How can artificial intelligence help in the fight to remain secure?

It can play Go and underpins the future of driverless cars, but AI also helps bolster your cyber defences

Artificial intelligence (AI) has gone from being science fiction to an increasingly common part of our lives. TV streaming services use AI and machine learning (ML) to make recommendations of what you might like to watch next, for example, while other AI programmes can carry out rapid trading on the stock market without human intervention.

The information security sector hasn’t been left untouched by this trend, either. Increasingly, an AI element in cyber security technology is seen less as a nice-to-have and more as an essential part of the package.

“AI [has become] an expected feature within cyber security products and services,” says Jeff Pollard, Vice President & Principal Analyst at Forrester. “It's now not a distinguishing characteristic or, you know, something that's outside of the norm, it's fully expected to be in there.”

It’s not just in defensive software that AI is playing a role, either. Microsoft has developed an AI-powered tool that can help developers spot bugs in their code with a claimed accuracy rate of 99%. In theory, this could eliminate a large portion of the software security flaws a malicious actor could exploit at the point of their creation.

An unsleeping sentinel

For those on the front lines of cyber defenses, AI is fast becoming a game changer.

Craig York, CTO at Milton Keynes University Hospitals NHS Trust, has found that AI is a vital tool in his cybersecurity arsenal. He cites the 2017 WannaCry crisis as a turning point for the IT community when it comes to security.

“WannaCry made security a board-level discussion,” York tells IT Pro.

It was at around this time that he was introduced to Darktrace, a company specialising in AI-enabled security software, by a colleague at West Suffolk NHS Foundation Trust, which was already a customer.

Related Resource

Humility in AI: Building trustworthy and ethical AI systems

How humble AI can help safeguard your business

Download now

“Humans can only do so much,” explains York. “We have three people in our cyber security team and while they’re very capable and very diligent, they're human beings; they take breaks, they have a cup of tea. They need lunch, and they go home at the end of the working day.

“Having the latest and greatest patches doesn't necessarily defend against everything that's out there at the moment. And, if anything, some of our cybersecurity attacks are coming from other parts of the world that are doing business, effectively, when we aren't at the hospital.”

He says that it’s in this area of cyber defence that AI comes into its own.

“We need security technologies that are going to provide a safer hospital. 24 hours a day. 365 days a year, at weekends and bank holidays. The AI technology that we use from Darktrace provides some level of that – it never sleeps, so if the AI thinks that something is happening on the network that shouldn't. It can take action straightaway.”

While AI is starting to inhabit a critical role in cyber security, particularly as IT departments and organisations as a whole adapt to the hyper-accelerated digital transformation brought about by the COVID-19 pandemic, it pays for IT leaders to think carefully about what problems they need to solve, rather than plumbing for anything labelled AI.

“The problem most cyber security vendors have is that it is just that it's a buzzword, they can't actually explain what they're doing with AI – or machine learning for that matter,” cautions Pollard.

He explains that while “there are definitely use cases for AI within cyber security”, it’s not something that can – or should – be applied to everything. 

“The most productive and proven use cases for AI in cyber security are really on the detection side,” he says. “So being able to help identify, you know, malware-associated clustering of activity and behaviour. That’s really an area where it landed and it made a lot of sense.

“What we haven't seen yet is AI expanded beyond that to more differentiated use cases, or use cases that are not just based on identifying bad things.”

Turning the tables

It’s often argued, especially by those in the tech industry, that technology is neutral. Being passive and unable to act of its own accord, it’s how it is used that is good or bad, rather than the tool itself. In this, AI is no exception.

While it’s become a key component of organisations’ cyber defence strategy, hackers and other malicious actors are also starting to use AI to craft better attacks. One example is pulling together a convincing spear-phishing email, as it’s able to research more thoroughly and more rapidly than humans. Dr Roman Yampolskiy, an associate professor at the University of Louisville, Kentucky, in the department of Computer Engineering and Computer Science and director of the university’s Cybersecurity Laboratory, has claimed the quality of such emails would be so high that “even cybersecurity experts will fall for them”.

“AI is dual use technology used by both attackers and defenders,” he tells IT Pro. “In recent years AI has become capable of finding novel exploits.”

And while others point to streamlining operations in security departments, Yampolskiy sees another long term possibility: “Like in all other fields AI will eventually fully automate all aspects of the job. Given that both attackers and defenders use AI, it will become an arms race between their AIs.”

For now, though, it’s fair to say that while organisations should be realistic in their expectations of what AI can do, incorporating it into your cyber defences is quickly becoming best practice.

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Recommended

Ryuk behind a third of all ransomware attacks in 2020
Security

Ryuk behind a third of all ransomware attacks in 2020

29 Oct 2020
REvil hacking group says it has made more than $100m in a year
Security

REvil hacking group says it has made more than $100m in a year

29 Oct 2020
36 billion personal records exposed by hacks in 2020 so far
Security

36 billion personal records exposed by hacks in 2020 so far

29 Oct 2020
Trump website defaced in second successive cyber breach
Security

Trump website defaced in second successive cyber breach

28 Oct 2020

Most Popular

Do smart devices make us less intelligent?
artificial intelligence (AI)

Do smart devices make us less intelligent?

19 Oct 2020
Politicians need to stop talking about technology
Policy & legislation

Politicians need to stop talking about technology

21 Oct 2020
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020