McAfee leader: AI in cybersecurity is a different ball game altogether
CYBERSECURITY keeps business leaders up at night, and with hackers getting more and more sophisticated, the stakes seem to go up every day.
A technology that companies believe might be able to provide some relief is artificial intelligence (AI).
Unlike other applications, in cybersecurity, deploying AI effectively to combat threats doesn’t mean having the most or best data. Instead, it involves using intelligent tools provided by vendors who have advanced capabilities in AI-based solutions.
In an interview with Tech Wire Asia at McAfee’s MPOWER Cybersecurity Summit 2019 in Las Vegas, McAfee Head of Advanced Threat Research Steve Povolny explained why AI works differently in the cybersecurity space.
“AI and machine learning (ML) are fundamental to any modern security solution. But it’s important to be aware that it’s not a silver bullet, in that, you can’t say, because you’ve got an intelligent expert system, it will always reliably understand, predict, or classify threats.”
Povolny’s point is that AI and ML make it possible for advanced threat detection systems to review each and every red flag individually — which is something a team with only human staff may not be able to do.
With the number of devices accessing a network growing significantly and the internet of things (IoT) connecting more devices to the organization’s network in some way, the surface area for attacks is increasing at a phenomenal pace, and Povolny feels that an AI and ML-powered system could be very useful in such instances.
However, the threat researcher highlighted that just as corporate defenders have access to AI and ML, so do cybercriminals.
“We need to be aware that cybercriminals have also realized the weaknesses in their approach, and can now provide modifications to things like malicious files that can bypass many of today’s intelligent security solutions leveraging AI and ML.”
The blind spots in AI and ML-based cybersecurity
AI and ML in cybersecurity don’t need the company to own a lot of threat data to train their systems on, they can work a vendor to gain access to and train their systems on data that is external to the organization.
In many cases, vendors are also able to provide threat data that is specific to the user’s industry, making the AI and ML-powered cybersecurity application even more intelligent and secure.
However, Povolny points out that there are often blind spots that they need to be wary of.
“The problem with ML and AI, from a security perspective, is that the system only learns from the data it has been fed. In other words, if it hasn’t seen a specific anomaly or a specific piece of malicious code in the past, it has a rather limited ability to flag that.”
Combating these blind spots isn’t easy, but it can be done if systems are provided with more complete data.
“If the data is not, you know, wide enough and diverse enough to include those blind spots, then ML systems will not be able to recognize it. I think that’s the biggest takeaway.
“We really need to understand that this is a new type of weakness. The way to mitigate it is to provide better and richer and more complete data.”
Artificial intelligence is making cybersecurity better
Povolny’s research has a lot to do with testing the limits of AI and ML, but the McAfee leader reassures us that intelligent technologies are already making life better for businesses and cybersecurity professionals.
In the cybersecurity space, AI and ML can benefit from data provided by vendors, can learn from the threats faced by industries, and most importantly, can help analyze every single red flag and address every single concern, in real-time, instead of waiting for a human operator to process things randomly from a sample.
More importantly, using an intelligent solution helps human cybersecurity teams do more with fewer specialist members. In an age where technology talent, especially with cybersecurity skills, is in poor supply, an intelligent system can provide a lot of support.
The bottom line, Povolny says, is that AI and ML are here to combat cybercrime. There’s no doubt that organizations that decide to leverage the technology stand a chance to better defend themselves.