How Artificial Intelligence Plays An Important Role In Cyber Security Field.

By Rohit Shirur.

What do you mean by artificial intelligence?

Artificial intelligence (AI) is an area of computer science that emphasizes the creation of intelligent machines that work and react like humans. Some of the activities computers with artificial intelligence are designed for include: Speech recognition.

In the field of computer science, artificial intelligence (AI), sometimes called machine intelligence, is intelligence demonstrated by machines, in contrast to the natural intelligence displayed by humans and other animals. Computer science defines AI research as the study of "intelligent agents": any device that perceives its environment and takes actions that maximize its chance of successfully achieving its goals. More specifically, Kaplan and Haenlein define AI as “a system’s ability to correctly interpret external data, to learn from such data, and to use those learnings to achieve specific goals and tasks through flexible adaptation”. Colloquially, the term "artificial intelligence" is applied when a machine mimics "cognitive" functions that humans associate with other human minds, such as "learning" and "problem solving".

The scope of AI is disputed: as machines become increasingly capable, tasks considered as requiring "intelligence" are often removed from the definition, a phenomenon known as the AI effect, leading to the quip in Tesler's Theorem, "AI is whatever hasn't been done yet." For instance, optical character recognition is frequently excluded from "artificial intelligence", having become a routine technology. Modern machine capabilities generally classified as AI include successfully understanding human speech,competing at the highest level in strategic gamesystems (such as chess and Go), autonomously operating cars, and intelligent routing in content delivery networks and military simulations.

Borrowing from the management literature, Kaplan and Haenlein classify artificial intelligence into three different types of AI systems: analytical, human-inspired, and humanized artificial intelligence. Analytical AI has only characteristics consistent with cognitive intelligence generating cognitive representation of the world and using learning based on past experience to inform future decisions. Human-inspired AI has elements from cognitive as well as emotional intelligence, understanding, in addition to cognitive elements, human emotions and considering them in their decision making. Humanized AI shows characteristics of all types of competencies (i.e., cognitive, emotional, and social intelligence), able to be self-conscious and self-aware in interactions with others.

Artificial intelligence was founded as an academic discipline in 1956, and in the years since has experienced several waves of optimism,followed by disappointment and the loss of funding (known as an "AI winter"),followed by new approaches, success and renewed funding. For most of its history, AI research has been divided into subfields that often fail to communicate with each other. These sub-fields are based on technical considerations, such as particular goals (e.g. "robotics" or "machine learning"), the use of particular tools ("logic" or artificial neural networks), or deep philosophical differences. Subfields have also been based on social factors (particular institutions or the work of particular researchers).

The traditional problems (or goals) of AI research include reasoning, knowledge representation, planning, learning, natural language processing, perception and the ability to move and manipulate objects. General intelligence is among the field's long-term goals. Approaches include statistical methods, computational intelligence, and traditional symbolic AI. Many tools are used in AI, including versions of search and mathematical optimization, artificial neural networks, and methods based on statistics, probability and economics. The AI field draws upon computer science, information engineering, mathematics, psychology, linguistics, philosophy, and many other fields.

The field was founded on the claim that human intelligence "can be so precisely described that a machine can be made to simulate it".This raises philosophical arguments about the nature of the mind and the ethics of creating artificial beings endowed with human-like intelligence which are issues that have been explored by myth, fiction and philosophy since antiquity. Some people also consider AI to be a danger to humanity if it progresses unabated.Others believe that AI, unlike previous technological revolutions, will create a risk of mass unemployment.

In the twenty-first century, AI techniques have experienced a resurgence following concurrent advances in computer power, large amounts of data, and theoretical understanding; and AI techniques have become an essential part of the technology industry, helping to solve many challenging problems in computer science, software engineering and operations research.

The Role of Artificial Intelligence in Cyber security.

AI and machine learning can help IT security professionals to achieve cyber hygiene and enforce least privilege environments at scale.

While security as a percentage of IT spend continues to grow at a robust rate, the cost of security breaches is growing even faster.

Organizations are spending close to $100 billion on a dizzying array of security products. In fact, it is not uncommon for CISO organizations to have 30 to 40 security products in their environment. However, if you ask chief information security officers how they feel about their security risk, they will express concerns over being highly exposed and vulnerable.

Artificial intelligence (AI) and machine learning (ML) can offer IT security professionals a way to enforce good cybersecurity practices and shrink the attack surface instead of constantly chasing after malicious activity.

Why Isn’t Cyber security Working as It Should?

There are many reasons security measures are falling behind, like the ever-increasing sophistication of adversaries and traditional perimeters virtually disappearing due to the rise of cloud and mobile technologies. But one of the biggest reasons we are not succeeding is that we always seem to be one step behind the bad guys.

