Skip to content Skip to sidebar Skip to footer

Source: ITSocial as of 02-04-2020

 

Since their  advent in the IT landscape,  the concepts of artificial intelligence  (AI) and more  specifically  Machine Learning (ML), have   constantly  animated  the cybersecurity industry.  After  touting   the  potential  of  these  game-changing technologies, experts  question:    is this  really  the  panacea we   expected  or is it  finally just one more tool in a already  vast  arsenal?

AI is on  everyone’s  . Presented  by the Gartner  as  one of the  top 10     data technology trends for 2019,  it  is  nothing   less   than the “futur  of  cybersecurity  ” for Forbes.

 Such  beliefs are rapidly gaining  ground  among   cybersecurity professionals.  A  recent  study of senior cybersecurity   executives   conducted  by  the  Capgemini Research Institute reveals  that:  

  • Faced with new cyber threats,two-thirds of  businesses  (69%) believe  that they will  not  be   en  able to respond  to cyber attacks  without the help  of  artificial intelligence;  
  • 69% say  that AI  improves  the  accuracy  of  detecting security vulnerabilities, and 60% of them  believe  it enhances the   effectiveness of the work of  cybersecurity analysts,   reducing    time   they devote to   the analysis  of false  positives  and  improving     productivity;
  • Two out of three companies plan  to  deploy  AI  systems  as early as  2020  to strengthen  their  .

Clearly,  AI  is  an  effective tool in  implementing   a   cybersecurity strategy. .  But  are we  en  overestimating  its  potential?  

What should we  expect  from  Artificial Intelligence and Machine  Learning?

AI and its  associated  fields, namely Machine Learning, natural language processing    and  automation of robotic processes,  may be   “trending”   terms today,  but  the  phenomenon has not nothing  new in the world of  cybersecurity..

The spam filter, for  example,  is one of the first occurrences of Machine Learning, dating back to the  early  2000s. Over  the  years,the  level  of analysis  of  this  tool has gone from  filtering   certain  words to  accurate analysis  of URLs,  domains,  attachments,etc.

But it  is  the latest  developments in AI  that are attracting  the attention of  the  sector. And for good reason. AI has made great     strides,  helping  to  defend  a range  of  threat  vectors such as  fraud detection,  malware, intrusions,  risk   calculation  and analysis  of   user  and machine behavior,  being  the top five  use cases..  These  uses  are en becoming more  en and more  common:    Capgemini’s   research has shown  that more than  half   of companies  have  already implemented    at  least five  high-impact use.  

However,  is this  tool  as  reliable  as  one  might   think?   It is not a question  of  questioning    the  value  of  AI  or  ML  en  as a   cyber tool,  but  rather  of  questioning  the  possible drawbacks  of  this  “miracle” solution. While discussions in the  upper echelons    revolve  around  the  deployment  of  AI  for  enhanced protection,   there  remains  a  risk of complacency  regarding  protection  against  new threat vectors.  

For all  its  merits,  AI  is  not the only  sesame to use in the face of  cyber threats..  Its  ability  to  carry out in-depth analyses  and in much shorter time frames  than  humans are not, however, a substitute for  the importance  of human intervention.  It  is crucial that we  consider  AI  as  a  tool  to help   cybersecurity teams  in  their  work and not  as  a   replacement  method  – because  that is  when human  and   together   that  cyber defences  are  the most  robust..

A recent study by the Massachusetts Institute of Technology (MIT)showed  that a  combination of human  expertise  and Machine Learning systems  –  called “Supervised Machine Learning” –  is much more effective  than   humans  or  ML  alone . The  supervised model  is  even  up to  ten  times more efficient than its  equivalent  in  ML  alone..

Man and machine:  machine : a collaborative work alongside  Artificial Intelligence

The MIT study looks  at  artificial intelligence  as  a  strategic means  of cyberdefence,  defining it as  a powerful enough tool  to  spot  and  stop  a  whole  series  of  cyberattacks .  However,  when it  comes to social engineering  attacks,   it is not  enough  on  its  own..

More than 99% of  cyberattacks  require  human  action  to  spread  and one of  the most common attacks is  the  compromise of professional emails, otherwise  known as  Business Email Compromise (BEC).  

AI has  great potential when it  comes to identifying  common threats, for example,an  ML  system may  be able to  identify  and  undo  a  threat  contained in a malicious link  or   attachment. .  On the other hand, when it  is   a  BEC-type attack,   it can  only  effectively defend  itself  against current cyber threats    with  the help  of human assistance. .

For all  its  progress,the ML  still does not have  the  capacity to analyze  the nuances and peculiarities  of  human behavior  and  still  misses out  on  crucial cyberattacks.  .

This is without   relying  on the  new techniques of hackers to  redirect  their  angles of attack by  focusing  on  people and no longer infrastructure: unintentionally,  employees remain  the point of  vulnerability  of  and   a  people-centered   approach  to security  is  essential..

And just as  AI and ML  should    not   be  seen  as  a substitute for  human expertise, we  should   not expect  them  to replace current cybersecurity  technologies.  .  Outside of ML, techniques such  as   static analysis,   dynamic behavior analysis  and  l’analyse protocol analysis will continue  to  have  their  place.

Good cyber defence  must  be  as broad and  diverse as the  current threat landscape.  It  is  essential for each  company   to  create  a safety  culture through    employee  training and  education and equip teams with robust defense  techniques  while  en providing them  with  the  best  possible protection. AI  remains  a powerful tool  for   strengthening cyber-defensive  policies  but   cannot  be  considered    the only  remedy for all existing threats..  

By Martin Mackay,  VicePresident Europe at Proofpoint

Show CommentsClose Comments

Leave a comment

News ORS © 2020. All Rights Reserved.