Artificial intelligence has a role in cybersecurity, but isn’t the magic bullet

Stephen Berberich//November 14, 2018

Artificial intelligence has a role in cybersecurity, but isn’t the magic bullet

Stephen Berberich//November 14, 2018

In a recent study on combating cybersecurity attacks, two-thirds of 3,866 information technology (IT) professionals surveyed across the Americas, Europe and Asia said artificial intelligence (AI) tools could reduce false alerts and increase team effectiveness. Yet, only 25 percent of the respondents reported currently using some form of an AI-based security system.

“Despite massive investments in cybersecurity programs, our research found most businesses are still unable to stop advanced, targeted attacks,” wrote Larry Ponemon, chairman of the research group Ponemon Institute, LLC. He added that 45 percent of those surveyed “believed that they are not realizing the full value of their defense arsenal.”

Mansur Hasib

AI has become a critically important component of cybersecurity, according to Mansur Hasib, CISSP, PMP, CPHIMS, who is the cybersecurity technology program chair of the University of Maryland University College graduate school, because the amount of data is magnifying almost at levels that are not possible to humanly decipher.

“In a typical IT environment, you might get billions of inquiries, records, events happening in a span of hours. The number of events and alerts can magnify so much that artificial intelligence is needed to help look at logs from a variety of sources,” said Hasib.

Companies are not investing enough in the systems that are already out there, said Hasib. “That is part of the problem. With the amount of data that exists now, any company not using some form of AI to help them look at events, needs to.”

Many companies now offer artificial intelligence solutions for IT operations.

AI solutions operate similar to a human immune system to scan and alert users of possible
infections, said Harry Holt, vice president of the Baltimore-based Bithgroup Technologies, Inc.

His company uses an AI solution from Darktrace Limited called Enterprise Immune System, which “learns” a network, Holt said, and then monitors everything that is in the network. It learns the characteristics of the known users in a cyber network, he said. “So, anytime there is something as an anomaly, [the tool] identifies it, records it and sends you an alert. We then take a look at it to see if it shows something wrong,”

Operating like a human immune system, the tool will temporarily shut down part of the network to not allow threats to spread or get any further into a system until it can be assessed.

“Meanwhile, the tool is continually learning the network and what belongs or not in it,” said Holt. Like the human immune system detecting an antigen like a virus he said and “lets you know so that you can get treatment for it.”

Most of the IT security teams surveyed by the Ponemon study pointed to an inability to
recognize attacks entering through IoT devices (internet of things in a workplace) as a “key gap” in their security strategy.

Holt explained, “people are so much more connected with networks these days with individual mobile devices and phones for potential breaches. Everyone in a workplace can have several things that are potentially connecting to your network. You have to use some kind of other machinery of intelligence to keep up with all of the threats.”

More than three-fourths of respondents to the Ponemon study thought their IoT devices were not secure and 60 percent said that even simple IoT devices pose a threat.

Previously, security systems could find malware events by monitoring for malicious files and then blocking them individually. Today, there are many threats called zero-day malware, which are unknown to the security community. Hasib said, “The whole concept of zero-day is that these are malware, or viruses, or bad, which the world still doesn’t know about. Again, AI software on a computer looks for known patterns of unknown patterns, similar to a vaccination.”

He is not happy with the defeatist attitude when some company executives say, “it is not a matter of if you will get hacked but when you will get hacked.”

“It is absolutely foolish. It makes me cringe when I hear people say that. The moment they think they will lose, they will lose. Attitude makes a huge difference,” Hasib said.

He also recommends that companies should never count on AI replacing humans. “That is a crazy idea. They are only as smart as the humans that built them.”