Analytics Brief: Winning the cyber war with AI and cognitive computing
Cyber criminals are quite adept at stealing data, money and privacy. No network is off limits as they exploit any point of weakness they find in businesses, homes, institutions, automobiles, utility networks and other portals. And their tactics evolve faster than security professionals can manage them. The question is, can we leverage technologies such as artificial intelligence (AI) and cognitive computing to win the war against cyber criminals? Cybersecurity experts shared their thoughts on this topic.
According to Eric Vanderburg, thought leader, consultant, expert witness, cyber investigator, author and speaker, the first part of this question that we must answer is what constitutes winning the cyber war?
I would define winning as creating an environment that is no longer profitable for malicious actors to continue operating. The next question is, how do we create this environment and does AI and cognitive computing play a role in that effort? The data that hackers target needs to be worthless to them or worth far less than it cost them to obtain. Lacking profit from their activities, hackers would likely leave the industry to pursue more lucrative activities.
As long as companies maintain a sufficient barrier to entry and negative return on investment, this process could continue. AI and cognitive computing may one day coordinate an almost instant response to a breach so that credit card numbers are invalidated before they can even be used, and identities are flagged for fraud before they are monetized. Such technologies can also be leveraged to better detect and block intrusions, making looting and stealing corporate digital assets more difficult and costly for hackers.
Continuous vulnerability scanning and AI-based remediation may one day take place automatically. As programmers program their intent, AI-based development tools might code the solution and automatically choose the most secure coding procedure available to accomplish the task. And as code is revised and updated in communities, AI-based development tools might replace existing functions and procedures with those deemed more secure—essentially self-patching processes.
However, each new advance in technology has seen improvements on both sides of the equation. Attackers may also use AI and cognitive computing to improve their attacks. In the end, the solution will come down to the sophistication of both the attack and defend systems. We may see computer programs fighting computer programs. Inevitably, the process of refining such tools will involve customizing AI for attacking and defending and then facing the AI against a counterpart or an alternate version of itself to learn and adapt. Science fiction is quickly becoming reality.
Scott N. Schober, president and CEO, Berkeley Varitronics Systems, Inc., and a cybersecurity expert, says effectively combating cyber crime requires thinking proactively and implementing a layered strategy.
I liken this strategy to keeping your home secure. You have a deadbolt lock, camera, alarm system with siren, motion-detection lights, alarm warning stickers and a sign on the front lawn indicating the home is protected. This approach is enough to make most thieves think twice before attempting to physically break into the home. The same principle holds true with cyber criminals, if you regularly update your malware scanning software, maintain long and strong passwords, and update security patches regularly.
Just one preventive security step is effective, but multiple precautions can thwart all but the most determined cyber criminals. In both physical security and cybersecurity, criminals finding a workaround is only a matter of time. You need to stay one step ahead and make their jobs difficult, if not impossible.
Many cybersecurity pundits have lost faith in traditional malware and antivirus software tools because they are only stopping an estimated 15 – 20 percent of malicious code out there. AI and cognitive computing offer a distinct advantage for protecting valuable data. AI gathers intelligence through learning as it anticipates the next attack on security. This process allows for immediate and effective threat responses. AI is an automated learning and building process upon which malicious patterns that are discovered are brought to light and dispatched in real time. Add to this approach the cognitive algorithms that will continually learn and adapt to new, emerging threats and zero-day attacks, and you have cutting-edge technologies that collectively strengthen our cyber defenses against known and unknown enemies.
Dan Lohrmann, Chief Security Officer (CSO) & Chief Strategist at Security Mentor and internationally recognized cybersecurity leader, technologist, speaker, blogger and author, thinks AI is getting much more powerful and will be an important part of our solution to security teams getting outgunned in cyberspace.
There are some exciting developments in cognitive computing from both start-ups and industry leaders such as IBM with its IBM Watson solution. I believe we are already seeing some of these trends showing positive results with new security products hitting the market that find anomalies in unstructured data.
However, I don’t see these results as a cyber silver bullet. One problem that we are going to have to overcome is that the bad guys may already (or will) have access to some of the same (or different) tool sets that use AI and cognitive computing. I have told several young audiences to remember that Darth Vader was well trained. In other words, the same technology can be used for good and for evil. Putting controls on use of this technology may be effective for a time, but they can also lead to other problems. Still, overall I am excited to see a new generation of cybersecurity products and services that approach cyber defense in new ways using AI.
According to Morgan Wright, principal and owner, Morgan Wright LLC, and cyber-terrorism and cyber-crime analyst, anything built by humans can be compromised by humans.
But that statement works both ways. It means systems and software built by bad actors—criminals and nation states—can also be defeated. However, defeating these advanced adversaries will take more than sheer will. The insight and prediction capabilities will change the current landscape of threats and begin to level the playing field.
Imagine understanding our adversaries so well that the use of cognitive technology combined with AI will allow us not only to predict the next vector of attack, but also to have countermeasures built and defenses strengthened before the attack happens. Cyber space is the ultimate 3D chessboard. Layers upon layers of moves and vulnerabilities create exponential threats that traditional thinking isn’t equipped to handle.
Albert Einstein famously said, “We cannot solve our problems with the same level of thinking that created them.” The use of AI allows us to take our thinking on cybersecurity to that next level and identify those advanced problems. Cognitive technology gives us new insights into current and future threats, allowing greater speed and precision in our response.
One of the biggest challenges is asking the right questions of the data. We collect so much, so fast, that soon we’re overwhelmed. And inside that massive amount of data are the answers—answers that are the needles in the haystack everyone is looking for.
Tom Ridge, the first director of the Office of Homeland Security, later to become the Department of Homeland Security, talked about the approach to terrorism. But his words are just as instructive in cyber space as they are in the real world. The good guys, the defenders, have to be right 100 percent of the time. The bad guys, the criminals and the terrorists, have to be lucky only one time. The approach is no longer about making the haystack smaller to find that needle. Using AI and cognitive computing turns the table on our adversaries by using a bigger magnet.
Shahid Shah, CEO at Netspective Communications and cybersecurity and risk management consultant, believes AI and cognitive computing are the only real technologies that can effectively find weaknesses that hackers are exploiting.
Having top-notch imaginative, crafty and creative security personnel are the number one way to defeat agile and nefarious cyber criminals. But the only light at the end of the safer systems tunnel is machine learning and AI to create a foundation security personnel can use to triage attacks and cognitive computing tied to transactional IT systems to help understand user behavior and automate analytics.
Through sophisticated cyber data acquisition techniques that tie together all their outward and inward facing systems, cyber warriors can use AI and machine learning to understand the inward facing systems as a start. More importantly, they can use them to model how hackers see the business vulnerabilities and risks from the outside. By tying both internally facing user behavior analytics and outward facing network threats, cognitive computing creates a closed-loop and perpetual learning system that advises cyber warriors about how to better protect its network, customers, partners and staff.
And by tacking on blockchain technologies with its AI and machine learning capabilities, I can also see better tracking of data when data leaves the network legally as well as illegally. There’s no limit to what continually learning cognitive computing infrastructure can accomplish, especially when applied with a good cyber staff.
Join us at The World of Watson conference to learn more about how we can apply AI and cognitive computing to threat intelligence, as we outthink threat together and win the war against cyber criminals.