Previous articles in this series provided a definition of Artificial Intelligence (AI) and a general overview of its use in Cybersecurity, described various types and subspecialties of AI systems and their respective functions, and described the many ways AI is being used in Cybersecurity today.
Now we’ll look at the three main functionalities of an Artificial Intelligence system that set it apart from other Cybersecurity tools. These three unique functionalities are as follows:
- AI can learn: One of the main themes that has been pointed is that a good AI system can learn, with or without human intervention (of course, the latter is much more preferred). The way that it learns is that literally billions of pieces of data are fed into it, via many intelligence feeds. Once this data is fed into it, the Artificial Intelligence tool can then “learn” from it by unearthing any trends or threat vector-based attack signatures that have not been discovered previously. It can even also learn from known trends as well. By combining these two together, the AI system can then make reasonably accurate observations or predictions as to what the Cyber Threat Landscape will look like on a daily basis, if that it is what the main purpose of has been designed to accomplish. It is important to note, while this is done on a 24 X 7 X 365 basis, the data and information that is fed into it must be done on an almost minute by minute basis. If this is not done, the AI system can lose its robustness very quickly, can literally become “stale”. Also, based upon the datasets that are fed into it, a good AI system can also even make recommendations to the IT Security team as to what the best course of action it can take in just a matter of minutes. In this regard, Artificial Intelligence can also be used as a vehicle for threat mitigation by the Cyber Incident Response Team. An AI system that is designed for the Cybersecurity Industry can also digest, analyze, and learn from both structured and unstructured datasets (this even includes the analysis of written content, such as blogs, news articles, etc.).
- AI can reason: Unlike the other traditional security technologies, Artificial Intelligence tools can also reason and even make unbiased decisions based upon the information and data that is fed into it. For example, with very high levels of accuracy and reliability, it can “… identify the relationships between threats, such as malicious files, suspicious IP addresses or insiders.” (Source 1)In other words, an AI system can look at multiple threat vectors all at once and take notice of any correlations that may exist between them. From this, a profile of the Cyberattacker can be created and even used to prevent other new threat variants from penetrating into the lines of defenses. Very often, a Cyberattacker will launch differing attacks so that they can evade detection. For example, Cyberattackers have been known to hide their tracks after penetrating an IT/Network Infrastructure by covertly editing the system logs of the servers, or even just simply reset the modification date on a file that has been hijacked but replaced with a phony file. These cannot be detected by the standard Intrusion Detection Systems (IDSs) that are being used today; they can only be discovered by anomalies if significant deviations can be found. But with the use of AI, these and other hidden commonalities can be discovered very quickly in order to track down the very elusive Cyberattacker. Also, an AI system does not take a “Garbage In/Garbage Out” view of a threat vector. It tries to make logical hypotheses based upon what it has learned in the past. In fact, it has been claimed that Artificial Intelligence can respond to a new threat variant 60X faster than a human could ever possibly do.(Source 2)
- AI can augment: Again, as it has been mentioned before in the last subsection, one of the biggest advantages of Artificial Intelligence in Cybersecurity is that it can augment existing resources. Whether it is from filling the void from the lack of the labor shortage, or simply automating routine tasks that need to be done, or even filtering through all the false positive warnings and messages to determine which of those are for real, AI can absorb all of these time consuming functions that can take an IT Security team hours to accomplish and get them done in just a matter of minutes. It can also be a great tool to conduct tedious research-based tasks, can calculate the levels of risk very quickly so that the IT Security team can respond to a Cyber Threat in just a matter of seconds and mitigate it quickly.
The Importance of Artificial Intelligence In Cybersecurity
To further substantiate the need for Artificial Intelligence in Cybersecurity, a recent study by Capgemini (which is entitled “Reinventing Cybersecurity With Artificial Intelligence”) discovered the following:
- 64% of businesses feel that they need robust AI tools in order to combat the threat from Cyberattackers.
- 73% of businesses are now developing test cases for using Artificial Intelligence primarily for Network Security purposes. This is illustrated in the diagram below:
- 51% of CIOs and CISOs are planning to make extensive use of Artificial Intelligence as it relates to Threat Hunting and Detection. This is illustrated below:
- 64% of the CIOs and CISOs claim that using Artificial Intelligence actually decreases the time it takes to respond to a particular Cyberattack, and the corresponding response time has increased by 12% as can be seen in the diagram below:
The top 5 use cases for Artificial Intelligence are as follows:
- Fraud Detection
- Malware Detection
- Intrusion Detection
- Calculating risk levels for Network Security purposes
- Behavioral Analysis.
This can be seen pictorially below:
An overwhelming 56% of Cybersecurity Executives claim that their respective staffs are too overworked and overburdened; and that an alarming 23% of these teams cannot even respond to Cyber threats as they occur.
- 48% of the CIOs and CISOs claim that plan to increase their budget for Cybersecurity by at least 29% in 2020.
Note: It is important to mention that 850 CIOs and CISOs as well other security executives were polled in this survey. Further details on this study by Capgemini can be found via this link.
Overall, it appears that the spending on Artificial Intelligence in the Cybersecurity Industry will grow exponentially in the coming years, as substantiated by the diagram below:
Overall, it is expected that in the United States, the spending on Artificial Intelligence technologies will be at $38.2 billion by 2026. The main catalysts for this growth are as follows:
- The rise of interconnected devices brought on by the evolution of the Internet of Things (IoT)
- The overall growth rate of newer Cyber Threat variants
- Concerns of information and data leakage
- The increasing vulnerability of Wi-Fi networks
- The security posed by the various Social Media platforms (which include the likes of Facebook, Twitter, Linked In, Instagram, Pinterest, etc.)
Next up: How to prepare and deploy an AI system in your business
So far, this series has served as a deep dive into the many facets of Artificial Intelligence and its use in Cybersecurity. Next you may be eager to deploy such a system to protect your business. This is often an overwhelming proposition. To help you take that next important step, the fifth and final installment of the series will offer practical guidance and a checklist that will prove useful in your consideration of the deployment of an Artificial Intelligence system.
Ravi Das is a Cybersecurity Consultant and Business Development Specialist. He also does Cybersecurity Consulting through his private practice, RaviDas Tech, Inc. He also possesses the Certified in Cybersecurity (CC) cert from the ISC2.