AI and ML in Cybersecurity: Time Is Money
AI and ML in Cybersecurity: Time Is Money
In a previous issue of Reviews & Outreach, an article titled "The Cost of Cybersecurity" identified the role that advanced technologies such as artificial intelligence (AI) and machine learning (ML) can take to enhance cybersecurity and maintain or lower costs. In this article, the role of AI and ML will be looked at more closely.
Interest in AI has grown. AI had its own category in the president's budget request for 2020, with about $1 billion sought in funding for non-defense purposes. 27 governments had published official AI plans or initiatives by 2019. Many of these strategies focus more on countries' plans to fund more AI research activity, train more workers in this field, and encourage economic growth and innovation through development of AI technologies.
In the private sector, as well, Cisco’s 2018 Annual Cybersecurity News Report said nearly a third of CISOs have adopted AI as a way to improve the overall effectiveness of their cybersecurity strategy and that they were now "completely reliant" upon AI technology to protect their networks and sensitive data.
Cyber-attacks have become the most significant risk facing enterprises, government, and critical infrastructure. The total cost of online crime was projected to surpass one trillion dollars last year. The traditional approach to cyber defense, which relies on highly trained professionals monitoring the enterprise from a SOC, using rules and signatures to detect known threats, is at the heart of this crisis at a time when cyber-criminals launch never-before-seen attacks on a daily basis.
Artificial intelligence techniques can be used to learn how to remove noise or unwanted data and to enable security experts to understand the cyber environment in order to detect abnormal activity, can benefit cybersecurity with automated techniques to generate whenever cyber threats are detected, and is able to analyze massive amounts of data and allow the development of existing systems and software in an appropriate way to reduce cyber attacks, and identify new types of malware. AI – based cyber security systems can provide effective security standards and help develop better prevention and recovery strategies.
To keep pace with the ever-evolving threat landscape, solutions such as those rooted in artificial intelligence, can learns a unique ‘pattern of life’ for every user, device, and network that it safeguards, rather than attempt to predefine what the next attack will look like. By being able to detect the subtly anomalous behavior indicative of both known and unknown attacks, AI can allow defenders to finally fight back against their online adversaries. AI surpasses human monitoring capabilities, eliminates the human error factor, can operate 24/7, and can process massive amounts of data in a short amount of time. It takes work off experts’ hands to concentrate on other tasks; AI can eliminate the need to use passwords and the dangers of them being snatched.
AI does things faster and can analyze large amounts of data that would be extremely time-consuming for a human. It can use complex pattern recognition tools to identify a malicious program. While it cannot identify all threats, it has become an essential tool to reduce the time that humans need to spend investigating alerts-- perhaps the most important benefit of AI. Some of the major advantages of using AI for cybersecurity include handling the volume, learning over time to identify malicious attacks, and identifying unknown threats. These elements come together when artificial intelligence automates the process of detecting advanced threats: it can analyze the very large volume of activity that takes place across the enterprise network and the massive volume of emails, files, and websites accessed by employees in a small fraction of the time needed by humans. It can identify the vast majority of activity and samples that are benign, allowing its human counterparts to focus on the relatively small number of suspicious, potentially malicious remainder. It can identify malicious attacks based on the behaviors of applications and the network. Over time, it can learn about a network’s regular traffic and behaviors and can spot deviations from the norm. Hundreds of millions of malicious attacks are launched every year, which leave cybersecurity professionals playing catch up. They can spot zero-day attacks.
The cyber security workforce gap continues to grow, and the availability of qualified cyber professionals is predicted to decrease in the coming years. In fact, a Cyber Security Workforce Study from the International Information System Security Certification Consortium predicts a shortfall of 1.8 million in the cyber workforce by 2022, with some resources predicting a greater shortfall of a 3.5 million workers within the next two years. Many other industries have seen robotic systems replacing the need for human workers. In cyber security, humans are able to accomplish more when supported by the right set of tools. Allowing AI to support and react to human behavior allows cyber professionals to focus on critical tasks, utilize their expertise to analyze potential threats, and to make informed decisions when rectifying a breach. AI can help to fill the workforce gap in the cyber security sector, although it may create a need for new skillsets to be learned by humans in the industry.
Most cybersecurity solutions – including AI-based solutions – err on the side of caution. When in doubt, something anomalous or potentially threatening is flagged to alert human analysts about anomalous activities that need to be investigated. The alternative to being cautious in order to minimize the number of false positives risks is to miss real attacks. Artificial intelligence can quickly detect many of these cybersecurity threats and escalate them to the attention of human analysts. So while AI can save human analysts significant amounts of time and identify threats that they potentially wouldn’t be able to, at the same time, it cannot completely replace dedicated IT professionals; AI and ML augment rather than replace cybersecurity analysts.
AI an ML are being marketed by a variety of niche and large corporate suppliers. Companies such as Darktrace, Spark Cognition, Fortinet, Defense Storm, Emerj and others provide products and services, as do IBM and other large entities. According to new market research reported June 19, 2020 the artificial intelligence cybersecurity market is expected to grow at an annual rate of some 23.6%, reaching $46.3 billion by 2027.
If the reported statistics are anywhere near correct, AI is already being widely adopted and will continue to be. Its’ ability to scale to very large data sets, work in the cloud, identify attacks and threats has already led to widespread use. Cost-wise, it helps address the challenge of hiring and training the large number of additional analysts and coders traditional SOC-based cybersecurity requires.