Artificial Intelligence (AI) and Machine Learning (ML): Everyone is enthusiastic about the next cool thing as the IT industry continues to develop. So far we have already learned that euphemisms like a cloud and big data have been used often, and now the spotlight is on Artificial Intelligence (AI) and Machine Learning (ML). In the cybersecurity business sector, what would that mean? How are we reaping the benefits of it? But what about HUMANS? What about ‘The YOU and ME‘?
It is important to make the distinction between Artificial Intelligence (AI) and Machine Learning (ML). They very often go hand in hand because Machine Learning (ML) is a subset of AI. Artificial Intelligence (AI) is redefined by John McCarthy here as: “Building highly intelligent machines with engineering and science.” Machine learning (ML) was classified by Arthur Samuel here as: “A longitudinal study outfield that enables computers to actually learn despite explicit programming.”
Isaac Asimov penned in 1964 out about a visit back to the 2014 World Fair: “A.D’s world! In 2014 there was very little daily work that certain machines can’t do much better than that of any human being. Therefore, mankind will have essentially become just another species of machine tenders.”
On a number of levels, we agree with this statement. We have seen evidence of this across a number of other industry sectors. A couple of examples to highlight this could be the Uber replacing call operators/route planners in the Taxi industry, or Ocado with their warehouse robots that autonomously pick your shopping the items for your home deliveries. There are many other incredible examples across the globe and have been huge advances in this technology area.
In recent years, this area has seen significant growth and serious investment. Why? We think there is an obvious direct correlation with the rise of available cloud computing power from large cloud vendors which has led to accelerated growth in this area. Previously without access to these services, the initial investment and development costs required for innovation purposes in this area were quite cost prohibitive.
Artificial Intelligence (AI) and Machine Learning (ML): Humans vs Machines
If we take the example of the humble Rubik cube and its 43 quintillion combinations. In 2016 Feliks Zemdegs from Australia broke the Guinness World Record by completing it in 4.73 seconds. This is miles faster than my screwdriver as a child and me. The following year in 2017 up stepped the machine challenger designed and built by Ben Katz and Jared Di Carlo. Their robot completed the Rubik cube in an astounding 0.637 seconds.
The difference here highlights the way the technology and industries are heading. Not only was it faster, but the other advantages of the robot are that it will not tire, need a lunch break, to go home to his family and take the weekends off. So there are obvious benefits of deploying this technology in the right area.
Artificial Intelligence (AI) and Machine Learning (ML): Machine vs Machines
During a visit to Europe in June 2019, one of the exhibitors stands had a “black box” penetration testing solution. This could be deployed within your own network, and it would use Machine Learning (ML) and known patterns to attack with within to help identify gaps.
Clearly, if there is an increasing amount of automated Artificial Intelligence (AI) and Machine Learning-based attacks available for the “good guys” to buy, then there must be an equivalent owned by the “bad guys” hard at work 24×7. Therefore, our defenses need to also respond in the same way and the only logical conclusion is that you need machines to fight the machines.
That said, my view for the foreseeable future is that these enhancements we are seeing right now will not replace our staff, but augment their skill sets: empowering them with greater tools to perform their jobs faster and more efficiently to get better results.
In the scenario where one million new events happen overnight, the data reported in the system will be vastly different to the day before.
There is a need to interpret that and understand where the data came from, what has happened and why. Artificial Intelligence (AI) and Machine Learning (ML) would be able to do that, but a mix of human and Artificial Intelligence (AI) will provide much better context.
Equally important is the ability for our staff to correct/reverse or police any of the changes made that actually weaken our position or do not align with the business goals.
The challenge is because there is no single attack vector, no single product that defends us – how do we align our defenses? How do we make best use of Artificial Intelligence (AI) and Machine Learning (ML)?
1. Understand your environment. Know your assets and which store your critical data. Where are your weak points: – how do you rectify them?
2. Focus on the right thing to automate. If there are known processes, start with them and monitor closely and validate the results.
3. Weigh up the cost of automation vs the cost benefits. As with everything, are you trying to fix a £100k problem by spending £1 Million?
4. Augment your staff skill sets. This is where Artificial Intelligence (AI) and Machine Learning (ML) come into play. By providing them tools to monitor and protect the environment that can:
- Process Information Faster and At Scale.
- Correlate information across a number of sources to spot related behavioral patterns/anomalous behavior.
- React fast and make decisions on our behalf.
- Detect, Protect, Alert, Repeat.
5. Regularly review. The ever changing threat landscape and new techniques mean we have to be adaptable to change. This means reviewing often to ensure our focus is in the right area.
The future can not be possibly predicted by anyone. In the same article that Ashimov wrote, he mentioned “Compressed air jets could well lift off-road land vehicles, which will alleviate paving concerns, among other aspects.” What we do know is that large vendors continue to develop in this area at a pace.
There are lots of exciting opportunities to creatively solve the challenges. The ever-changing threat landscape and new techniques mean we have to be adaptable to change. The important thing is how you make use of the choices available to provide the best level of protection.