Will 2017 be the year that artificial intelligence (AI) and machine learning become an important front-line tool for cybersecurity? A number of security professionals I’ve heard from think so.
When I was looking for security predictions, Paul Shomo, technical manager Strategic Partnerships with Guidance Software, sent this along to me:
In 2016, AI went mainstream with its ability to detect malware binaries on the disk, including the polymorphic variants missed by signatures. In 2017, AI will conquer dynamic analysis, adding the detection of running and injected processes to its accomplishments.
When I asked him to explain this a little more in depth, he told me that AI or machine learning-based approaches look at binary files on the hard drive, and are unable to examine memory resident or “injected” malware. The upshot is that running malware that deletes its files off the disk can defeat machine learning every time. He continued:
The solution is analyzing processes as they run, but this has proven difficult. Static files are judged simply by looking inside of them. Dynamic analysis is harder because the code actually running in memory comes from many places, is unpredictable and difficult to access. Likely memory forensic techniques will need to be coupled with machine learning to access datasets similar to what existing AI is having success with.
Roman Foeckl, CEO with CoSoSys, agreed that AI could be an important part of our cybersecurity defense in 2017, telling me in an email that cybersecurity tools will be equipped with AI for better detection and prevention of security incidents, adding:
In DLP, for example, AI can make a big difference because it will be able to generate data transfers and manipulation patterns for a more effective protection of sensitive data.
It makes sense that we begin to turn to AI for security defenses. Threats are becoming more complex, as a Recorded Future blog pointed out, and human analysis needs assistance. I think that AI will be a necessary tool to address the current security skills gap; we just don’t have enough hands on deck to detect, address and fight threats. AI isn’t going to replace humans, but it can certainly provide an assist.
However, AI isn’t perfect, nor is it immune from its own potential threats, as John Worrall, CMO at CyberArk, told me via email:
As we’ve seen with other technologies, as AI becomes commoditized, we can expect cyber attackers to take advantage of AI in a similar way as businesses. Much like 2016 saw the first massive IoT-driven botnet unleashed on the Internet, 2017 will be characterized by the first AI-driven cyber attack.
Worrall added that these attacks will be characterized by their ability to learn and get better as they evolve. This type of advanced attack will transform and become commonplace, driving a huge economic spike in the hacker underground.
It makes sense. We should expect any connected tools to be at risk for threats, but I think in the long run, AI will do more as a cybersecurity tool than as a cybersecurity threat. Or at least I hope so. In any case, expect 2017 to be the year when AI and cybersecurity are terms used together a lot.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba