The battle of AI and ML in the cybersecurity world

Issue 2 2022 Cyber Security, Products

Whether we realise it or not, artificial intelligence (AI) and machine learning (ML) play a part in every second of our lives. From the moment we wake, smart devices decide what time to turn on our heaters and our lights, social media uses complex algorithms to select what news to promote to us and Google Maps navigates us through our day. Even while we sleep, AI monitors our sleeping patterns (with the proliferation of smart devices like Google Home and Apple Watches) identifying when we have had a good night’s sleep and even monitoring our health.

ML and AI in our daily lives have slowly changed how we interact with technology. We use this technology for good by helping the elderly with virtual chatbots, preventing poaching and providing real-time translation for migrants.

The cybersecurity world has been at the forefront of this technology in the last decade, using ML/AI in various applications such as tackling huge volumes of malware, detecting spam and business email compromises, analysing network traffic, using facial recognition and more. It’s hard to get away from a vendor’s presentation without hearing about their ML and AI nowadays. This article will demystify and hopefully bring some new angles to our readers in the decision-making around ‘ML-enabled’ security solutions.

What are ML and AI?

Let’s start with simple definitions of machine learning and AI. Machine learning involves enabling computers to learn how to do something. This requires input such as training data and knowledge, while AI is the goal of applying the knowledge learned. AI attempts to solve data-based business or technical problems, assisting users in the decision-making process or making judgment itself (if we programmed it in such a way). When it needs to, it can be used to rapidly analyse large sets of data that no human brain could possibly process and can come up with AI-assisted decisions and conclusions on an issue.

Is AI perfect? Not always. Any computer program is only as good as its writer and any ML or AI is only as good as the information it has been fed. There are well-known examples of programmatic biases in some AI algorithms and examples where chatbots have gone rogue after being trained with the wrong data. So, while there is still work to be done, these algorithms can deliver significant benefits over even more fallible humans.

AI-driven malware: myth or reality?

Despite a large amount of hype and clickbait, there is little evidence to support the belief that criminal cybergangs are already using AI to help generate new strains of malware, however, there is evidence that AI/ML is being used in other areas to circumvent protective security measures:

• Generating deep fake videos and images to phish users and bypass security measures. This is particularly prevalent on social media sites to create fake identities.

• Solving CAPTCHAs to bypass authentication protections.

• To gather open source intelligence on organisations in order to target attackers.

AI in defensive security: Use case is king

When considering investment priorities among security solutions, evaluate the use cases you’re trying to achieve. Understand how threats are evolving and what tactics and techniques black-hats use. Then ask why you couldn’t stop these attacks with the investment you have so far. It’s fairly easy to get caught up with the AI/ML hype. But customers are starting to move cleverly to consider practical use cases, whether this is detection, forensics, hunting or mitigation.

How does Fortinet use AI?

The big change in the malware industry that triggered the need for AI was heuristics and adaptive malware. Fortinet went almost overnight from a volume of malware that could be handled manually to a situation with exponential growth in the number of samples. It had to adapt and take advantage of AI and ML to support its malware analysts.

Fortinet has been in the AI business for more than a decade. At a high level, Fortinet uses AI and ML in multiple areas:

• Scale: One of the first use cases 10 years ago was the advent of the virtual FortiGuard threat analyst. The huge growth in samples meant that analysts could no longer handle the volumes of samples they were receiving, so they created an artificial neural network (ANN) for sub-second sample classification. Over six generations of this solution, this grew into FortiAI, which analyses millions of samples per day with near-perfect accuracy - a task that would normally require thousands of human analysts.

• Enhance: An ML use case is a great way to enhance traditional security solutions. Some examples are:

◦ Adding ML analysis of malicious vectors in FortiSandbox.

◦ ML-enabled AV engine in FortiOS.

◦ ML in other solutions such as FortiWeb, FortiGuard Security Services and many more. This enables better and more accurate detections of malicious activities or anomalies for our customers. In this area, innovation is key.

• Predict: ML/AI is particularly good at drawing relationships and making predictions. An example is comparing two infections’ ‘DNA’ and tracing the source of a problem. This is a more advanced application of AI, as prediction has a time element, meaning you can tell ahead of time what will happen. Based on the historical data points, trending, etc., it is possible to predict what might happen to your network.

• Reduce time to detect: Fortinet pushes the physical limit to ‘sub-second’ detection of malicious code, enabling SecOps solutions to integrate with its flagship NGFW FortiGate for inline blocking, stopping patient zero. While reducing time to detect from minutes to sub-second might not sound significant, it’s crucial when a major, widespread outbreak occurs. Customers should have the ability to react quickly to threat actors.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Governing cybersecurity from the top as a strategic business enabler
Cyber Security
C-Suite executives still do not take cybersecurity seriously enough, while boards are not nearly as engaged in cybersecurity as they are in other areas of oversight.

It is time to take a quantum leap in IoT cybersecurity
Drive Control Corporation Cyber Security
IoT has become integrated everywhere, including enterprises. While it offers many benefits, such as increased productivity and the rollout of mission critical applications, it can also lead to (enterprise) cyber-attack vulnerabilities.

What to do in the face of growing ransomware attacks
Technews Publishing Cyber Security Security Services & Risk Management
Ransomware attacks are proliferating, with attackers becoming more sophisticated and aggressive, and often hitting the same victims more than once, in more than one way.

Texecom launches the Midnight Black Collection
Technews Publishing Perimeter Security, Alarms & Intruder Detection Products
Working in harmony with darker environments, the Midnight Black Collection has been created for businesses and sites that require or prefer a security solution which offers discreet protection that compliments their surroundings.

Optimising remote technical support
Technews Publishing Asset Management, EAS, RFID Products
Sanden Intercool Kenya improves efficiency, removes manual processes with FIELDForce from MACmobile, making its technical backup and support staff more productive, while also optimising record keeping.

Can we reduce cyberattacks in 2023?
Cyber Security
Zero-trust cybersecurity strategy with simplicity and risk reduction at the heart is mandatory to reduce exponential cyberattacks in 2023, says GlobalData.

Key success factors that boost security resilience
Cyber Security
Adoption of zero trust, secure access service edge and extended detection and response technologies, all resulted in significant increases in resilient outcomes, as are executive support and cultivating a security culture.

Enterprise threats in 2023
News Cyber Security
Large businesses and government structures should prepare for cybercriminals using media to blackmail organisations, reporting alleged data leaks, and purchasing initial access to previously compromised companies on the darknet.

Advanced server performance and energy efficient design
Editor's Choice IT infrastructure Products
Dell PowerEdge server portfolio expansion offers more performance, including up to 2.9x greater AI inferencing while Dell Smart Flow design and Dell Power Manager software advancements deliver greater energy efficiency.

CA Southern Africa unmasks container security
Technews Publishing IT infrastructure Cyber Security
Adoption of software containers has risen dramatically as more organisations realise the benefits of this virtualised technology.