Cyber security vendors like to throw around buzzwords like "machine learning" and "artificial intelligence" but how much have improvements in data science benefitted cyber security technologies? Not as much as you might think, according to an article by QOMPLX CEO Jason Crabtree and CTO Andrew Sellers.
The article, Just Over the Horizon: Cyber Security and the (Coming?) AI Cavalry, appears in the latest edition of Pulse, a publication of the UK's Chartered Institute of Information Security (CIISec). In it, Crabtree and Sellers argue that - thus far- the benefits of improvements in machine learning and AI have mostly gone to the bad guys.
AI Advantage: Attackers
"Data science has almost certainly helped malicious actors more than it has defenders through the automation of scanning, exploitation, execution of ransomware, phishing, and business email compromise campaigns," the two write. "These previously manual activities were loss drivers for cyber criminal businesses.
AI and ML’s biggest impact on cybersecurity, therefore, has been
to amplify the threat by handing an asymmetric advantage to attackers."
"Cyber defenders have not yet caught up with these increasingly well-equipped and resourced sentient adversaries." – Jason Crabtree, CEO & Andrew Sellers, CTO QOMPLX
A Bright(er) Future for AI-Powered Cyber Defense
But while the benefits of machine learning and AI haven't made life easier for cyber defenders, the future may well be much brighter for cyber defenders, as next generation data analytics and automation capabilities start to give the good guys a leg up.
Crabtree and Sellers write that in the coming years, artificial intelligence will benefit from more comprehensive data models (like MITRE's ATT&CK) that will allow "better contextualization in cybersecurity data through knowledge representation and engineering."
A coming generation of AI tools can "baseline the input of data streams to identify abnormalities, enrich sensor telemetry (for example: by using DHCP tables to establish true IP), and apply real- time transformations to organize raw data," the two write. They will also be more transparent, giving defenders confidence in the basis on which AI decisions were made.
You can read more about their vision of how AI will empower defenders in the latest issue of PULSE.