The superior speed and data management skills of a computerized AI tool offer benefits in the identification and remediation of cyber threats. Here is an overview of some recent developments in this area.
IBM’s Watson and Cognitive Security
Watson is the jewel of IBM’s artificial intelligent efforts. It has been used to assist with medical diagnoses and has competed with humans on the television quiz show Jeopardy. The company is focusing on using the power of Watson to provide enhanced cybersecurity.
IBM lists these ways in which AI helps in combatting cybersecurity.
Learning - Watson is trained over time using machine and deep learning techniques to better understand cyber risks and threats.
Reasoning - Reasoning leads to the AI identifying relationships between disparate threats in a fraction of the time required by human analysts.
Augmenting - By curating risk analysis, AI drastically reduces the research necessary for security analysts to respond to threats
These methods come together in IBM’s Watson for Cyber Security. The combination of the cognitive abilities of Watson and their QRadar Advisor creates a powerful tool to alert and address cybersecurity threats.
Darktrace is an AI company that specializes in cyber defense as evidenced in their autonomous response tool Antigena. This technology takes precise action to stop cyber threats within seconds of discovery and prevents other users in the organization from being impacted. The AI that forms the foundation of the tool is able to understand abnormal activity in any business setting and therefore can halt sophisticated attacks before they spread throughout an enterprise.
Antigena has added an email module that can prevent attacks at the point of entry. It provides autonomous security response functionality that helps protect against attacks on a network, email system, or cloud implementation. The AI system is self-learning, requires no setup, and is designed to identify all types of unauthorized intrusion.
Symantec Advanced Threat Protection
Advanced network security through the use of machine learning technology is the goal of Symantec’s Advanced Threat Protection. It employs a number of detection technologies that achieve their functionality through AI and machine learning. They include:
Cynic - This threat detection component detonates suspicious files in a sandbox environment and uses machine learning to compare the results with other files which are known to be malicious.
Suspicious file classifier - Files with unknown dispositions are analyzed by this component to determine if they are malicious. It bases its conclusions on a decision tree that has been constructed through machine learning and training with millions of files.
Potential Drawbacks to the Use of AI
The power of incorporating AI into cybersecurity tools is driving vendors to quickly bring products to market. Caution needs to be taken by firms adopting these products. One potential issue is that in training their AI engines, the information provided to the algorithms may be incomplete and lead to missed attacks. Hackers gaining access to a security system could switch labels and corrupt data to allow malware to appear to be safe code.
AI and machine learning are pushing the boundaries of many aspects of our digital lives, and cybersecurity is no exception. Its judicial use can help protect your systems and data from malicious attacks.