Hari Sivaraman is the head of AI content strategy at Venturebeat.
Modern corporate security is like guarding a fortress that is attacked on all fronts, from the digital infrastructure to applications to network endpoints.
Because of this complexity, AI technologies like deep learning and machine learning have emerged as a groundbreaking defense weapon in the company’s arsenal over the past three years. There is no other technology that can keep up. It has the ability to quickly analyze billions of data points and discover patterns to help a business act intelligently and instantly to neutralize many potential threats.
About five years ago, investors began pumping hundreds of millions of dollars into a wave of new security startups using AI, including CrowdStrike, Darktrace, Vectra AI, and Vade Secure. (More about these companies below).
It is important to note, however, that cyber criminals themselves are using increasingly easy-to-use AI solutions as effective weapons against the company. You can counter-attack against AI-led defenses in an endless battle for one-man manner. Or they can hack into the AI themselves. After all, most AI algorithms rely on training data, and if hackers can play around with the training data, they can skew the algorithms that enable effective defense. Cyber criminals can also develop their own AI programs to find vulnerabilities much faster than they used to be and often faster than the defending companies can fix them.
Man is the strongest link
How does a corporate CISO ensure optimal use of this technology to secure the company? The answer lies in making use of what is known as the Moravec Paradox, which suggests that tasks that are easy for computers / AI are difficult for humans and vice versa. In other words, combine the best of technology with the human intelligence resources of the CISO.
If clear guidelines can be created in the form of training data for AI, the technology can detect security threats far better than humans. For example, if there are guidelines for certain types of IP addresses or websites that are known to be the source of malicious malware activity, the AI can be trained to look for them, take action, learn from them, and learn from them more intelligent to detect activity in the future. When such attacks take place on a large scale, the AI can detect and neutralize such threats far more efficiently than humans.
Humans, on the other hand, are better able to make decisions based on judgments that can be difficult for computers. For example, let’s say a certain well-disguised spear phishing email speaks of information that only an insider could have known. A vigilant human security expert with this knowledge and intelligence will be able to connect the dots and see that this is “likely” an inside attack and flag the email as suspicious. In this case, it is important to know that it will be difficult for the AI to perform this type of abductive thinking and come to such a decision. Even if you cover some such use cases with appropriate training data, it is next to impossible to cover all scenarios. As any AI expert will tell you, AI is not poised to replace general human intelligence or what we call “wisdom” for the foreseeable future.
But … humans could also be the weakest link
At the same time, humans can be your weakest link. For example, most phishing attacks rely on the naivete and ignorance of an inexperienced user, causing them to inadvertently divulge information or take an action that opens the company up for attack. If not all of your employees are trained to identify such threats, the risks increase dramatically.
The key is knowing that AI and human intelligence can combine to form an excellent defense against cybersecurity threats. While AI is a groundbreaking weapon in the fight against cybercrime, it cannot be left unattended for at least the foreseeable future and will always require human support from trained, experienced security professionals and vigilant workers. This two-factor AI plus Human Intelligence (HI) security, if carefully implemented as a company-wide policy, will go a long way in winning the war on cybercrime.
7 AI-powered cybersecurity companies
Learn more about the leading emerging AI-first cybersecurity companies below. Each of them bites off some of the company’s security needs. A robust cybersecurity strategy that must be defended at all points is almost impossible for a single company to manage. Attack fronts include hardware infrastructures (data centers and clouds), desktops, mobile devices (cell phones, laptops, tablets, external storage devices, etc.), IoT devices, software applications, data, data pipelines, operational processes and physical locations including home offices, communication channels ( E-mail, chat, social networks), insider attacks and, above all, training courses on the security awareness of employees and contractors. Given that bad actors are increasingly using attack techniques against companies (phishing, malware, DoS, DDoS, MitM, XSS, etc.), those in charge of security technology need all the help they can get.
