.
Despite all this huge computing power, the actual footprint required is tiny – so you truly have the best of both worlds. We are spending a lot of time evangelizing right now because what we’re talking about with deep learning is that it’s not a foreign concept. Prevention has always been the kind of the holy grail of security and has not been achieved – until now.
TA: Anything else you think we should know about the current and future state of AI within cybersecurity?
Everette: AI is a term that has been thrown around in the cybersecurity industry for quite some time. The common components typically referenced when talking about AI are Machine learning and Deep Learning, but what are the differences? When it comes to cybersecurity, AI can be a huge leap forward in combating cyberattacks, but not all solutions are the same. If AI could be the silver bullet, why are today’s AI solutions not working? Many of the traditional Machine Learning cybersecurity solutions currently available are causing massive operational challenges as they are not adequately combating the ever-evolving and sophisticated threats. Detection and response-based solutions (EDR) are insufficient because they typically can take 10 minutes or more to identify a threat detected in the environment. It takes sub 3 seconds to infect and start encrypting a system; that is why time is of the essence. You have to prevent the infection and damage it can inflict before it takes root, executes, and spreads.
The great news is that AI technologies are advancing. Deep learning is proven to be the most effective prevention cybersecurity solution to date, resulting in unmatched prevention rates with proven lowest false positive rates. As you evaluate new technologies for your organization, a firm understanding of the differences, challenges, and benefits of all AI. Education in advancements in Machine learning and Deep Learning are well warranted.