Cyber Security — AI vs Human

Artificial Intelligence (AI), will it replace the human in Cyber Security?

With several VC backed startups focusing heavily on AI for Cyber Security (including our own JASK) and larger players like IBM now marketing their AI solution: Watson for solving corporate security, one could ponder is this the future? Will humans eventually be replaced by robots in the increasingly frustrating game of stopping criminal hackers from siphoning away our information and money electronically?

Well, there is one constant truth, the rise of high-profile hacks are not slowing down. Just this past week the Russian government was blamed for hacking the DNC and exposing all of Hillary Clinton’s strategic files against Donald Trump. While this attack may or may not be devastating to Hilary it certainly is not helpful in a contentious general election. Could AI of helped stop this attack? Could it of detected the attack sooner providing the security response team at DNC to expel the attackers before the vulnerable information was exfiltrated? Is Watson the solution?

The short answer is maybe. What we do know is that AI is a powerful technology and when applied to cyber security it can be a force-multiplier for a small or over-burdened security teams. One issue security teams face today, is that they are no longer hunting for the needle in the haystack, now the focus is finding the sharpest needle in the massive stack of needles.

It’s all about the data.

AI for Cyber Security is not a new concept… we have tried many times before to stop attacks, root our malware and track DDoS attacks. Besides being credited with solving the pains of email Spam in the early 2000’s AI and it’s more technical definition “Machine Learning” has been all but a complete failure in previous attempts to automate cyber defense. The biggest difference why AI is being successfully applied today in improving cyber security is the data sets available to us. The rise of cheap storage, cloud and deployment of log and network traffic aggregation technologies like SIEM have given us a rich and diverse set of data which AI can train, analyze and effectively discern by diving deep into application layers and understand the differences between normal and anomalous behaviors over very large time-spans. The breadth of this type of data just wasn’t available 5–10 years ago leaving the algorithms with too little data-points to do the job effectively. Today this has all changed.

What’s next with AI + Cyber?

Like most things in cyber security, AI will not be a silver-bullet. The promise that we can free humans from the most mundane and manual analysis tasks (ever seen a Tier-1 SOC analyst workflow script?) and focus their efforts on investigating the most critical incidents is very exciting. And co-incidentally this is exactly what JASK is working on.

By 2017, we predict most Fortune 100 organizations will fully embrace developing a enterprise security data-lake as the key enabler to maturing their capabilities and cross-training or hiring for data science as native skill set within their security operations teams. The future cyber warriors will be developing their own machine learning and growing automation to more efficiently understand their own business and it’s vulnerabilities. The future of AI and Cyber Security is very bright and the team at JASK are excited to be a part of the story.

If you are interested in learning more about AI and Cyber or looking to join a team building these types of technologies, DM me on Twitter @gregcmartin