CrowdStrike’s Falcon suite of products is a native, AI-powered cyber security solution for businesses of all sizes. These products include next generation antivirus, endpoint detection and response, threat intelligence, threat detection, IT hygiene, incident response and proactive services. CrowdStrike says it uses what is known as “signatureless” artificial intelligence / machine learning, which means that it is not based on a signature (i.e., on a unique set of characteristics within the virus that distinguish it from other viruses) . The AI can detect previously unknown threats using what is known as an Indicator of Attack (IOA) to determine the intent of a potential attack and stop known and unknown threats in real time. Based in Sunnyvale, California, the company has raised $ 481 million and claims to have nearly 5,000 customers. The company has grown rapidly by primarily focusing on its endpoint threat detection and response product called Falcon Prevent, which uses behavioral adjustment techniques from crowd-sourced data. It received recognition for dealing with the high profile DNC cyber attacks in 2016.
Darktrace provides cloud-native, self-learning, AI-based cyber security for businesses. The system works by understanding your company’s DNA and its normal state of health. It then uses machine learning to identify deviations from this healthy state, that is, interventions that can affect the health of the company, and then triggers immediate and autonomous defense mechanisms. In this way, it describes itself as similar to antibodies in a human immune system. It protects the business on multiple fronts including workforce devices as well as IoT, SaaS, and email. It uses unsupervised machine learning techniques in a system called Antigena to scan for potential threats and stop attacks before they can occur. Based in Cambridge, UK and San Francisco, USA, the company has raised more than $ 230 million in funding and claims to have more than 4,000 customers.
Vectra’s Cognito NDR platform uses behavioral detection algorithms to analyze metadata from captured packets and reveal hidden and unknown attackers in real time, regardless of whether the traffic is encrypted or not. By providing real-time visibility of attacks and the automatic search for threats without interruption based on constantly learning behavioral models, cybercriminals’ dwell times are shortened and reaction times are reduced. The Cognito product uses a combination of supervised and unsupervised machine learning and deep learning techniques to identify patterns and respond to them automatically. Vectra, based in San Jose, California, has raised $ 223 million in funding and has “thousands” of corporate customers.
SparkCognition’s DeepArmor is an enterprise endpoint cybersecurity solution developed by AI that provides protection against known software vulnerabilities that can be exploited by cyber criminals. It protects against attack vectors such as ransomware, viruses and malware, and provides threat visibility and management. DeepArmor’s technology leverages Big Data, NLP, and SparkCognition’s patented machine learning algorithms to protect organizations from the more than 400 million new types of malware discovered each year. Lenovo partnered with SparkCognition in October 2019 to launch DeepArmor Small Business. SparkCognition has raised approximately $ 175 million in funding and has “thousands” of corporate customers.
Vade Secure is one of the leading products for predictive email defense. It claims it protects one billion mailboxes in 76 countries. The product protects users from advanced email security threats such as phishing, spear phishing, and malware. Vade Secure’s AI products are based on a multi-layered approach, including the use of supervised machine learning models trained on a huge dataset of more than 600 million mailboxes managed by the world’s largest ISPs. Based in France and the United States, the company has raised nearly $ 100 million in funding and claims to have more than 5,000 customers.
SAP NS2’s approach is to apply the latest advances in AI and machine learning to issues such as cybersecurity and counterterrorism, and to work with a wide variety of US security agencies and companies. Its technology is based on the philosophy that security in this new era requires a balance between human and machine intelligence. In 2019 NS2 won the James S. Cogswell Outstanding Industrial Security Achievement Award.
Blue Hexagon provides comprehensive, real-time, learning-based security for detecting and responding to network threats in corporate networks and cloud environments. It claims to provide industry-leading split-second threat detection with full explanation of AI judgment, threat categorization and killchain (i.e. the structure of an attack, starting with the identification of the target, counterattack to undo the target, and evidence of the destruction of the Target). Based in Sunnyvale, California, the company has raised $ 37 million in funding.
VentureBeat is hosting Transform, the world’s leading AI event focused on business and technology decision makers in applied AI. At our July 2021 event (July 12-16), AI in cybersecurity will be one of the key areas we will focus on. Register early and join in to find out more.
The author will speak at the DTX Cyber Security event next week. Register early to find out more.
Best Practices for a Successful AI Center of Excellence: A Guide for CoEs and Business Units Access here