Most security products are focused on understanding malware or attacks. This is an unbounded problem and, as a result, we are always playing catch-up with malicious actors. The number of malware and fileless attacks run into the billions, with hundreds of millions getting added each year. On top of that, the bulk of these products focus on infiltration prevention. By homing in on preventing infiltration almost exclusively, we are conceding the asymmetry advantage to the attackers — while they just have to get it right once, we must get it right every time.

We must figure out a way to bound the problem. Focusing solely (or primarily) on chasing the bad is not going to help us succeed.

How Cyber security Threats Can Be Contained?

The principle of least privilege is one of the oldest information security principles, with the original formulation by Jerry Saltzer stating: “Every program and every privileged user of the system should operate using the least amount of privilege necessary to complete the job.”

If we enforce this principle to our IT environments, where every application is confined to performing only what it must to complete its job, we’d have dramatically reduced the attack surface, and would consequently have bounded the problem.

While this doesn’t eliminate the need to monitor for threats, it simplifies the problem. You are no longer looking for a needle in a haystack, but looking for a needle in a few pieces of hay.

So, the right solution architecture would include two components:

• A foundational piece that shrinks the attack surface by enforcing least privilege (also known as cyber hygiene)
• A complementary piece that controls residual risk by monitoring for threats

The Limits of Least Privilege in Cyber security

Customers have tried implementing least-privilege environments in the past through whitelisting. While whitelisting solutions can be effective, they have been a nightmare to operationalize.

The constant changes during the normal course of operating an IT environment at scale are very hard to keep up with. So, in this case, instead of playing catch up, we were chasing our own tails. These changes include patching, upgrades, network reconfigurations, new integrations, administrative activities like backup, management activities and many other things.

In fact, most whitelisting solutions had limited scope, focusing largely on file integrity as against behavioral integrity of programs. If we want to extend least privilege to include behavior, arguably we’d have an even more complex operational problem than the traditional whitelisting solutions. What is the answer?

Can AI and Machine Learning Help Shrink the Attack Surface?

Some argue that AI can solve the problem of “chasing bad” and dramatically increase our security. If this were true, one might argue that we do not need the foundational piece described above. There is little doubt that with the resurgence of deep learning owing to multiple factors, we have seen phenomenal improvements in heretofore hard problems in AI. This includes object detection in images and videos, speech recognition, natural language processing, self-driving cars, search, recommendation engines, games like chess and Go, healthcare and much more.

Some of these problem domains are adversarial but have well-defined rules like chess and Go. There are others like self-driving cars and speech processing that have few rules that can be used to describe them. However, these problems often do not have adversaries involved and frequently have large amounts of data — a prerequisite for deep learning algorithms. Chasing bad guys in cybersecurity is uniquely difficult due to three factors:

• It has sophisticated adversaries.
• They are guaranteed to not follow any rules.
• There is scarcity of labeled data on malware or attacks.

On the other hand, we have established that ensuring good is always going to be more effective than chasing bad. This approach gets even better with the rise of modern AI/ML.

AI/ML techniques are ideal for achieving cyber hygiene and shrinking the attack surface at scale, which requires an automated understanding of the intended state of an application. There are two distinct advantages that make it ideal for AI/ML.

• Rules exists for the behavior of good software (there a lot of them, but AI/ML can take advantage of them, update them and improve security as a result).
• There is plenty of data labeled “data for good ware.”

The primary challenge has been the constant change at scale. The nature of change, though, is predictable and follows patterns. This is the kind of problem that AI/ML excels in.

Using AI and ML to achieve cyberhygiene and enforce least privilege environments at scale is the breakthrough idea that will help us secure modern IT environments against ever-evolving threat landscape.

14 companies merging AI & cyber security to keep us safe and sound

By the year 2021 cybercrime will cost the world upwards of $6 trillion annually. It's no

surprise cybersecurity is exploding as its own industry, protecting the networks and systems that companies and organizations operate and store data on.

The path to information security requires smarter detection and many cybersecurity companies are using artificial intelligence to get there. A new generation of AI-powered solutions and products are keeping bad actors on their toes and giving IT teams around the country some much needed relief. 

Here are 14 companies merging artificial intelligence and cyber security to make the virtual world safer for everyone.

Logrhythm

Location: Boulder, Colo.

How it's using AI in cybersecurity: LogRhythm provides an end-to-end security solution for companies and organizations worldwide to detect and respond quickly to cybersecurity threats.

The company uses machine learning to profile and detect threats, compromised accounts, privilege abuse and other anomalies.

The platform reduces the times of detection and response for security teams, providing a user interface where teams can easily investigate and respond to threats.

Industry impact: According to a LogRhythm case study, a regional bank required a more mature security system to handle the virtual shift happening in the finance space. After implementing LogRhythm, the bank’s analysts were able to eliminate the time wasted consolidating different data logs and points, freeing the team up to identify suspicious activities well before they become a problem.

