The battle of AI and ML in the cybersecurity world

Issue 2 2022 Cyber Security, Products

Whether we realise it or not, artificial intelligence (AI) and machine learning (ML) play a part in every second of our lives. From the moment we wake, smart devices decide what time to turn on our heaters and our lights, social media uses complex algorithms to select what news to promote to us and Google Maps navigates us through our day. Even while we sleep, AI monitors our sleeping patterns (with the proliferation of smart devices like Google Home and Apple Watches) identifying when we have had a good night’s sleep and even monitoring our health.

ML and AI in our daily lives have slowly changed how we interact with technology. We use this technology for good by helping the elderly with virtual chatbots, preventing poaching and providing real-time translation for migrants.

The cybersecurity world has been at the forefront of this technology in the last decade, using ML/AI in various applications such as tackling huge volumes of malware, detecting spam and business email compromises, analysing network traffic, using facial recognition and more. It’s hard to get away from a vendor’s presentation without hearing about their ML and AI nowadays. This article will demystify and hopefully bring some new angles to our readers in the decision-making around ‘ML-enabled’ security solutions.

What are ML and AI?

Let’s start with simple definitions of machine learning and AI. Machine learning involves enabling computers to learn how to do something. This requires input such as training data and knowledge, while AI is the goal of applying the knowledge learned. AI attempts to solve data-based business or technical problems, assisting users in the decision-making process or making judgment itself (if we programmed it in such a way). When it needs to, it can be used to rapidly analyse large sets of data that no human brain could possibly process and can come up with AI-assisted decisions and conclusions on an issue.

Is AI perfect? Not always. Any computer program is only as good as its writer and any ML or AI is only as good as the information it has been fed. There are well-known examples of programmatic biases in some AI algorithms and examples where chatbots have gone rogue after being trained with the wrong data. So, while there is still work to be done, these algorithms can deliver significant benefits over even more fallible humans.

AI-driven malware: myth or reality?

Despite a large amount of hype and clickbait, there is little evidence to support the belief that criminal cybergangs are already using AI to help generate new strains of malware, however, there is evidence that AI/ML is being used in other areas to circumvent protective security measures:

• Generating deep fake videos and images to phish users and bypass security measures. This is particularly prevalent on social media sites to create fake identities.

• Solving CAPTCHAs to bypass authentication protections.

• To gather open source intelligence on organisations in order to target attackers.

AI in defensive security: Use case is king

When considering investment priorities among security solutions, evaluate the use cases you’re trying to achieve. Understand how threats are evolving and what tactics and techniques black-hats use. Then ask why you couldn’t stop these attacks with the investment you have so far. It’s fairly easy to get caught up with the AI/ML hype. But customers are starting to move cleverly to consider practical use cases, whether this is detection, forensics, hunting or mitigation.

How does Fortinet use AI?

The big change in the malware industry that triggered the need for AI was heuristics and adaptive malware. Fortinet went almost overnight from a volume of malware that could be handled manually to a situation with exponential growth in the number of samples. It had to adapt and take advantage of AI and ML to support its malware analysts.

Fortinet has been in the AI business for more than a decade. At a high level, Fortinet uses AI and ML in multiple areas:

• Scale: One of the first use cases 10 years ago was the advent of the virtual FortiGuard threat analyst. The huge growth in samples meant that analysts could no longer handle the volumes of samples they were receiving, so they created an artificial neural network (ANN) for sub-second sample classification. Over six generations of this solution, this grew into FortiAI, which analyses millions of samples per day with near-perfect accuracy - a task that would normally require thousands of human analysts.

• Enhance: An ML use case is a great way to enhance traditional security solutions. Some examples are:

◦ Adding ML analysis of malicious vectors in FortiSandbox.

◦ ML-enabled AV engine in FortiOS.

◦ ML in other solutions such as FortiWeb, FortiGuard Security Services and many more. This enables better and more accurate detections of malicious activities or anomalies for our customers. In this area, innovation is key.

• Predict: ML/AI is particularly good at drawing relationships and making predictions. An example is comparing two infections’ ‘DNA’ and tracing the source of a problem. This is a more advanced application of AI, as prediction has a time element, meaning you can tell ahead of time what will happen. Based on the historical data points, trending, etc., it is possible to predict what might happen to your network.

• Reduce time to detect: Fortinet pushes the physical limit to ‘sub-second’ detection of malicious code, enabling SecOps solutions to integrate with its flagship NGFW FortiGate for inline blocking, stopping patient zero. While reducing time to detect from minutes to sub-second might not sound significant, it’s crucial when a major, widespread outbreak occurs. Customers should have the ability to react quickly to threat actors.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

2022 Cloud Security Report
Cyber Security IT infrastructure
The 2022 Cloud Security Report reveals how security executives and practitioners are using the cloud, how their organisations are responding to security threats in the cloud, and the challenges they are facing.

Arcserve launches N Series appliances
IT infrastructure Cyber Security
Arcserve introduces N Series appliances offering enterprise-level integrated data protection, recovery and cybersecurity to allow customers to simplify their IT environments and secure data.

Securing business information more important than ever
Cyber Security Products
SMBs need to operate safely within the physical and virtual boundaries created by work-from-home business practices, as well as in-office operations.

Storage is essential for a comprehensive cybersecurity strategy
Integrated Solutions Cyber Security
Cyber resilience is the ability of an enterprise to limit the impact of security incidents by deploying and arranging appropriate security tools and processes.

Malicious file protection for mobile devices
Cyber Security
The new version of Check Point Harmony Mobile, a mobile threat solution, can now block the download of malicious files to mobile devices, preventing file-based cyberattacks on organisations.

Turnkey data loss prevention solution
IT infrastructure Cyber Security Products
Acronis’s expertise in data protection and the managed service provider market yields an innovative, fast-track approach for the prevention of catastrophic data leaks.

The cybersecurity consolidation conundrum
Editor's Choice Cyber Security Healthcare (Industry)
Check Point discusses why less is sometimes more when it comes to securing your organisation from the innumerable cyberattacks happening every day.

Brewing a surveillance solution
CCTV, Surveillance & Remote Monitoring Integrated Solutions Products
VIVOTEK architects a surveillance enhancement solution for a century-old Japanese brewery comprising 260 devices, including 10 PoE network devices managed using the VAST 2 video management system.

Axis to create explosion-protected cameras
Axis Communications SA CCTV, Surveillance & Remote Monitoring News Products
Axis Communications has announced its plans to develop its own explosion-protected surveillance cameras and devices across the Axis product portfolio through a new subsidiary, Axis Ex AB.

Companies continue to pay multiple ransom demands
News Cyber Security
Study reveals that 80% of companies that paid a ransom demand were hit again, nearly 50% reported paying a second ransom and nearly 10% paid a third time.