AI helps restore time to the defender's advantage
Michael Kirby II, Head of Managed Risk and Security Services, FIS
December 10, 2018
By Michael Kirby II, Head of Managed Risk and Security Services, FIS and Scott Scheferman, Senior Director of Global Services, Cylance (an FIS partner)
Behind many cyber breaches is a common tool of the bad guy tradecraft: Malware. A play on words of Malicious Software, malware is commonly referred to as virus, worms or trojans. As recent cyber compromises have proven, cybersecurity events now happen at the "speed of computing". These fully automated, self-replicating threats can spread across the globe in just hours or days, leaving destruction in their path. The primary reason the good guys have been left unable to counter such threats, is simply that of time. If a threat spreads from "patient zero" faster than a “Vaccine” can be created to counter it, there has traditionally been little an organization can do to prevent it.
In the last few years, however, AI (artificial intelligence) has come to our aid, and is now able to predict malware many months, or even years before they happen.
AI is being pushed to the edge out of necessity
One of the primary benefits of a strong predictive AI, is that a math model can be shrunken down into an algorithm. This algorithm can then run on an endpoint (laptop, workstation or server), instead of relying on traditional connections back to a “cloud super computer” environment with tremendous amounts of processing power. Currently, AI at the endpoint is already able to predict malware and prevent it from executing, and does so without any form of human intelligence. All of this can be done at machine-speed, without reliance on a human and completely independent of connection to, or reliance upon, the cloud.
When it comes to resource utilization, AI wins
An often-overlooked aspect of many AI technologies is just how light-weight they are compared to their legacy, human intelligence counterparts. As it turns out, computer processors (CPUs) do one thing extremely well, which is math. What AI allows us to do, is to effectively shift a heavy work load in the cloud (to create a model) down to a light workload that can run on an endpoint device (an algorithm representing the cloud model's intelligence). This results in our laptops and workstations running faster because there is less demands on CPU, memory, and even less bandwidth related to traditional anti-virus updates, signatures, cloud-based analysis, enrichment and other legacy means.
Free up your workforce to do more Important things
AI is often equated to 'workforce automation', the ability to both automate and accelerate tasks and analysis workloads that have traditionally been relegated to the human domain. In the field of cyber security, with an estimated worker shortage of 3.5m by 2021, perhaps nothing is more important than freeing up overworked, under-skilled and precious workforce. This allows companies to lean forward and focus on more strategic initiatives and more human-to-human business processes.
The bad guys are not resting on their heels
As of now, there are few examples of adversaries leveraging ML/AI for evil, but this will eventually change. And when it does, organizations must be ready. Now is the time to leverage and implement AI and prepare for the landscape just ahead.
The softer side of AI
Leveraging AI in cybersecurity has another benefit that is often unexpected, but is always welcomed: more time to do meaningful work. Perhaps more than anything, what we need out of AI is the ability to finally get back to a balanced, meaningful, and productive career.
Leveraging AI-based services also helps financial institutions better capitalize on ROI from newer emerging technologies. This added layer of defense can detect significant irregularities in networks or behaviors as they happen, giving analysts the early detection they need to begin mitigating any negative or harmful effects of a cybersecurity attack.
Tags: Risc & Compliance, Technology