For digital-security consultant Allen Kent, artificial intelligence can’t come up to speed soon enough.
Working with industrial-services company NAES Corporation, he helps electricity producers fortify their networks to better withstand cyber attacks so they can meet rigorous government compliance standards. And with cybercriminals and state-sanctioned hackers launching increasingly elaborate and destructive campaigns, making a business network safe demands ever-higher levels of planning and vigilance.
Today’s information-security managers must deploy the right mix of cyber tools and ensure that they are configured correctly. These pros must also stay up-to-date on the constantly evolving threats coming from the internet and monitor their networks moment by moment for any signs of intrusion.
That’s why Kent wishes there were a single product he could recommend that a client could plug in and trust to handle all of those cybersecurity operations. This dream product would monitor the network, continually learn about new threats as they emerge and squash attacks before they start.
“An AI box that monitors everything and stops threats automatically as they manifest — that would be the best solution,” Kent says. “But right now, we don’t have a proper tool that you can set and forget. Things need to be constantly monitored by a human.”
That gap may soon be closed, however. Computer scientists and engineers around the world are making rapid advances in developing machine learning, the code fed into computers that enables them to analyze data to uncover patterns and make decisions about that information without being specifically programmed to do so. The research is producing abundant insights that are leading the way to more robust artificial intelligence in a number of fields.
Too much data for humans to sift
In the cybersecurity realm, machine learning is quickly reshaping the landscape. It can automate work, detect vulnerabilities on networks and spot subtle trends in network traffic while ingesting enormous amounts of data that would boggle the minds of human analysts.
Jason O’Keeffe, an HP Print Security Advisor, says the volume of data being generated to monitor today’s tangled business networks demands more scrutiny than human teams can provide. That’s partly what’s driving cybersecurity experts’ embrace of machine learning.
“The problem is, industries have too much data that they don’t know what to do with,” O’Keeffe says. “They don’t know what to look at to trigger an investigation. Nobody is looking at the data closely enough to detect if there’s something abnormal going on. I think AI will help with that. Over the next five years, you’ll see more security intelligence being built into devices. You’re going to see more cleverness in detecting security breaches.”
In addition to this 24-7 watchfulness, machine-learning systems are gaining the ability to quarantine compromised computers and devices to contain attacks before they can spread damage throughout the network.
A dearth of skilled eyes and ears
Another driver of the effort to quickly ramp up machine learning and other cybersecurity automation tools is a human skills gap that threatens to leave many network-guardian posts unmanned at the same time the threat environment is intensifying. One report forecasts that by 2021, more than 3.5 million cybersecurity jobs globally will go unfilled — a deficit that will have major repercussions for organizations entrusted with securing sensitive data or critical infrastructure.
Mike Ahern, the director of corporate and professional education at Worcester Polytechnic Institute, develops cybersecurity training programs for critical industries like power generation. He says companies in that space are being probed and attacked multiple times a day. “They need people who look for patterns and watch for alarms,” he says. “There aren’t enough qualified workers, and that gap is widening, so it’s natural that some of those patterns and alarms are going to be missed.”
Ahern sees big potential for machine learning to detect anomalies in data from programs monitoring perimeter defense, access authorization and data transfer across and out of networks.
The imperative to stay ahead
The bad news: Bad guys will also be using these advanced tools. Cybersecurity firm McAfee’s 2018 Threats Predictions Report expects cybercriminals to use machine learning to devise new and better ways to invade networks and identify and defeat defensive machine-learning programs.
The firm predicts that this year, researchers dissecting a cyber attack will find that it was driven by machine-learning algorithms. As ominous as that sounds, McAfee sees reason for optimism. “Our job is to advance [machine] capabilities faster than the attackers, and to protect our models from discovery and disruption,” the report’s authors conclude. “Working together, human-machine teaming shows great potential to swing the advantage back to the defenders.”
Jonathan Griffin, a senior security researcher for HP, says it’s important to remember that machine-learning and AI are also available to the attacker. For that reason, technology manufacturers and cyber security professionals must constantly ensure that they’re not underestimating how creative bad actors will be in using these tools. For example, AI may enable attackers to cheaply develop sophisticated spear-phishing emails that are very difficult for ordinary users to differentiate from legitimate ones. Such advanced attacks have heretofore only been directed at high-profile targets like politicians and business leaders.
Griffin says HP is vigorously pushing to stay ahead of the most technically advanced attackers. “We’re starting to get value out of machine learning and the security intelligence we’re building into our hardware,” he says. “We’re just at the beginning of these very exciting technologies. One thing we know: This part of security research has an awful lot of very interesting questions to answer.”
Check out our eGuide, “Hackers and defenders harness design and machine learning,” to see the most important steps your organization can take to be more cybersecure.