Artificial intelligence and machine learning are playing an increasing role in most aspects of enterprise technology.
Because the challenges of cyber security are changing AI is playing an increasing role in defending enterprises from criminals.
Malware is today evolving so fast that manual defences simply cannot keep up.
Researchers at G DATA have been counting new malware types for many years. In 2007 they found 133,253 new malware specimens.
In 2017 it took just four days to see that number of new malware types.
The first six months of 2017 saw a staggering 4.9m new specimens, or 27,000 every single day, or one new type every 3.2 seconds.
In such a world anything but machine assisted defence is impossible.
Machines can sift incoming data and files to remove known malware.
But they can also learn to spot what might be malware based on complex algorithms and by looking at wider network and endpoint behaviour.
AI can analyse vast quantities of data to spot potential attacks.
The most dangerous threat for enterprises are from advanced persistent threats – attackers who lurk on networks for months in order to gain the intelligence and find the weaknesses needed to launch a successful attack. Intelligent monitoring can help security teams spot these types of code before a breach actually occurs.
Systems need time to do this. They need to learn what the normal behaviour of a specific network looks like – every one is slightly different.
But armed with this knowledge they can provide a good defensive tool.
AI is far from perfect.
A common complaint from security teams is systems which sound the alarm too often. False positives remain an issue which requires human intervention to fix. The danger of a system which ‘cries wolf’ too often is that it gets ignored.
Despite this most security systems today include some form of machine learning and intelligence, but not all enterprises are making the best use of technology they have already deployed.
The bad guys are also using AI to help find targets to attack.
Aside from defence AI can also play a major role in incident response.
The reality of cyber security today is that organisations need to accept the inevitability that at some point they will be the victim of an attack or a data breach.
This means creating and practising a detailed incident response to start instantly a problem is spotted.
AI can play a role in helping an organisation run an effective response by automating information exchange and ensuring the right procedures are followed.
AI can also help the organisation learn as much as possible from an attack in order to improve defences in the future.
In the heat of the moment dealing with an incident it is tough to also keep notes of exactly what is happening. Smart systems can help log the details as well as collect evidence for possible prosecutions.
None of this will see an end for the need for the cyber security professional. But it might mean their job description changes. With machines doing more of the routine surveillance and automated protection there will more time for security teams to take a more proactive view of their work.
They will get the chance to look forward and think strategically about keeping the enterprise safe.
The full GDATA blog is here:
And there’s more from HPE here: