AI and Cybersecurity: Understanding the Advantages and Limitations
In our earlier blog post on AI, Lastline co-founder Giovanni Vigna defined some key terms and dispelled some misperceptions about the differences between artificial intelligence (AI) and machine learning. Today we’d like to continue the discussion by looking at what AI can do particularly well, and it’s limitations.
While AI is being leveraged in a wide number of areas, cybersecurity is one that has received special attention because of the rate at which threats are evolving and the volume of attacks. Organizations require a solution that can keep up. AI sometimes is championed as that solution – a silver bullet that will “solve” cybersecurity. While that isn’t the case, AI is an exciting technology that provides some real-world benefits today, and promises to have even greater potential for the future.
Rise of the (AI) Machines
Cisco’s 2018 Annual Cybersecurity News Report found that nearly a third of CISOs have adopted AI as a way to improve the overall effectiveness of their cybersecurity strategy. Many security leaders reported that they were now “completely reliant” upon AI technology to protect their networks and sensitive data.
As malicious programs have become more advanced, they have learned to hide themselves better. They can alter their own code, making it nearly impossible for older technology to detect them. AI-based cybersecurity solutions however can identify malicious behavior patterns in network traffic and in files and websites being introduced to a network. The catch is that AI algorithms alone can only identify what they have been trained to identify. While machine learning (a particular type of AI) makes it possible for an artificial intelligence system to grow and adapt over time, they’re still limited by how they were initially set up and trained.
Through machine learning, the AI becomes smarter, learning to identify even more complex behavioral patterns. Machine learning can be used to tailor an AI-based solution to a specific network and environment and can be used to identify progressively more complex threats as they are developed. But they need human guidance and course correcting.
And, of course, security professionals aren’t the only ones using AI – malicious attackers are, as well. This has escalated into an arms race between the two sides, with both malicious programs and security solutions becoming steadily more intelligent.
AI Benefits and Limitations for Cybersecurity
Artificial intelligence cannot do anything that humans cannot. After all the whole premise of AI is to create a machine that imitates human behavior. But it can do things faster, and can analyze large volumes of data that would be very time consuming for a human. AI can automatically use complex pattern recognition tools to identify the hallmarks of a malicious program. While it’s not all-powerful and cannot identify all threats, it’s an essential tool that reduces the amount of time that IT professionals need to spend investigating alerts. And therein lies perhaps the most important benefit of AI.
Here are a few of the major advantages of using AI for cybersecurity:
- AI can handle the volume. Artificial intelligence automates the process of detecting advanced threats. AI can analyze the very large volume of activity that takes place across a company’s network and the massive volume of emails, files, and websites accessed by employees in a small fraction of the time needed by humans. While AI is not 100% accurate in detecting threats, it can identify the vast majority of activity and samples that are benign, allowing its human counterparts to focus on the relatively small number of suspicious, potentially malicious remainder.
- AI cybersecurity can learn over time. AI can identify malicious attacks based on the behaviors of applications and the behavior of the network as a whole. Over time, AI cybersecurity solutions learn about a network’s regular traffic and behaviors and can spot deviations from the norm.
- Artificial intelligence identifies unknown threats. Hundreds of millions of malicious attacks are launched every year.
Cybersecurity professionals often find themselves playing catch up with these threats, which are frequently a step ahead. Since network security solutions that use artificial intelligence don’t rely on signatures, they can spot zero-day attacks.
The Limitations of AI for Cybersecurity
Though AI is very powerful, it is still a relatively new technology when it comes to cybersecurity, and still has some limitations.
AI is not sophisticated enough to replace human analysts; there’s still the potential for false positives and missed detection. AI is best used as a tool for human analysts to use – as it reduces the amount of time and resources that need to be spent evaluating potential threats – but not a tool to replace analysts.
Here are some of the potential limitations of AI:
- Cyber threats are constantly evolving. Bad actors are creative and have virtually unlimited resources; in some areas, cybercrime is an economy unto itself. As new threats emerge, security solutions that use artificial intelligence have to be re-trained in order to keep up.
- Cybercriminals use AI, too. They are able to acquire AI-driven cybersecurity solutions and test their malicious programs against them. As a result, they can theoretically create an AI proof malware strain. They also use machine learning to understand what AI-based security systems are looking for, and then can either disguise their attack or pollute the sample so that their attack appears to be benign. Security is the only field where AI systems fight back.
- It’s better to be cautious. AI systems are not yet advanced enough to be 100% accurate in distinguishing between malicious and benign activity. To protect a network and its applications and data, most cybersecurity solutions – including AI-based solutions – err on the side of caution. That is, when in doubt, flag something as anomalous and potentially threatening. This creates alerts about anomalous activities that need to be investigated by human analysts and turn out to be benign. The alternative to being cautious in order to minimize the number of false positives risks missing real attacks.
Artificial intelligence can quickly detect many cybersecurity threats, escalating the issues to the attention of human analysts. AI can save human analysts significant amounts of time and identify threats that they potentially wouldn’t be able to. At the same time, it cannot completely replace dedicated IT professionals.
AI is increasingly being integrated into next-generation cybersecurity solutions as a first line of defense. As artificial intelligence becomes even more robust, it will become ever more effective. We’ll revisit it periodically to provide updates on how it’s improving.