Security Evolution: From Legacy to Advanced to ML and AI
This article was originally published in CISO Mag
The cybersecurity industry is seeing a new dawn with AI and ML. AI is not a new concept in computing. AI was first defined as computers being able to perform tasks similar to human intelligence in 1956. These tasks included learning, solving problems, making decisions, and understanding and recognising speech.
ML is a broad term that refers to computers’ ability to acquire new knowledge without human intervention. ML is a subset AI. It can take many forms such as reinforcement learning, deep learning, and Bayesian network. AI is poised for disruption in the cybersecurity space in many different ways. This could be the ultimate win against cybercriminals.
Dr. Erdal Ozkaya is a MD & Regional CISO at a Standard Chartered Bank
AI/ML is used in cybersecurity to deploy self-sufficient tools that can detect and stop or prevent threats without human intervention. The algorithm used to detect threats is trained by the tool and the data provided by the developers. An AI-powered security tool that detects threats will improve over its lifetime.
Developers will provide a reference database that the security tool can use to determine what is normal and what it is malicious. Before final deployment, the security tool will be exposed to insecure environments. The system will learn from the threats it encounters and adapt its behavior to them. It will also be targeted by hackers. These hacking attempts include attempts to overload its processing power with lots of malicious traffic.
It will identify the most common hacking techniques used to breach systems and networks. It will detect password-cracking tools like Aircrack-ng on wireless network networks. It will also detect brute force attacks on login interfaces. Humans will play the main role in cybersecurity by updating the algorithms of the AI tools to increase their capabilities.
All threats can be eliminated by AI security systems. Conventional security systems are often unable to detect threats exploiting zero-day vulnerabilities. AI will block malware from entering the AI system, even if it evolves and adapts new attack patterns.
The system will inspect the code that is being executed by malware and predict its outcome. The AI system will stop the program’s execution if it is found to be harmful. Even if malware hides its code, the AI will monitor the execution pattern. It will be able stop the program’s execution if it attempts to perform malicious functions, such as altering sensitive data or the operating systems.
Already, it is predicted that AI will surpass human intelligence. It is possible that all cybersecurity roles will be moved from humans to AI systems in the near future. This is both a good and bad thing. Fortunately, AI systems that fail today are usually tolerable.
This is because AI systems are still limited in their capabilities. A failure in the system might lead to AI surpassing human intelligence. It is possible that security systems will be able to reject input from humans because they are better than human intelligence. An unreliable system could continue to operate without intervention.
Both the good and the bad sides of AI’s perfectionist nature will be found. Current security systems aim to reduce the number of attacks that can be successful against a system. AI systems, however, work towards eliminating all threats. False-positive detection is therefore possible