Simon Crosby, CTO at Bromium, calls machine learning the pipe dream of cybersecurity, arguing that “there’s no silver bullet in security.” What backs up this argument is the fact that in cybersecurity, you’re always up against some of the most devious minds, people who already know very well how machines and machine learning works and how to circumvent their capabilities. Many attacks are carried out through minuscule and inconspicuous steps, often concealed in the guise of legitimate requests and commands.
Others, like Mike Paquette, VP of Products at Prelert, argue that machine learning is cybersecurity’s answer to detecting advanced breaches, and it will shine in securing IT environments as they “grow increasingly complex” and “more data is being produced than the human brain has the capacity to monitor” and it becomes nearly impossible “to gauge whether activity is normal or malicious.”
Stephan Jou, CTO at Interset, is a proponent of machine-learning-powered cybersecurity. He acknowledges that AI is still not yet ready to replace humans, but it can boost human efforts by automating the process of recognizing patterns.
What’s undeniably true is that machine learning has very distinct use cases in the realm of cybersecurity, and even if it’s not a perfect solution, it is helping improve the fight against cybercrime.
The main argument against security solutions powered by unsupervised machine learning is that they churn out too many false positives and alerts, effectively resulting in alert fatigue and a decrease in sensibility. On the other hand, the amount of data and events generated in corporate networks are beyond the capacity of human experts. The fact that neither can shoulder the burden of fighting cyberthreats alone has led to the development of solutions where AI and human experts join forces instead of competing with each other.
MIT’s Computer Science and Artificial Intelligence Lab (CSAIL) has led one of the most notable efforts in this regard, developing a system called AI2, an adaptive cybersecurity platform that uses machine learning and the assistance of expert analysts to adapt and improve over time.
“Humans and robots have no other choice than to unite against the ever-increasing threats that lurk in cyberspace.”
The system, which takes its name from the combination of artificial intelligence and analyst intuition, reviews data from tens of millions of log lines each day and singles out anything it finds suspicious. The filtered data is then passed on to a human analyst, who provides feedback to AI2 by tagging legitimate threats. Over time, the system fine-tunes its monitoring and learns from its mistakes and successes, eventually becoming better at finding real breaches and reducing false positives.
Research lead Kaylan Veeramachaneni says, “Essentially, the biggest savings here is that we’re able to show the analyst only up to 200 or even 100 events per day,” which is considerably less than the tens of thousands security events that cybersecurity experts have to deal with every day.
The platform was tested during a 90-day period, crunching a daily dose of 40 million log lines generated from an e-commerce website. After the training, AI2 was able to detect 85 percent of the attacks without human assistance.
Finnish security vendor F-Secure is another firm that has placed its bets on the combination of human and machine intelligence in its most recent cybersecurity efforts, which reduces the time it takes to detect and respond to cyberattacks. On average, it takes organizations several months to discover a breach. F-Secure wants to cut down the time frame to 30 minutes with its Rapid Detection Service.
The system gathers data from a combination of software installed on customer workstations and sensors placed in network segments. The data are fed to threat intelligence and behavioral analytics engines, which use machine learning to classify the incoming samples and determine normal behavior and identify outliers and anomalies. The system uses near-real-time analytics to identify known security threats, stored data analytics to compare samples against historical data and big data analytics to identify evolving threats through anonymized datasets gathered from a vast number of clients.
“It’s not about replacing humans, but about making them superhumans”.
It’s still too early to determine whether any of these efforts will result in cybersecurity experts being totally replaced by machine-learning-based solutions. Maybe the balance will shift in the future, but, for the moment, humans and robots have no other choice than to unite against the ever-increasing threats that lurk in cyberspace.