AI and the future of cyber defense

deal with security issues stemming from the explosive growth of data will be a focal point of GCS 2017.


Ben Dickson



The digital universe is expanding at an accelerating pace. Thanks to the internet of things (IoT), broadband communications, cheaper cloud storage, and computation power, every organization, company, and government is generating reams of data about anything and everything.

While this deluge of digital information provides unprecedented opportunities to improve the speed, accuracy, and efficiency of tasks, it also raises some distinct challenges. With so much traffic and a shorthanded cybersecurity industry, organizations are finding it harder and harder to secure their networks and data against cybercriminals.

How to deal with security issues stemming from this growth of data will be a focal point of Global Cybersecurity Summit 2017, which will be held in the flashpoint city of Kiev on June 14-16.

“Sixty percent of organizations today have little-to-no visibility into how their applications communicate,” says Nathaniel Gleicher, the former director for cybersecurity policy at the U.S. National Security Council, who will be speaking at the event.

“In other words, they are defending an environment that they don’t understand, which is a recipe for disaster,” adds Gleicher, now serves as head of cybersecurity strategy at Illumio. “You can’t secure a building if you don’t understand its entrances and exits, and the same is true if you’re protecting a data center.”

Finding suspicious and potentially malicious activity in the torrent of data moving in and out of our disparate networks is like finding a needle in a haystack. In fact, recent research found that it takes an average of six months for organizations to detect data breaches. Meanwhile, security analysts have to deal with hundreds and thousands of security events on a daily basis, which is beyond their capacity.

Making matters even more complicated, the boundaries of corporate networks are blurring and securing perimeters are being redefined, as more and more organizations opting for cloud environments as opposed to on-premise servers and data centers.

One solution to this growing problem is the use of artificial intelligence and machine-learning algorithms to detect and block security breaches. As opposed to human analysts who can review only a limited number of security events, algorithms have the capacity to look into millions of events each day and find patterns that would go unnoticed to humans.

“There are machine-learning algorithms that can identify groups of data items that are similar to each other, and other machine-learning algorithms that can identify data items that are very unusual,” says Miranda Mowbray, formerly a senior researcher at Hewlett Packard Labs, who will also be at the GCS 2017. “As an example, both of these types of algorithms can be used on a deluge of [Domain Name System] data to identify malware-infected computers in an enterprise network. You can look for computers whose DNS behavior is similar to the past behavior of computers known to have been infected by a particular strain of malware; you can also look for computers whose behavior is very unusual, and is consistent with being infected by previously unknown malware that uses a known attack technique.”

A number of security vendors are tapping into the benefits artificial intelligence in dealing with cyber threats and attacks. There are now solutions that function based on behavioral analysis instead of relying on malware definitions and static rules as is the norm in traditional cybersecurity solutions.

While artificial intelligence is no replacement for human analysts, AI can dramatically simplify their efforts. Last year, for example, researchers at the MIT Computer Science and Artificial Intelligence Lab (CSAIL) devised an AI system that uses supervised learning to find and report security threats. After analyst trains the system over the span of a few weeks to distinguish between real security threats and false alarms, it eventually learns to reduce false positives by flagging significant events that analysts can then investigate. Other firms and organizations are exploring various AI-related techniques to improve security in corporate networks.

However, artificial intelligence is not a silver bullet and still has a long way to go. “There’s a lot of buzz about AI right now, but when you dig past the buzz, there’s very little actual AI deployed in cybersecurity,” Gleicher says. “It may be coming on the innovation curve, but it’s not here yet.” Gleicher believes that where AI can be used best is in understanding and controlling data centers and clouds, and adapting that understanding as those environments changes.

Gleicher will be debating the topic along with other notable experts from the private and public sector at the summit. GSC has been well-received in the host country Ukraine and has secured the partnership of the Ukrainian Ministry of Economic Development and Trade’s State Finance Institution for Innovations, IT Ukraine Association, Hi-Tech Office Ukraine, and the Telecommunication Chamber of Ukraine Association.

The Global Cybersecurity Summit 2017 will be held in Kiev’s Parkovy Convention and Exhibition Center. More information about tickets and sponsorship can be found at GCS’s website.

Share this article

*First Published:

The Daily Dot