Having an accurate picture of its risks would help a company deploy resources most efficiently, and create a set of metrics for cybersecurity performance other than whether the company has been breached or not. "Today, if you were to try to describe your environment, this data is either not being gathered correctly or not being converted into information," says Gaurav Banga, founder and CEO at Balbix, Inc., a startup that is specifically trying to tackle the problem of predicting the risk of a breach.
AI is key to solving that challenge. "We have 24 different types of AI algorithms," Banga says. "We produce a bottom-up model, a risk heat map that covers every aspect of the environment, clickable so you can go down and see why something is red. It is prescriptive, so it tells you that if you can do these things, it can become yellow and eventually green. You can ask questions -- 'What is the number one thing I can do now?' or 'What is my phishing risk?' or 'What is my risk from WannaCry?'"
In the future, AI will also help companies determine what new security technologies they need to invest in. "Most companies today don't know how much to spend on cybersecurity and how to spend it," says James Stanger, chief technology evangelist at CompTIA. "I think we need AI to help provide metrics, so that as a CIO turns around and talks to the CEO or talks to the board, and says, 'Here's the money we need and here are the resources we need,' and have the true and useful metrics to justify those costs."
There's a lot of room for progress, says Alert Logic's Govshteyn. "There is very little use of AI in the security space," he says. "I think we're actually behind other industries. It's amazing to me that we have self-driving cars before we have self-defending networks."
In addition, today's AI platforms don't actually have an understanding of the world. "What these technologies are very good at are things like classification of data based on similar data sets that they've been trained on," says Steve Grobman, CTO at McAfee LLC. "But AI isn't really intelligent. It doesn't understand the concept of an attack."
As a result, a human responder is still a critical component of a cyber defense solution. "In cyber security, you're trying to detect an adversary who is also human and is trying to thwart your detection techniques," Grobman says.
That's different from any other areas where artificial intelligence is currently being applied, such as image and speech recognition or weather forecasting. "It's not like the hurricane is saying, 'I'm going to change the laws of physics and make water evaporate differently to make it more difficult to track me,'" says Grobman. "But in cybersecurity, that's exactly what's happening."
Progress is being made on that front. "There's a research area called generative adversarial networks, where you have two machine learning models where one tries to detect something and the other sees if something was detected and tries to bypass it," says Sven Krasser, chief scientist at CrowdStrike, Inc. "You can use things like that for red teaming, for figuring out what new threats can be."
More on AI in security
- How artificial intelligence fits into cybersecurity
- AI will transform information security, but it won’t happen overnight
- Using AI to spot malware patterns
- How AI is stopping criminal hacking in real time
- How AI can stop tomorrow's malware threats today
- Can AI and ML slay the healthcare ransomware dragon?