The battle of AI and ML in the cybersecurity world

Issue 2 2022 Information Security, Products & Solutions

Whether we realise it or not, artificial intelligence (AI) and machine learning (ML) play a part in every second of our lives. From the moment we wake, smart devices decide what time to turn on our heaters and our lights, social media uses complex algorithms to select what news to promote to us and Google Maps navigates us through our day. Even while we sleep, AI monitors our sleeping patterns (with the proliferation of smart devices like Google Home and Apple Watches) identifying when we have had a good night’s sleep and even monitoring our health.

ML and AI in our daily lives have slowly changed how we interact with technology. We use this technology for good by helping the elderly with virtual chatbots, preventing poaching and providing real-time translation for migrants.

The cybersecurity world has been at the forefront of this technology in the last decade, using ML/AI in various applications such as tackling huge volumes of malware, detecting spam and business email compromises, analysing network traffic, using facial recognition and more. It’s hard to get away from a vendor’s presentation without hearing about their ML and AI nowadays. This article will demystify and hopefully bring some new angles to our readers in the decision-making around ‘ML-enabled’ security solutions.

What are ML and AI?

Let’s start with simple definitions of machine learning and AI. Machine learning involves enabling computers to learn how to do something. This requires input such as training data and knowledge, while AI is the goal of applying the knowledge learned. AI attempts to solve data-based business or technical problems, assisting users in the decision-making process or making judgment itself (if we programmed it in such a way). When it needs to, it can be used to rapidly analyse large sets of data that no human brain could possibly process and can come up with AI-assisted decisions and conclusions on an issue.

Is AI perfect? Not always. Any computer program is only as good as its writer and any ML or AI is only as good as the information it has been fed. There are well-known examples of programmatic biases in some AI algorithms and examples where chatbots have gone rogue after being trained with the wrong data. So, while there is still work to be done, these algorithms can deliver significant benefits over even more fallible humans.

AI-driven malware: myth or reality?

Despite a large amount of hype and clickbait, there is little evidence to support the belief that criminal cybergangs are already using AI to help generate new strains of malware, however, there is evidence that AI/ML is being used in other areas to circumvent protective security measures:

• Generating deep fake videos and images to phish users and bypass security measures. This is particularly prevalent on social media sites to create fake identities.

• Solving CAPTCHAs to bypass authentication protections.

• To gather open source intelligence on organisations in order to target attackers.

AI in defensive security: Use case is king

When considering investment priorities among security solutions, evaluate the use cases you’re trying to achieve. Understand how threats are evolving and what tactics and techniques black-hats use. Then ask why you couldn’t stop these attacks with the investment you have so far. It’s fairly easy to get caught up with the AI/ML hype. But customers are starting to move cleverly to consider practical use cases, whether this is detection, forensics, hunting or mitigation.

How does Fortinet use AI?

The big change in the malware industry that triggered the need for AI was heuristics and adaptive malware. Fortinet went almost overnight from a volume of malware that could be handled manually to a situation with exponential growth in the number of samples. It had to adapt and take advantage of AI and ML to support its malware analysts.

Fortinet has been in the AI business for more than a decade. At a high level, Fortinet uses AI and ML in multiple areas:

• Scale: One of the first use cases 10 years ago was the advent of the virtual FortiGuard threat analyst. The huge growth in samples meant that analysts could no longer handle the volumes of samples they were receiving, so they created an artificial neural network (ANN) for sub-second sample classification. Over six generations of this solution, this grew into FortiAI, which analyses millions of samples per day with near-perfect accuracy - a task that would normally require thousands of human analysts.

• Enhance: An ML use case is a great way to enhance traditional security solutions. Some examples are:

◦ Adding ML analysis of malicious vectors in FortiSandbox.

◦ ML-enabled AV engine in FortiOS.

◦ ML in other solutions such as FortiWeb, FortiGuard Security Services and many more. This enables better and more accurate detections of malicious activities or anomalies for our customers. In this area, innovation is key.

• Predict: ML/AI is particularly good at drawing relationships and making predictions. An example is comparing two infections’ ‘DNA’ and tracing the source of a problem. This is a more advanced application of AI, as prediction has a time element, meaning you can tell ahead of time what will happen. Based on the historical data points, trending, etc., it is possible to predict what might happen to your network.

• Reduce time to detect: Fortinet pushes the physical limit to ‘sub-second’ detection of malicious code, enabling SecOps solutions to integrate with its flagship NGFW FortiGate for inline blocking, stopping patient zero. While reducing time to detect from minutes to sub-second might not sound significant, it’s crucial when a major, widespread outbreak occurs. Customers should have the ability to react quickly to threat actors.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Hikvision launches AcuSeek NVR
Surveillance Products & Solutions AI & Data Analytics
By integrating natural language interaction, Hikvision’s AcuSeek NVR enables precise video and image retrieval within seconds, marking a transformative milestone for the security industry's advance into intelligent and efficient applications.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Analyse, automate, and optimise logistics processes
neaMetrics Surveillance Transport (Industry) Products & Solutions Logistics (Industry)
In today’s rapidly evolving logistics sector, the pressure to improve process efficiency, optimise resource usage, and ensure seamless security is more intense than ever. Smart, proactive surveillance is no longer a luxury — it is a critical operational necessity.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Survey highlights cost of cyberdamage to industrial companies
Kaspersky Information Security News & Events
The majority of industrial organisations estimate their financial losses caused by cyberattacks to be over $1 million, while almost one in four report losses exceeding $5 million, and for some, it surpasses $10 million.

Read more...
Digital economy needs an agile approach to cybersecurity
Information Security News & Events
South Africa is the most targeted country in Africa when it comes to infostealer and ransomware attacks. Being at the forefront of the continent’s digital transformation puts South Africa in the crosshairs for sophisticated cyberattacks

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.