Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
9/20/2017
03:20 PM
Lee Fisher
Lee Fisher
Partner Perspectives
50%
50%

Artificial Intelligence: Getting the Results You Want

Finding a vendor that doesn't claim to do AI is hard these days. But getting the benefits you need and expect is even harder.

There are many discussions across the security industry today that revolve around the need for companies to leverage artificial intelligence or AI. Finding a vendor that doesn’t claim to do AI is hard – it seems that we all are working at it. 

While it seems like a logical step for the industry to look towards AI, you could also say it is a natural evolutionary step for security teams in order to keep up with the sheer volume and variety of threats that cyber criminals are developing against them. There were 357 million cases of malware attacks in 2016 and that number has grown exponentially over the past five years, according to the 2017 Symantec Internet Security Threat Report. If that trend continues, we could see over 1 billion attacks in a year by 2020.

With such a high number of threats for the security industry to process, AI seems to have become a promised land for the many vendors that are increasingly placing automation and machine learning into their research labs to process and analyze metadata from billions of threats and indicators of compromise from previous attacks. They are undertaking this step in the hope that they can identify malware before it affects their customers. This is a worthwhile endeavor, for sure, but it isn’t going to be enough to defeat malware authors. The industry needs to go beyond simply categorizing threats.

New Approaches and Capabilities
It’s encouraging to know that there are a variety of approaches to AI across the industry. For that reason it's important for researchers to understand the differences between various approaches, their capabilities, and effectiveness.

Artificial Intelligence is broadly defined as machines that are capable of carrying out necessary tasks in a way that humans would consider "smart." Before we have true AI, we have machine learning, and before that, we have deep learning.

Machine Learning is a subset of AI that provides computing systems access to large amounts of data which enables them to "learn" and carry out necessary tasks without having to be explicitly programmed, end-to-end. Based on the quality and quantity of data fed into it, machine learning can make statements, decisions or predictions with an increasing degree of certainty. With the addition of a feedback loop, it can sense or be informed about whether its previous decisions were right or wrong. This loop enables "learning," and can suggest alternative approaches that can be taken in the future. The outcome is a neural network of inputs, connections, probabilities and predictions.

Deep Learning is another subset of AI that supercharges the machine learning process by increasing the layers and the connections while running massive amounts of data through it to "train" it.  The "deep" in deep learning describes all the layers and their interconnections in this neural network.

All three self-learning technologies hold great promise. But the larger issue for organizations is determining how to benefit from one versus the other, and which AI approach will give your security team the results you are after. 

Lee Fisher has been described as a true IT security 'guru'. It is certainly apt: his knowledge and expertise developed over the course of more than 20 years in IT have helped many customers implement a security strategy that not only safeguards their business and information, ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
6 Ways Greed Has a Negative Effect on Cybersecurity
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA ,  6/11/2018
Weaponizing IPv6 to Bypass IPv4 Security
John Anderson, Principal Security Consultant, Trustwave Spiderlabs,  6/12/2018
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security Compass,  6/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12026
PUBLISHED: 2018-06-17
During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in tur...
CVE-2018-12027
PUBLISHED: 2018-06-17
An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said ...
CVE-2018-12028
PUBLISHED: 2018-06-17
An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an e...
CVE-2018-12029
PUBLISHED: 2018-06-17
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...
CVE-2018-12071
PUBLISHED: 2018-06-17
A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled.