There are many discussions across the security industry today that revolve around the need for companies to leverage artificial intelligence or AI. Finding a vendor that doesn’t claim to do AI is hard – it seems that we all are working at it.
While it seems like a logical step for the industry to look towards AI, you could also say it is a natural evolutionary step for security teams in order to keep up with the sheer volume and variety of threats that cyber criminals are developing against them. There were 357 million cases of malware attacks in 2016 and that number has grown exponentially over the past five years, according to the 2017 Symantec Internet Security Threat Report. If that trend continues, we could see over 1 billion attacks in a year by 2020.
With such a high number of threats for the security industry to process, AI seems to have become a promised land for the many vendors that are increasingly placing automation and machine learning into their research labs to process and analyze metadata from billions of threats and indicators of compromise from previous attacks. They are undertaking this step in the hope that they can identify malware before it affects their customers. This is a worthwhile endeavor, for sure, but it isn’t going to be enough to defeat malware authors. The industry needs to go beyond simply categorizing threats.
New Approaches and Capabilities
It’s encouraging to know that there are a variety of approaches to AI across the industry. For that reason it's important for researchers to understand the differences between various approaches, their capabilities, and effectiveness.
Artificial Intelligence is broadly defined as machines that are capable of carrying out necessary tasks in a way that humans would consider "smart." Before we have true AI, we have machine learning, and before that, we have deep learning.
Machine Learning is a subset of AI that provides computing systems access to large amounts of data which enables them to "learn" and carry out necessary tasks without having to be explicitly programmed, end-to-end. Based on the quality and quantity of data fed into it, machine learning can make statements, decisions or predictions with an increasing degree of certainty. With the addition of a feedback loop, it can sense or be informed about whether its previous decisions were right or wrong. This loop enables "learning," and can suggest alternative approaches that can be taken in the future. The outcome is a neural network of inputs, connections, probabilities and predictions.
Deep Learning is another subset of AI that supercharges the machine learning process by increasing the layers and the connections while running massive amounts of data through it to "train" it. The "deep" in deep learning describes all the layers and their interconnections in this neural network.
All three self-learning technologies hold great promise. But the larger issue for organizations is determining how to benefit from one versus the other, and which AI approach will give your security team the results you are after.