Timothy Liu is the CTO and cofounder of Hillstone Networks.
getty
While ChatGPT and similar offerings from Microsoft and Google have recently captured the public’s imagination, artificial intelligence (AI) has been in use for decades in diverse applications. Gaming, search engines, language translation, autonomous cars and other systems all make use of AI; in the cybersecurity world, AI-based security products (and those using components of AI like machine learning) began to appear on the market about 20 years ago.
This emergence roughly coincided with the rise of Big Data, the 21st-century phenomenon that has led to a boom in data centers, cloud computing, and overall volumes of data generation and traffic. And that’s where AI thrives in cybersecurity—it can process and analyze huge amounts of data and perform far faster analysis for potential threats or attacks than human means alone.
Regrettably, cybercriminals have discovered and adopted artificial intelligence as well. As a result, the cybersecurity landscape has become a type of modern-day arms race in which attackers and defenders continuously innovate and adapt to parry each other’s tactics and strategies.
On The Attack: Cybercriminals And AI
The democratization of artificial intelligence has been a revolution for cybercriminals, allowing them to generate faster, smarter exploits and precursors to attack. For example, a hacker might use AI to develop a sophisticated, highly convincing social engineering attack tailored for a specific individual or organization. AI-generated realism increases the likelihood of success, which then provides an entry point for further malicious actions.
A simulation called DeepPhish has demonstrated a few years ago at a major cybersecurity conference, using open-source AI and machine learning techniques available online then. The simulation modeled an increase in phishing effectiveness of more than 20%—a sobering thought since social engineering is estimated to be involved in about 80% of all cyberattacks. DeepFakes are yet another concern since AI has proved capable of generating realistic video and voice samples as used in a recent kidnapping scam.
Hackers are or could also use AI to automate attacks against a given target, which speeds up the rate of brute-force password cracking or credential guessing, for example. This type of automation requires minimal effort from the hacker while increasing the odds of achieving entry into the network. AI has also been used to develop highly sophisticated malware that can evade traditional security measures by modifying behaviors or mimicking legitimate software or apps. Bad actors have also used AI to create backdoors and evaluate network vulnerabilities as vectors for attack.
In sum, hackers are upping the ante on the sophistication and effectiveness of their attacks. However, cybersecurity specialists are also elevating their defenses through AI, machine learning and similar techniques.
AI In Cybersecurity
The cybersecurity industry has been an early adopter of AI techniques, beginning with machine learning (ML)—a broad subcategory of AI. As data volumes grew with the Big Data trend, it became next to impossible to accurately identify threat patterns and indicators of compromise by manually reviewing logs and other data. Thus, vendors began adding ML-based threat hunting and detection to many security products like next-gen firewalls and extended detection and response (XDR) systems.
ML algorithms are customized to aggregate and correlate large amounts of data from various sources, then analyze it for indicators of threat or attack. Cybersecurity professionals can then quickly identify and act upon threats, averting potential harm. Further, the algorithms can be "tuned" to an organization’s typical traffic to further reduce false positives. More recently, ML has been combined with “playbooks,” or rule sets that allow security devices to act independently upon certain routine threat scenarios by blocking, diverting or otherwise defusing potential attacks.
AI techniques are also used extensively in malware detection to continuously scan traffic for behaviors that indicate malicious behaviors or patterns. This capability goes beyond the traditional signature databases used for malware detection by helping to identify new variants and zero-day threats that might be missed by antivirus, for example.
Yet another area in which AI benefits cybersecurity is analytics and forensics. By crunching the huge amounts of data in logs and other sources, AI can provide visibility into potential vulnerabilities, abnormal user behaviors and other indications that then allow cybersecurity teams to take proactive steps to remediate them before they become a problem.
Overall, AI in cybersecurity is helping to meet the demand for enhanced security, minimize human error and defend against increasingly sophisticated threats and attacks.
Controversies And Concerns
AI is not without critics and debates, though. Recently, thousands of business and technology leaders have called for a pause in the development of artificial intelligence experiments, calling instead for efforts to refine existing AI systems and develop safety protocols. These concerns are focused on the “profound risks to society and humanity” posed by AI and, more specifically, artificial general intelligence (AGI). AGI attempts to replicate the wondrous capabilities of the human mind, which is beyond the scope of AI and ML as used today in cybersecurity solutions.
Rather, AI in cybersecurity typically takes advantage of the technology’s key strengths—aggregating, correlating, analyzing and (optionally) acting upon the vast amounts of data generated by today’s networks to defend against attacks and malicious use. In this context, AI complements and augments the efforts of cybersecurity teams, relieving them of many burdensome threat-hunting tasks and allowing faster, more accurate cybersecurity response efforts.
Ultimately, AI has been used by cybercriminals for years to hone and improve their malicious efforts, and it’s highly unlikely they’ll retreat to previous methods. As such, it’s critical to maintain and develop AI in cybersecurity to counter existing and emergent threats.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
