Artificial intelligence transforms information security, but do not wait for instant change.

Although artificial intelligence appeared in the distant 50s, to this day it is one of the most discussed, interesting and controversial technologies in the whole world. More and more used in parallel with cloud computing: virtual server providers are actively involved in the development of the IT infrastructure of organizations involved in the development of artificial intelligence.

Artificial intelligence is a universal term describing a set of technologies that allow a computer to perform various functions like a human being, for example, processing and articulating text, processing natural language, and computer vision.

Machine learning is a class of artificial intelligence methods, a characteristic feature of which is not a direct solution of the problem, but learning in the process of applying solutions to a multitude of similar problems. Those. the idea is that the more data a machine collects, the smarter it becomes.
')
For consumers, the most well-known and used examples of using artificial intelligence are chatbots such as Alex from Amazon or Apple's Siri. Entrepreneurs and corporations, in turn, are more interested in how artificial intelligence software can help in closing “holes”, such as fraud or cyber attacks, as well as in optimizing enterprise performance, for example, improving customer service quality.

The American company Narrative Science in their research found that 38% of corporations are already using artificial intelligence technology, and by the middle of 2018 their number will grow to 62%. International analytic agency Forrester Research predicted that the growth of investment in artificial intelligence technology from this year will increase by 300% with each subsequent year.

Security

Information security companies also want to grab a tasty morsel of new technologies - and this is not surprising, considering the fact that the progression of malware and hackers is increasing.

Thanks to its ability to learn through filtering many examples of behavior in different situations, analyzing a huge amount of data, Artificial Intelligence can help information security managers find “unknown known” security threats, automate responses from the Operations Management Center, and improve recovery after attacks. In short, with highly qualified staff (who is very hard to find), Artificial intelligence can certainly not fill all, but most of the gaps in the IT field.

Experts have long appealed to the need to create a smart, autonomous security system, and Artificial Intelligence, according to cryptographer Bruce Schneier, can be a good help for this task. However, according to the technical director of Resilient Systems (a company specializing in protection against cyber attacks), the hype around security is too bloated. According to him, it is impossible for now to replace people with artificial intelligence, because it is staff who are needed to ensure complete protection. But of course there is interest in the technologies of artificial intelligence, as it is able to increase mental activity, and, therefore, the ideal solution would be to use together human resources and new technologies.

Futurist and author of the book “Robots Attack” Martin Ford said that both “good” hackers and “bad” are already using technologies based on a deep study of neural networks. He also fears that cyber criminals are even going one step ahead in some cases and use bots and automatic attacks. This means that every day the criminals are becoming more sophisticated.

Artificial intelligence will increasingly become valuable in detecting attacks and responding to them quickly in order to protect the system. Unfortunately, many organizations still use fully manual labor, but this approach will have to be changed to keep the systems safe. And many heads of information security departments are on their way to this.

Intertek's IT chief, Dane Warren, said that the rules of the game have completely changed: thanks to enhanced automation, control mechanisms, robotics and intelligent agents, the IT industry is waiting for a broader development of both offensive and defensive capabilities. He also added that these improvements include faster response to security events, better data analysis, and “using statistical models for better prediction or behavior planning.”

Andy Rose, Head of IT at NATS, also noted the benefits. According to him, security has always needed ingenious processes in order to detect a specific “hole” among a huge amount of data, for example, to find and stop spam flow or data leakage channel. People interact with a huge amount of data, which causes great difficulties, and artificial intelligence can be an ideal solution for speeding up and automating the detection of problems in security systems.

Security service providers are constantly evolving and improving due to ever-changing threats and their varieties, and artificial intelligence technologies are not far behind them.

However, technologies usually always change faster than service providers, initial development quickly emerged thanks to new solutions based on artificial intelligence, to improve the efficiency of the Operations Management Center, risk assessment and optimization of detection of network traffic anomalies.

Business newbies like Tanium, Cylance and LogRhythm have already jumped into this cyberspace, but startups such as technology Darktrace, Harvest.AI, PatternEx and StatusToday have also attracted attention.

Giant corporations also do not stand aside and use artificial intelligence in the field of security. For example, Google engineers are working on an artificial intelligence based system that will create its own encryption, replacing the completely traditional captcha. IBM launched Watson technology, Amazon acquired Harvest.AI - both systems use algorithms to identify important documents and IP, and then analyze user behavior to identify possible hacker attacks.

