What enterprise CISOs need to know about AI and cybersecurity
Hari Sivaraman is the Head of AI Content Strategy at Venturebeat.
Modern day enterprise security is like guarding a fortress that is being attacked on all fronts, from digital infrastructure to applications to network endpoints.
That complexity is why AI technologies such as deep learning and machine learning have emerged as a game-changing defensive weapon in the enterprise’s arsenal over the past three years. There is no other technology that can keep up. It has the ability to rapidly analyze billions of data points, and glean patterns to help a company act intelligently and instantaneously to neutralize many potential threats.
Beginning about five years ago, investors started pumping hundreds of millions of dollars into a wave of new security startups that leverage AI, including CrowdStrike, Darktrace, Vectra AI, and Vade Secure, among others. (More on these companies lower down).
But it’s important to note that cyber criminals can themselves leverage increasingly easy-to-use AI solutions as potent weapons against the enterprise. They can unleash counter attacks against AI-led defenses, in a never-ending battle of one-upmanship. Or they can hack into the AI itself. After all, most AI algorithms rely on training data, and if hackers can mess with the training data, they can distort the algorithms that power effective defense. Cyber criminals can also develop their own AI programs to find vulnerabilities much faster than they used to, and often faster than the defending companies can plug them.
Humans are the strongest link
So how does an enterprise CISO ensure the optimal use of this technology to secure the enterprise? The answer lies in leveraging something called Moravec’s paradox, which suggests that tasks that are easy for computers/AI are difficult for humans and vice-versa. In other words, combine the best technology with the CISO’s human intelligence resources.
If clear guidelines can be distilled in the form of training data for AI, technology can do a far better job than humans at detecting security threats. For instance, if there are guidelines on certain kinds of IP addresses or websites that are known for being the source of malicious malware activity, the AI can be trained to look for them, take action, learn from this, and become smarter at detecting such activity in the future. When such attacks happen at scale, AI will do a far more efficient job of spotting and neutralizing such threats compared to humans.
On the other hand, humans are better at judgement-based daily decisions, which might be difficult for computers. For instance, let’s say a particular well-disguised spear phishing email talks about a piece of information, which only an insider ‘could’ have known. A vigilant human security expert with that knowledge and intelligence, will be able to connect the dots and detect that this is ‘probably’ an insider attack and flag the email as suspicious. It’s important to know in this instance, that AI will find it difficult to perform this kind of abductive reasoning and arrive at such a decision. Even if you cover some such use cases with appropriate training data, it is nigh on impossible to cover all the scenarios. As every AI expert will tell you, AI is not quite ready to replace human general intelligence or what we call ‘wisdom’ in the foreseeable future.
But…humans could also be the weakest link
At the same time, humans can be your weakest link. For instance most phishing attacks rely on the naivety and ignorance of an untrained user, and get them to unwittingly reveal information or perform an action which opens up the enterprise for attack. If all your people are not trained to recognize such threats, the risks increase dramatically.
The key is to know that AI and human intelligence can join forces and form a formidable defense against cybersecurity threats. AI, while being a game-changing potent weapon in the fight against cybercrime, cannot be left unsupervised, at least in the foreseeable future, and will always need human assistance by trained, experienced security professionals and a vigilant workforce. This two-factor AI plus human intelligence (HI) security, if implemented fastidiously as a policy guideline across the enterprise, will go a long way in winning the war against cybercrime .
7 AI-based cybersecurity companies
Below is more about the leading emerging AI-first cybersecurity companies. Each of them bite off a section of enterprise security needs. A robust cybersecurity strategy, which has to defend at all points, is almost impossible for a single company to manage. Attack fronts include hardware infrastructure (data centers and clouds), desktops, mobile devices (cellphones, laptops, tablets, external storage devices, etc.), IoT devices, software applications, data, data pipelines, operational processes, physical sites including home offices, communication channels (email, chat, social networks), insider attacks, and perhaps most importantly, employee and contractor security awareness training. With bad actors leveraging an ever widening range of attack techniques against enterprises (phishing, malware, DoS, DDoS, MitM, XSS, etc.), security technical leaders need all the help they can get.
