2018: The Year Machine Intelligence Arrived in Cybersecurity

Machine intelligence, in its many forms, began having a significant impact on cybersecurity this year – setting the stage for growing intelligence in security automation for 2019.

Machine intelligence has become a technology player in fields from medical research to financial services. This year it began to make its presence felt in cybersecurity. The initial inroads have been tightly targeted, but some experts say more substantial uses are almost inevitable.

"Intelligence" is a word heavily freighted with meaning in cybersecurity technology because it covers a wide variety of techniques and products. Expert systems, machine learning, deep learning, and artificial intelligence are all represented in the whole, with each being used and promoted by different vendors and service organizations.

Antivirus protection is one of the tasks to which companies are applying intelligence. "Intelligent AV is all about catching more malware, and it really starts with the history of malware detection," says Corey Nachreiner, CTO of WatchGuard Technologies. He describes a series of techniques that look not at code patterns or signatures but at behavioral markers for code that is run in a protected environment. "They can change the way the binary could look, but they can't change what they have to do on your computer to do their bad thing," he says.

In looking for behavioral characteristics and matching them with code and other patterns, machine intelligence can discover patterns involving many more factors than a human could reasonably consider. And in doing so, it also finds related vulnerabilities faster. "What machine learning has really given us is the ability to predict patterns before they actually happen," Nachreiner says.

Intelligence is not only being applied to antivirus products, but it is also finding its way into security services, as well. "The best use of AI is to give security admins the ability to deconflict tasks – to know which, out of scores of possibilities, are critical and will have the greatest impact," says Ann Johnson, corporate vice president in the Microsoft Cybersecurity Solutions Group. She points out the critical requirement for this that comes from the sheer volume of security incidents. "Microsoft sees 6.5 trillion security signals a day. AI helps rationalize them down to a quantity that humans can deal with," she says.

As for the effectiveness of intelligence in dealing with these threats, Johnson points to the emergence of the Smoke Loader credential stealer. "It was blocked on Azure within milliseconds because the AI saw and recognized the pattern," she says.

That effectiveness in recognizing and acting on patterns will be used in more products and services in the future, many experts say. "Machines are really good at looking at vast amounts of data and making sense of it all in a statistical way, and humans are not," says Clarence Chio, CTO and co-founder of Unit21, and author of "Machine Learning & Security."

He points out that the vast majority of intelligence being used in security is "machine learning" rather than "artificial intelligence." That's because a defining characteristic of artificial intelligence is that it can produce an output developers never considered, rather than always creating a conclusion within a known range of responses.

"I think the real challenge in industry is not really the maturity in developing such systems, but to really hone the expectations of people using such things," Chio says.

That expectation will evolve and develop in the coming year, according to many experts. "What it's good at right now is kind of removing all the noise and the grunt work that security analysts or professionals have to deal with," Nachreiner says. "[Still], we're a long away from totally automating out the need for some type of security professional that occasionally has to make a decision."

Related Content:

About the Author(s)

Curtis Franklin, Principal Analyst, Omdia

Curtis Franklin Jr. is Principal Analyst at Omdia, focusing on enterprise security management. Previously, he was senior editor of Dark Reading, editor of Light Reading's Security Now, and executive editor, technology, at InformationWeek, where he was also executive producer of InformationWeek's online radio and podcast episodes

Curtis has been writing about technologies and products in computing and networking since the early 1980s. He has been on staff and contributed to technology-industry publications including BYTE, ComputerWorld, CEO, Enterprise Efficiency, ChannelWeb, Network Computing, InfoWorld, PCWorld, Dark Reading, and ITWorld.com on subjects ranging from mobile enterprise computing to enterprise security and wireless networking.

Curtis is the author of thousands of articles, the co-author of five books, and has been a frequent speaker at computer and networking industry conferences across North America and Europe. His most recent books, Cloud Computing: Technologies and Strategies of the Ubiquitous Data Center, and Securing the Cloud: Security Strategies for the Ubiquitous Data Center, with co-author Brian Chee, are published by Taylor and Francis.

When he's not writing, Curtis is a painter, photographer, cook, and multi-instrumentalist musician. He is active in running, amateur radio (KG4GWA), the MakerFX maker space in Orlando, FL, and is a certified Florida Master Naturalist.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights