The purpose of this article is to explore the use of AI in cybersecurity and its significant benefits to companies. Companies have been heavily investing in AI and the benefits are starting to be realized with significant security AI innovations over the last couple of years.
When you hear about AI/machine learning, the first thing comes to mind is traditional data science / analytics over data sets. You think of search engines, recommendation engines, image recognition, and others. Security AI never comes to mind. But there is a new application of AI in cybersecurity that has been brewing for several years.
In Star Wars’ Episode II, Attach of the Clones, the movie forshadowed our modern day attack of the bots. There is a cyber war brewing. This war has been brewing beneath the surface for years. Now the automation and bots tools are at the attackers and defenders finger tips. There is an increasing threat of an all out cyber war between the malicious and warrior bots. Unfortunately, the malicious bots are always evolving to evade the the cyber warrior bots. It is a cat-and-mouse game being played on the virtual battlefield.
What is artificial intelligence (AI)?
AI allows machines / bots to learn from experience, take the feedback, and adjust to automate human tasks. Examples of AI today is speech recognition, natural language processing, image processing, robotic process automation, smart homes, security AI, and other uses.
There are two machine learning approaches to AI:
- supervised learning – an approach that uses large data sets to train the the system into classifying data or predicting outcomes
- unsupervised learning – an approach that uses algorithms to analyze and cluster unlabeled data sets. The algorithm detects the hidden patterns in the data without humna intervention. Most security AI products utilize the unsupervised learning algorithm in their products.
The security AI tools are able to detect anomlies in network traffic, malware infections, malicious processes, malicious accounts, and other uses being uncovered every day.
The case for AI in cybersecurity
Signature-based detection in intrusion detection and virus scanners are not fast enough to keep up the changing cybersecurity threat landscape. By the time the threat is uncovered, a signature is created and the systems are updated, the damage has already been done. These signatures are good for stopping additional threats but not the initial threat and damage that it causes to organization. The answer is to add AI to security products to overcome the disadvantages of signature-based systems.
How AI in cybersecurity works?
Intrusion Prevention Systems (IPS) have been used to help prevent malicious behaviour before or halts it as it is happening. There are two types of IPSes:
- Signature-based Detection (signatures of known threats are stored in a database and system continously scans for known threats)
- Anomaly-Based Detection (set a basline of normal activity, alerts when an anomaly exists, and halt the activity causing the anomaly)
Anomaly-based detection is where AI is being used in security AI products. The AI in the security AI products is using unsupervised learning where the software continuously learns and adapts to the changing threat environment through experience.
Most AI in cybersecurity companies use the following process in their security AI products:
- Develop a baseline of regular activity
- Monitor for abnormalities in activity
- Raise an alert for the abnormal traffic
- Halt the abnormal traffic
There are other security AI products in the physical security space too that are also disrupting thieves and improving physical security posture of organizations. This article we focus on the security AI of the virtual / online world and not physical security.
Leading companies in AI in cybersecurity
The top ten companies in security AI as described by Comparitech are as follows:
- Check Point
Security AI Case Studies
One of the most interesting case studies involved the Tokyo Olympics and the abiility of DarkTrace’s AI product to detect and neutralize a threat of a rogue Rasperry PI that was trying to exfiltrate sensitive data. DarkTrace AI was able to detect the malicious behavior and neutralize the attack through the help of the security team.
A second case study involves “a post-incident report from a Vectra® pharmaceutical customer* shows step by step how the Cognito® network detection and response (NDR) platform identified early indicators of a ransomware attack and prevented the encryption of network file shares”.
And there are many other case studies that show the value in using Security AI in preventing attacks from occuring in the first place.
Time will tell if these systems will be able to adapt to the changing tactics of attackers to avoid detection. The results so far are promising.
Data breach cost mitigation decreases
With any new innovation, there are skeptics on the use and success of these products. One research study by IBM gives us hope that there is value in using security AI products in an organization to protect it from attacks and mitigate the costs of the intrusions.
In IBM’s Cost of a Data Breach 2021, AI in cybersecurity tools had the biggest impact in cost mitigation of USD $3.81 milllion dollars between the companies that use AI vs those who did not. If this trend continues, the number of companies using AI in cybersecurity will continue to rise.
In this article, we explored what is AI, the role of AI in cybersecurity, how security AI works in current innovative products, several case studies outlining the success of these products, and the value of using these products vs not using them. The growth in security AI products and services will continue to grow and improve. The question will be can these security AI products stay one step ahead of the attackers who will want to evade detection and removal from these innovative products. Currently, the cyber warriors are winning the battle. Let’s see if that trend will continue.
If you have any questions or comments, please let us know in the comments. Thanks for your time reading.
I am DrM, founder of http://techninjamasters.com. I have been working, learning, teaching, coaching, consulting, writing in technology for over 40 years.