CrowdStrike’s Falcon suite of products are could-native, AI-powered cyber security solutions for companies of all sizes. These products cover next-gen antivirus, endpoint detection and response, threat intelligence, threat hunting, IT hygiene, incident response, and proactive services. CrowdStrike says it uses something called ‘signatureless’ artificial intelligence/machine learning, which means it does not rely on a signature ( i.e. a unique set of characteristics within the virus that differentiates it from other viruses). The AI can detect hitherto unknown threats using something it calls Indicator of Attack (IOA) — a way to determine the intent of a potential attack — to stop known and unknown threats in real-time. Based in Sunnyvale, California, this company has raised $481 million in funding and says it has almost 5,000 customers. The company has grown rapidly by focusing mainly on its endpoint threat detection and response product called Falcon Prevent, which leverages behavioral pattern matching techniques from crowd-sourced data. It gained recognition for handling the high-profile DNC cyber attacks in 2016.
Darktrace offers cloud-native, self learning, AI-based enterprise cyber security. The system works by understanding your organization’s ‘DNA’ and its normal healthy state. It then uses machine learning to identify any deviations from this healthy state, i.e. any intrusions that can affect the health of the enterprise and then triggers instantaneous and autonomous defense mechanisms. In this way, it describes itself as similar to antibodies in a human immune system. It protects the enterprise on various fronts including workforce devices and IoT, SaaS, and email. It leverages unsupervised machine learning techniques in a system called Antigena to scan for potential threats and stop attacks before they can happen. The Cambridge, U.K.- and San Francisco, U.S.-based company has raised more than $230M in funding and says it has more than 4,000 customers.
Vectra’s Cognito NDR platform uses behavioral detection algorithms to analyze metadata from captured packets revealing hidden and unknown attackers in real time, whether traffic is encrypted or not. By providing real-time attack visibility and non-stop automated threat hunting that’s powered by always-learning behavioral models, it cuts cybercriminal dwell times and speeds up response times. The Cognito product uses a combination of supervised and unsupervised machine learning and deep learning techniques to glean patterns and act upon them automatically. The San Jose, California-headquartered Vectra has raised $223M in funding and claims “thousands” of enterprise clients.
SparkCognition’s DeepArmor is an AI-built end-point cybersecurity solution for enterprises that provides protection against known software vulnerabilities exploitable by cyber criminals. It protects against attack vectors such as ransomware, viruses, malware, and offers threat visibility and management. DeepArmor’s technology leverages big data, NLP, and SparkCognition’s patented machine learning algorithms to protect enterprises from what it says are more than 400 million new malware variants discovered each year. Lenovo partnered with SparkCognition in October 2019 to launch DeepArmor Small Business. SparkCognition has raised roughly $175M in funding and boasts “thousands” of enterprise clients.
Vade Secure is one of the leading products in predictive email defense. It claims it protects a billion mailboxes across 76 countries. Its product helps protect users from advanced email security threats, including phishing, spear phishing, and malware. Vade Secure’s AI products leverage a multi-layered approach, including using supervised machine learning models trained on a massive dataset of more than 600 million mailboxes administered by the world’s largest ISPs. The France- and U.S.-based company has raised almost $100 million in funding and says it has more than 5,000 clients.
SAP NS2’s approach is to apply the latest advancements in AI and machine learning to problems like cybersecurity and counterterrorism, working with a variety of U.S. security agencies and enterprises. Its technology adopts the philosophy that security in this new era requires a balance of human and machine intelligence. In 2019, NS2 won the Defense Security Service James S. Cogswell Outstanding Industrial Security Achievement Award.
Blue Hexagon offers deep learning-based real-time security for network threat detection and response in both enterprise network and cloud environments. It claims to deliver industry-leading sub-second threat detection with full AI-verdict explanation, threat categorization, and killchain (i.e. the structure of an attack starting with identifying the target, counter attack used to nullify the target, and proof of the destruction of the target). The Sunnyvale, California-based company has raised $37M in funding.
VentureBeat is the host of Transform, the world’s leading AI event focused on business and technology decision makers in applied AI, and in our July 2021 event (12-16 July), AI in cybersecurity will be one of the key areas we will be focusing on. Register early and join us to learn more.
The author will be speaking at the DTX Cyber Security event next week. Register early to learn more.
Best practices for a successful AI Center of Excellence:
A guide for both CoEs and business units Access here