At the moment, these technologies are in the dawn and focused mainly on data analysis, the search for threats and assistance in recovery under the leadership of the employee. But already in the future, artificial intelligence will be able to automate the operations control center before operating 24x7 and allow employees to focus on business continuity and solving critical problems. Artificial intelligence can function as an assistant in the work in many processes - and at a sufficiently high level in analytics, and also at a professional level in the field of security.

PatternEx Chief Researcher Ignacio Arnaldo believes that artificial intelligence will allow information security managers to reach a new level. According to him, the security guards are well aware of the problems and recognize the need for tools that will enhance the efficiency of operational management. Artificial intelligence can do this, but blindly to trust technology, managers are not yet ready, they need proof that artificial intelligence will be much more efficient than a human being.

"Basics of everything"

Many still think that we are running ahead. So while artificial intelligence is just a luxury, because we still live in that era when many companies do not conduct regular patch management.

At the RSA conference this year, cryptographic experts discussed how to use artificial intelligence in the field of security, how to train a machine, and what is the role of man in all this action. Attention was also paid to such issues as the reliability and possible errors of the machine, and some participants expressed the opinion that it is extremely strange to see how safety in its basic concept, compared with the technologies of artificial intelligence, goes to the background.

Andy Rose voiced his position, emphasizing that security professionals must constantly improve and revise the basics of this sphere - general principles and approaches, patching, SDLP, etc., otherwise the technology of artificial intelligence will turn into a program that will tell to you about the many irregularities in the processes that have already happened and you did not prevent them.

Bruce Schneier has a slightly different position. He believes that security can be improved with the help of artificial intelligence, but this technology should be used only by those companies that already have debugged safety techniques and customized processes and are ready to implement the data provided by the machine. The established principles and norms, he said, are only an obstacle to full automation, and he does not care what tools black hackers or supervisory agencies use.

Ford expressed the exact opposite opinion, he believes that the world is facing a real threat. Artificial intelligence will be a great danger in the short and medium term, because paying so much attention to the futuristic view of how machines with super intelligence completely replace a person, we forget that dishonest people will also get unlimited possibilities with these technologies.

Warren agrees that many obstacles will arise in the way of introducing technology that security managers will need to overcome, because this is the technology of the future and it requires far-sighted thinking, while many organizations are still "floundering in the basics." Expensive rewriting of applications and programs, the introduction of new threats - these are just some of the problems that we will encounter with the introduction of artificial intelligence. Therefore, it is necessary to keep a balance in everything, otherwise we will reach a point where the surrounding reality and technologies will no longer keep up.

Artificial mind is not a panacea

Artificial intelligence and security are not required to be together do not spill water. The head of security for Vectra, Günther Olman, in his article in early 2017, noticed that many do not see the difference between automated security and security technologies based on artificial intelligence. And this first of all shows how dangerous it is for security guards to buy solutions that they do not even need, not to mention further the application of technology standards, quality control and management.

PatternEx Chief Researcher Ignacio Arnaldo points out that security based on artificial intelligence technology is not a panacea. First, some attacks are very difficult to catch, because in one organization taken there is a wide range of attacks in different time ranges and in various data sources. Secondly, the nature of the attacks are constantly changing. Therefore, the biggest challenge is the continuous learning of the artificial mind.

Palmer, for his part, also adds a touch of criticism, pointing out that most of the much-touted machine learning technologies are not really self-learning, standing in battle with a client. Instead, they are trained on patterns of malware in the provider cloud and are downloaded to the client, for example, as anti-virus signatures. This approach is not particularly progressive in terms of customer security and remains a fundamentally backward view.

And how soon will we see the latest security technology applications?

Initially, it is necessary to understand that most intrusion prevention systems (IPS) are in IDS mode, i.e. in intrusion detection mode. And this happens because companies do not have enough confidence to rely 100% on intelligent systems to automate choices and uncontrolled changes in their core infrastructure. Rose notes that there are fears that such control without context can cause serious damage to the entire service, and this is a huge threat. But it is also necessary to understand that if we do not use artificial intelligence to improve and modernize security systems, then this technology will definitely be developed by “bad guys” for our own purposes, and this will be a worse problem.

Palmer is absolutely sure of one thing - automation and ease of use are the only ways that can improve security, and artificial intelligence will definitely take a significant share in this area.