The battle of AI and ML in the cybersecurity world

Issue 2 2022 Information Security, Products & Solutions

Whether we realise it or not, artificial intelligence (AI) and machine learning (ML) play a part in every second of our lives. From the moment we wake, smart devices decide what time to turn on our heaters and our lights, social media uses complex algorithms to select what news to promote to us and Google Maps navigates us through our day. Even while we sleep, AI monitors our sleeping patterns (with the proliferation of smart devices like Google Home and Apple Watches) identifying when we have had a good night’s sleep and even monitoring our health.

ML and AI in our daily lives have slowly changed how we interact with technology. We use this technology for good by helping the elderly with virtual chatbots, preventing poaching and providing real-time translation for migrants.

The cybersecurity world has been at the forefront of this technology in the last decade, using ML/AI in various applications such as tackling huge volumes of malware, detecting spam and business email compromises, analysing network traffic, using facial recognition and more. It’s hard to get away from a vendor’s presentation without hearing about their ML and AI nowadays. This article will demystify and hopefully bring some new angles to our readers in the decision-making around ‘ML-enabled’ security solutions.

What are ML and AI?

Let’s start with simple definitions of machine learning and AI. Machine learning involves enabling computers to learn how to do something. This requires input such as training data and knowledge, while AI is the goal of applying the knowledge learned. AI attempts to solve data-based business or technical problems, assisting users in the decision-making process or making judgment itself (if we programmed it in such a way). When it needs to, it can be used to rapidly analyse large sets of data that no human brain could possibly process and can come up with AI-assisted decisions and conclusions on an issue.

Is AI perfect? Not always. Any computer program is only as good as its writer and any ML or AI is only as good as the information it has been fed. There are well-known examples of programmatic biases in some AI algorithms and examples where chatbots have gone rogue after being trained with the wrong data. So, while there is still work to be done, these algorithms can deliver significant benefits over even more fallible humans.

AI-driven malware: myth or reality?

Despite a large amount of hype and clickbait, there is little evidence to support the belief that criminal cybergangs are already using AI to help generate new strains of malware, however, there is evidence that AI/ML is being used in other areas to circumvent protective security measures:

• Generating deep fake videos and images to phish users and bypass security measures. This is particularly prevalent on social media sites to create fake identities.

• Solving CAPTCHAs to bypass authentication protections.

• To gather open source intelligence on organisations in order to target attackers.

AI in defensive security: Use case is king

When considering investment priorities among security solutions, evaluate the use cases you’re trying to achieve. Understand how threats are evolving and what tactics and techniques black-hats use. Then ask why you couldn’t stop these attacks with the investment you have so far. It’s fairly easy to get caught up with the AI/ML hype. But customers are starting to move cleverly to consider practical use cases, whether this is detection, forensics, hunting or mitigation.

How does Fortinet use AI?

The big change in the malware industry that triggered the need for AI was heuristics and adaptive malware. Fortinet went almost overnight from a volume of malware that could be handled manually to a situation with exponential growth in the number of samples. It had to adapt and take advantage of AI and ML to support its malware analysts.

Fortinet has been in the AI business for more than a decade. At a high level, Fortinet uses AI and ML in multiple areas:

• Scale: One of the first use cases 10 years ago was the advent of the virtual FortiGuard threat analyst. The huge growth in samples meant that analysts could no longer handle the volumes of samples they were receiving, so they created an artificial neural network (ANN) for sub-second sample classification. Over six generations of this solution, this grew into FortiAI, which analyses millions of samples per day with near-perfect accuracy - a task that would normally require thousands of human analysts.

• Enhance: An ML use case is a great way to enhance traditional security solutions. Some examples are:

◦ Adding ML analysis of malicious vectors in FortiSandbox.

◦ ML-enabled AV engine in FortiOS.

◦ ML in other solutions such as FortiWeb, FortiGuard Security Services and many more. This enables better and more accurate detections of malicious activities or anomalies for our customers. In this area, innovation is key.

• Predict: ML/AI is particularly good at drawing relationships and making predictions. An example is comparing two infections’ ‘DNA’ and tracing the source of a problem. This is a more advanced application of AI, as prediction has a time element, meaning you can tell ahead of time what will happen. Based on the historical data points, trending, etc., it is possible to predict what might happen to your network.

• Reduce time to detect: Fortinet pushes the physical limit to ‘sub-second’ detection of malicious code, enabling SecOps solutions to integrate with its flagship NGFW FortiGate for inline blocking, stopping patient zero. While reducing time to detect from minutes to sub-second might not sound significant, it’s crucial when a major, widespread outbreak occurs. Customers should have the ability to react quickly to threat actors.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Save energy with Paxton’s Net2 Access Control
Paxton Power Management Products & Solutions
Paxton offers access control systems that can help save building energy by utilising smart features. This not only has a positive environmental impact but, importantly, helps save businesses money.

Protecting our most vulnerable
NEC XON Access Control & Identity Management Products & Solutions
In a nation grappling with the distressing rise in child kidnappings, the need for innovative solutions to protect our infants has never been more critical. South Africa finds itself in the throes of a child abduction pandemic.

Access & identity expectations for 2024
Technews Publishing IDEMIA ZKTeco Gallagher Salto Systems Africa Regal Distributors SA Reditron Editor's Choice Access Control & Identity Management Information Security AI & Data Analytics
What does 2024 have in store for the access and identity industry? SMART Security Solutions asked several industry players for their brief thoughts on what they expect this year.

International access manufacturer sets up shop in SA
Technews Publishing Access Control & Identity Management News & Events Products & Solutions
The South African security market can always use some good news, and this year, STid has obliged by formally entering the South African market, setting up its main office in the Boomgate Experience Centre in Roodepoort, Johannesburg.

Prepare for cyber-physical attacks
Gallagher Information Security Access Control & Identity Management
As the security landscape continues to evolve, organisations must fortify their security solutions to embrace the changing needs of the security and technology industries. Nowhere is this more present than with regard to cybersecurity.

Zero Trust and user fatigue
Access Control & Identity Management Information Security
Paul Meyer, Security Solutions Executive, iOCO OpenText, says implementing Zero Trust and enforcing it can create user fatigue, which only leads to carelessness and a couldn’t care attitude.

Passwordless, unphishable web browsers
Access Control & Identity Management Information Security
Passkey technology is proving to be an easily deployed way to bring unphishable, biometric-based security to browsers; making identification and authentication much more secure and reliable for all parties.

Time is of the essence
Information Security
Ransomware attacks are becoming increasingly common. Yet, many individuals and organisations still lack a clear understanding of how these attacks occur and what can be done to secure their data.

All aspects of data protection
Technews Publishing Editor's Choice Information Security Infrastructure AI & Data Analytics
SMART Security Solutions spoke to Kate Mollett, Senior Director, Commvault Africa, about the company and its evolution from a backup specialist to a full data protection specialist, as well as the latest announcements from the company.

The song remains the same
Sophos Information Security
Sophos report found that telemetry logs were missing in nearly 42% of the attack cases studied. In 82% of these cases, cybercriminals disabled or wiped out the telemetry to hide their tracks.