The Role of Machine Learning & Artificial Intelligence in Cybersecurity

Dec 23, 2019

Cybersecurity has been an imminent concern over the past few years. In almost every industry, increased improvements are being made to secure sensitive data and company information against criminals, viruses, and other cyber-threats. The global cybersecurity industry is anticipated to record a valuation of over USD 300 billion by 2024. Significant improvements in detecting cyber threats have been made by utilizing Machine Learning (ML) and Artificial Intelligence (AI) methodologies. Machine Learning is the process of using data to make predictions by ‘training’ the dataset. This is done based on algorithms and statistical models, without providing any explicit information. As a result, the model can classify a specific attribute, cluster a group of objects, describe and present a plethora of useful information, that may otherwise be undiscovered by human analysis. Despite the presence of ML techniques, there is still a constant need for more qualified security experts in this industry.

Many organizations struggle with finding the optimal balance between utilizing human analysts and implementing ML strategies for the overall cybersecurity architecture. MIT’s Computer Science and Artificial Intelligence Lab (CSAIL) developed a system that showed how the attack detection rate rose to 85% with a five-fold decrease in false positives. This result was achieved by a combined effort of human analyst intuition and ML techniques that helped successfully implement the AI platform.

Traditionally, companies utilize tools that address Advanced Persistent Threats (APTs). APTs refer to threats that are based on historical information. If a threat has occurred in the past, another threat that occurs with similar characteristics will be detected. However, if it is a novel threat, it will not be detected by those systems. One way to mitigate this problem is to develop Security Operation Centers (SOCs). A Security Operation Center is a facility that houses an information security team responsible for analyzing and monitoring the security posture of an enterprise on an ongoing basis. As opposed to a regular IT team, the SOC constitutes a team of highly experienced cybersecurity analysts and trained engineers. By using a wide variety of computer programs and dedicated security processes, these individuals can identify flaws in the company’s vital infrastructure and prevent these vulnerabilities from leading to theft or intrusions. However, the problem with SOCs is that they are expensive to develop and implement. The budget constraints become tighter as security incidents increase and more investment is placed on them. Furthermore, SOCs need to meet a growing number of legal and regulatory compliance. NIST, GLBA, PCI are examples of a few.

Alongside the work that involves technological improvements, there is a set of best practices that can be useful to strengthen a cybersecurity system. For example, a mechanism can be developed that predicts the type of cyber-attacks before it even occurs. This would not only reduce the burden but also reduce the cost for companies.

The big picture for this industry is bright, but also disconcerting. Every aspect of cybersecurity is being redefined by AI. From better endpoint detection and response (EDR) tool to detecting threats as they are happening, to firewalls that utilize deep learning to detecting known and unknown malware. At the same time, however, it will become increasingly important for organizations to reevaluate their risk paradigm, and estimate how much to invest, how much return to expect, how to develop the infrastructure that incorporates a blend of human interaction and technology, and lastly, how to maintain, manage and regulate the system.