AI Supports Both Sides of the Security Fence

    IT security experts are understandably excited by the prospect of unleashing artificial intelligence (AI) to combat the myriad threats that imperil their systems and data. At the same time, however, they are worried about how the same technology might empower their foes.

    Technology doesn’t play favorites, of course; we saw this with machine guns, nuclear weapons and now cybernetics. And security has long been a zero-sum game: Even as we try to get one step ahead of our rivals with the newest technologies, we often end up just maintaining parity or at best a short-lived advantage.

    Heading into 2019, AI-based security solutions will likely take on the most challenging problems, particularly those involving large complex data sets like DoS attacks and ransomware lockdowns. But as with any intelligent system, success will depend largely on the quality of data and training the enterprise provides, not some inborn capability straight out of the development cycle. As legal expert Mark Deem explained to Information Age recently, accurate data, and lots of it, is the only way to prepare machine learning algorithms and other tools to cope with the sheer complexity of today’s data universe. Ultimately, AI will have to follow the same trajectory in the security realm as it will in sales, marketing or any other function: first as a tool to perform advanced analytics, then as an elevated means to drive innovation and steadily improving performance.

    But if cybercriminals have access to the same intelligent capabilities as the enterprise, is there any real hope that our increasingly vital data ecosystem will ever be truly safe? Perhaps not completely, but like a game of chess, security is more about out-thinking your opponent than playing with better pieces. To that end, how might today’s hacker employ AI and what is the appropriate counter-move?

    According to McAfee, we can expect the bad guys to leverage AI first and foremost to evade detection. One way this will likely play out is in the relatively new technique called “process doppelganging,” in which malicious code appears to be legitimate. Using AI, these attacks will be able to adjust to slower or static security measures, giving them more time to work their way into systems and data stores before defenders realize something is amiss. The only response, of course, is to place security solutions on the same footing as the attack by leveraging AI to constantly adjust to the changing digital environment.

    Companies like IBM are already demonstrating how this can be done. The company recently announced a new series of capabilities in its QRadar Advisor with Watson platform that allow it to learn and contextualize threat behavior in order to craft an effective response. According to Computer Dealer News, the updates include a new threat disposition model that helps weed out false positives and provide insight into the nature of actual attacks, plus a cross-investigation analytics engine that seeks to streamline responses to massive, multi-pronged security events. (Disclosure: I provide content services to IBM.)

    Matching wits with cyber-baddies is the sexy application for AI in the security realm, but in many ways the work will be mundane. Security, after all, is a process, and much of it is routine – that is to say, dull. Through intelligent automation, many of these tasks – everything from identity and password management to network monitoring and data encryption – can be handled more quickly and efficiently through AI, with far fewer errors that only serve to increase the number of security vulnerabilities into critical systems. At the same time, AI implementations like image and voice processing will lead to entirely new levels of physical security, not just in the enterprise or the data center but virtually anywhere humans tend to gather.

    AI is a game-changer for security, but only up to a point. Intelligent platforms will certainly allow the enterprise to elevate its game against the underworld, but the reverse is true as well. In the end, both offensive and defensive security capabilities will become faster, more flexible and more scalable, which means the advantage will go to whomever leverages these technologies in the most creative, innovative ways.

    Arthur Cole writes about infrastructure for IT Business Edge. Cole has been covering the high-tech media and computing industries for more than 20 years, having served as editor of TV Technology, Video Technology News, Internet News and Multimedia Weekly. His contributions have appeared in Communications Today and Enterprise Networking Planet and as web content for numerous high-tech clients like TwinStrata and Carpathia. Follow Art on Twitter @acole602.

    Arthur Cole
    Arthur Cole
    With more than 20 years of experience in technology journalism, Arthur has written on the rise of everything from the first digital video editing platforms to virtualization, advanced cloud architectures and the Internet of Things. He is a regular contributor to IT Business Edge and Enterprise Networking Planet and provides blog posts and other web content to numerous company web sites in the high-tech and data communications industries.

    Latest Articles