This week we’re presenting at the Ai4 Cybersecurity virtual conference – an event we are quite excited about. The theme of the conference is exactly as one would expect by its name: guide the attendees on how AI is shaping the present and future of cybersecurity. As such, I thought I’d take a few moments to share some thoughts on how AI will on the whole impact cybersecurity. In my view there are three major themes: quantified threat prediction, improved decision making, and scalable analysis.
Quantified threat prediction
So, at the end of the day, security is all about predicting the activities of what a threat actor will do and taking actions to avoid any impact from those activities. There are certain, lower-level activities that we can predict easily over a short time frame – for example certain malicious domains. Predictions of this type are typically derived from attacks on other organizations already observed. When we start to venture beyond actions already observed, the predictions become substantially more difficult. Further, such predictions will likely have less than 100% precision – and probability provides a great way to express this. AI (and its subset, machine learning) provide a great set of tools to not only create predictions, but also quantify them.
Improved decision making
Today when most people think of how AI impacts security, they think of machine learning – primarily when it is used to predict the activities of hackers. However, there are other branches of AI such as game theory, that can be used to better direct decisions as well. For example, let’s say you have a list of probabilistic predictions concerning various threats. How can resources be optimally allocated to reduce the overall risk posed by those threats? AI-driven decision making will answer that question and this will be the next big area AI impacts cybersecurity.
While traditional IT infrastructure is already unwieldly in many enterprises, the challenges introduced by trends such as containerization, work-from-home, OT-security, and dev-sec-ops will amplify these problems of scale even further. Traditional analysis used today relies heavily on manual analysis which will not scale to these problems in the future. Areas of analysis that can be impacted can include SOC analysis (finding trends in logs and network data), reverse engineering, darkweb threat intelligence analysis, and other methodologies. While the human analyst will never be eliminated, he or she will need a lot of help going forward to address these problems at scale. Again, AI provides a great way to address this growing problem.
Just wanted to give a quick glimpse into how we think AI will affect cybersecurity in the future. Please join us at the AI4 Cybersecurity Conference to learn more! Registration is free if you meet the criteria. I'll be leading a panel on Thursday, February 4 beginning at 3:45 pm EST.
The panel will discuss how to simultaneously reduce costs and cyber risk with machine learning. Hope to see you there!