Machine-learning Response

So, there’s a growing problem and a challenge; but we know there’s a problem, and the industry is acting vigorously to meet the challenge. Cybersecurity is no longer just about detection and fixing, nor even protecting against known threats. Those are all still important, but the market is looking for action in the areas of predictive threat intelligence and behavior anomaly tracking – both areas in which the concepts of Artificial Intelligence are starting to play a role.

For several years, cybersecurity has been recognized as a leading threat to national security in many countries, including the U.S. In August 2016, DARPA organized and sponsored its first Cyber Grand Challenge, at DefCon24. This was billed as “The World’s First All-Machine Hacking Tournament,” the aim being to push forward research on effective counter-cybercrime methods, including machine-learning techniques.

Investment in cybersecurity companies is buoyant. Recent data, from 2015, saw an estimated $3.8 billion of new investment in cybersecurity, soaring valuations, and several IPOs. The M&A pace has been brisk: PwC estimate $22 billion since 2008.

Darktrace and Cylance (product: “Real Threat Prevention”) both use AI/Machine Learning approaches, and have both attracted solid current investments. Theirs are not small deployment footprints either; Cylance claims to be deployed to four million endpoints. Deploying intelligent agents at endpoints and at critical network junctions is gaining ground for both threat identification and actioned response. Even traditional, health paradigm, security companies know this is the future of cyber protection. Symantec acquired Blue Coat in order to add machine learning capability to its SEPC product.

The most advanced and flexible AIs are being trained to cybersecurity. Microsoft is applying its cognitive service technology, Cortana, to secure networks and their services. IBM has launched a “cognitive” cybersecurity version of Watson. These deep learning, neural-network environments are trained with data sets to tune parameters with minimal expert guidance. However, these AI are flexible enough to augment forensic attack pattern data. “Watson is also designed to ingest research papers, blog posts, news stories, media reports, alerts, textbooks, social media posts, and more to build up knowledge about all the latest cyber threats.”

Many startups are receiving funding and developing unique new solutions based on AI, such as CrowdStrike, Illumio, Tanium, and Skyhigh Networks. There are other aspects of security like cloud data protection and identity management where companies like Ionic Security and Centrify are providing services augmented by machine learning. Related full-fidelity forensic approaches include “immersive security”, pioneered by ProtectWise, which records all traffic and relies on advanced user monitoring visualizations designed by Hollywood. While not themselves an AI, such a complete forensic data capture and archival storage is needed to train AI in what is and is not normal for a specific network. From a buyer’s perspective, all these overlapping fragment solutions make future product purchases for security a complex assessment game. One best solved by an AI trained to map these into functional coverage zones and simulate for optimal protection.