Tech Briefing: Using AI for Cybersecurity

“Firewalls Don’t Stop Hackers. AI Might.”

Article: https://www.wired.com/story/firewalls-dont-stop-hackers-ai-might/

Author: Scott Rosenberg

Date: 9/27/17

Even when organizations follow all the right procedures and take all necessary precautions, they are still vulnerable to security attacks. Hackers can still find a way in past all defenses. Nicole Eagan, CEO of Darktrace, argues that artificial intelligence (AI) is the only way to effectively defend networks from the kinds of unknown attacks that antivirus scans and other measures will not find. Darktrace uses machine learning to identify what “normal” looks like across a network and all its device and then reports in real time if there are any anomalies or activities in the network that deviate from that “normal” baseline.

Eagle insists that the current way we approach security is flawed. We wait for an attack to happen, and analyze that attack after-the-fact to try and see how we can better protect ourselves next time. But the problem, Eagle notes, is that we are just chasing yesterday’s attack and the next attack may be different – the attacker may find a new vector, especially knowing we are protecting against the previous kinds of attacks. Darktrace’s approach is about learning in real time what is going on, and using AI to recommend actions to take. The AI can do this even if the attack is one that has never been seen before. In this way, Darktrace insists we strategically plan ahead when it comes to cyber risk, rather than merely react to the past.

Eagle uses the human immune system as an analogy for this concept. The immune system has a very precise response when it senses an infection. It is always running in the background and we do not have to think about it. We just trust it knows what it is doing and will react when needed. And, like immune systems, the longer machine learning and unsupervised self-learning systems are in place, the smarter and stronger they get. The more things it gets exposed to, the stronger it gets.

Eagle also introduced the idea of a sort of cyber risk score. Like a credit rating, this would be a dynamically changing, real-time score that analyzes and reports an organization’s level of cyber risk. Organizations in a supply chain must share their score with each other so others in the chain are aware if an organization has a poor score and is more vulnerable to security threats. Eagle argues this will change the future of cyber risk insurance and can also extend to consumers. For instance, a consumer may be more reluctant to bank with a certain institution if it has a low cyber risk score.

To summarize her point, Eagle claims the great thing about their approach is that you don’t have to try and figure out what you need to do with your device to secure it. Darktrace just models the device’s behavior, identifying what is and is not normal, and monitors it continuously to know whether or not it is under attack.

I find this concept to be very interesting and believe it can be very effective. However, like anything, it would need to be tested in practice and proven to work. If it does, I can see organizations beginning to adopt this. I do not believe it should replace anything currently in place, but it would be a great extension of an organization’s current security defense mechanisms to better protect themselves against the growing depth and breadth of cyber threats.

Regarding the cyber risk score, I too think this could be a good idea, if it works well and accurately, and without significant cost. On the supply-chain side, the transparency along the chain is fair so that organizations can protect themselves if they are at risk. On the consumer side, this allows consumers to know the risk of doing business with an organization. What is also great is that this would incentivize organizations to increase their cyber risk score or else consumers will not want to use them. However, I do see some concerning drawbacks. If an organization’s cyber risk score is public, attackers can see this as well and target organizations with low scores. Thus, this concept would need to be given serious consideration before being implemented.

If it works, I think the use of AI and machine learning to detect network attacks will be a promising new avenue for organizations to protect themselves, their partners, and consumers.

Additional Links:

https://www.darktrace.com/
https://www.cnet.com/news/cyberattacks-artificial-intelligence-ai-hackers-defcon-black-hat/
https://digit.hbs.org/submission/darktrace-using-machine-learning-for-cyber-security/