From buzz to the battleground, AI is everywhere

An open letter to artificial intelligence.

brain-computer interface - binary mind - telepathic computing

Dear artificial intelligence,

Congratulations! You have made “buzzword” status. When you walk around the RSA Conference floor this year, almost every booth will display your name. Don’t get offended. Some may misrepresent you. But many will do you justice, their dashboards beaming with pride, showing how you identify behavioral patterns, prioritize those that look suspicious and use machine learning to remember which behaviors are business justified. They will explain how you mimic human behavior, but also that you can analyze mountains of data in minutes and produce meaningful conclusions faster than what’s humanly possible.

Without you, artificial intelligence, we would be living in a “Where’s Waldo?” book, searching through a sea of people located around the world, doing all kinds of activities, accessing valuable information with all kinds of technologies. We would manually scan emails and social media pages, and physically walk around the building, searching for that one guy with the round glasses, wearing a striped winter hat and sweater, and carrying a stack of books. Too often we end up wasting time chasing down the wrong person, investigating Wenda instead of Waldo, inhibiting Wenda from doing her job, while Waldo slips through the cracks.

Thanks to you, artificial intelligence, we can identify potential threats in an automated way. You enable us to look for indicators among the crowd that would show us who to investigate.

Unfortunately, though, the buzz about you isn’t only among the good guys. Criminal groups and nation states are also riding your coattails. They use you to disguise their malicious intent. They want to look like everybody else, leveraging your capabilities to attack more people in a shorter amount of time. They know the more shots they take, the higher the probability they will succeed. A human ransoming victims one by one is not as lucrative as automated attacks on volumes of people within minutes. You make criminals smarter, and therefore harder to find.

artificial intelligence, you are in the middle of a tug of war. Both sides want to outsmart the other using you as their weapon. And the bad guys can lose 99 percent of the time and still declare themselves the winner. But the good guys have a significant advantage. It’s harder for a machine to pretend to be me than to determine it’s not me. To pretend to be someone else requires the ability to gain evidence on everything a person does and understand their objectives. Real humans act in certain ways you, artificial intelligence, cannot mimic. If you walk a mile in my shoes, you may have traveled the same path, but it will be clear it wasn’t me.

So how do we find Waldo in the digital domain, where instead of pictures we have a thousand words? Using User and Entity Behavior Analytics (UEBA). UEBA analyzes behavioral patterns and identifies when people do things they would not normally do. That’s where you come in, artificial intelligence, built into UEBA technologies. Some UEBA technologies go a step further by qualifying if the behavior was business as usual or indeed unusual, and factor in the business impact if the attacker were to succeed and the value of the asset under attack to prioritize which threats to chase down first.

With UEBA, it doesn’t matter if an attacker is human or not. Whether “Jane” is doing a bad thing, someone hijacked her account and is doing a bad thing, or a machine is pretending to be her, using UEBA and you, artificial intelligence, we will detect that the behavior is not normal for Jane, and react quickly.

There’s another key component to winning this war – risk. Even with the best artificial intelligence, no large company can monitor and protect everything. This is even more true in today’s complex environment where data resides and moves everywhere, is accessed by thousands of employees and vendors located everywhere using tablets, laptops, mobile phones and other devices. We no longer have control over our data, so the best we can do is to ensure we have control over what matters most. In conjunction with using you, artificial intelligence, we must go back to the basics and understand which assets are the most valuable, identify where they live, move, who accesses them, from where, using what, and then apply UEBA to monitor and analyze behaviors pertaining to those assets. That’s a risk based approach to security, and it’s one that will enable the good guys to beat the bad guys.

artificial intelligence, you are far from artificial. You are real. The bad guys are using you. The good guys are using you. The good guys aim to find the bad guys before they strike. The bad guys aim to attack more people at once. When leveraged the right way, the good guys thank you for your assistance in winning battles, however the war is far from over. In 2018, I suspect ransomware and stolen credential attacks will be the flavors of the year. Your capabilities will be used for both. However, if we focus less on buzz and more on application, integrating you with the right security technologies to protect the right set of data, we, the good guys, will continue to win.

Your friend,

Ryan Stolte

Copyright © 2017 IDG Communications, Inc.

How to choose a SIEM solution: 11 key features and considerations