Versive

Location: Seattle

How it's using AI in cybersecurity: Versive helps businesses and organizations identify crucial threats, helping teams save time that might otherwise be spent investigating alerts that don’t require immediate attention.

The Versive Security Engine (VSE) uses artificial intelligence to sort out the critical risks from routine network activity, identifying chains of activities that result in attacks and helping security teams to get ahead of them.

Industry impact: VSE alerted a bank that odd volumes of data were being sent from an internal to another internal host. Because the hosts had never exchanged information before, VSE alerted the behavior. It was discovered that important data was being backed-up on an internet-accessible server and was therefore more vulnerable to attacks.

Anomali

Location: Redwood City, Calif.

How it's using AI in cybersecurity: Anomali provides technology to help businesses and organizations identify suspicious activity before it’s in their network.

The company's suite of threat intelligence solutions not only allows security teams and analysts to identify threats and adversaries, but also collaborate with other organizations to share their findings to aid in the prevention of breaches and attacks. 

Industry impact: According to an Anomali’s case study, the company worked with BBCNBank to streamline investigation time and systems integration.

The bank’s security analysts were spending too much time investigating individual IPs for malicious threats, while threat intelligence systems were separate and not integrated into the bank’s SIEM.

The bank began utilizing Anomali’s ThreatStream solution and analyst reduced the time it takes to investigate threats from 30 minutes to a just a few.

Crowdstrike

Location: Sunnyvale, Calif.

How it's using AI in cybersecurity: Crowdstrike provides cloud-native endpoint protection software. Its platform, Falcon, offers prevention, visibility across endpoints, and proactive threat hunting to customers in industries like finance, healthcare and retail.

Working beyond simple detection, the Falcon platform automatically performs investigations on threats and takes the guesswork out of threat analysis.

Industry impact: The Indiana Farm Bureau Insurance company services customers in every county in Indiana, housing personal information for thousands of people. Crowdstrike helps the agency keep sensitive client data is secure when its team is in the field, ensure IT assets are using off-network WiFi, and protect data during high-attack times like weekends and holidays.

Cybereason

Location: Boston

How it's using AI in cybersecurity: Cybereason is a cybersecurity analytics platform that provides threat monitoring, hunting and analysis. The platform gives companies and organizations greater visibility within their security environment, as well as the ability to get ahead of threats.

Cybereason’s AI-powered hunting technology actually answers the question of whether an organization is under attack or not. Because threat hunting is often reserved for companies with large resources, Cybereason provides solutions to automate the job so security teams of all sizes and skill levels can detect problems in their network.

Industry impact: An aerospace manufacturer was manually checking data logs for problematic activity and needed an automated system that complied with strict security rules. The company deployed Cybereason, which automated hunting processes and endpoint detections, while cleaning up the infected servers.

Darktrace

Location: San Francisco

How it's using AI in cybersecurity: With more than 30 offices around the world, Darktrace has helped thousands of companies across industries detect and fight cyber threats in real time.

Darktrace’s AI platform analyzes network data to make calculations and identify patterns. Machine learning technology uses the data to help organizations detect deviations from typical behavior and identify threats.

Industry impact: DirecTV needed a system to provide both complete network visibility and proactive defenses against data breaches and customer information leaks. The company uses Darktrace's AI-powered technology to detect emerging issues.  

Jask

Location: San Francisco

How it's using AI in cybersecurity: Jask offers an autonomous platform for modernizing security operation centers with the automation of tasks. This gives analysts more time to investigate high-priority alerts. The program provides analysts with full visibility, including contextual data, across the business, helping them identify threats easier.

Industry impact: According to a Jask case study, an investment firm with offices around the world needed an automated solution to enhance visibility and keep financial data secure. Jask’s platform gave the security team more time to hunt threats while providing the necessary context to make critical decisions.

Fortinet

Location: Sunnyvale, Calif.

How it's using AI in cybersecurity: Fortinet provides security solutions for every part of the IT infrastructure. From network and web application security to threat protection and secure unified access, Fortinet’s cybersecurity products are used by a majority of Fortune 500 companies.

The company’s AI-based product, FortiWeb is a web application firewall that uses two layers of statistical probabilities and machine learning to accurately detect threats.

Industry impact: Steelcase, a furniture manufacturer using Microsoft Azure and Amazon Web Services for cloud hosting, is utilizing Fortinet to ensure its security. As the company expands its IT infrastructure, they continue to deploy Fortinet solutions to protect it.

High-Tech Bridge

Location: San Francisco

How it's using AI in cybersecurity: High-Tech Bridge provides both web and mobile security testing services through its AI and machine learning platform.

The company's multiple AI-based products work alongside human intelligence to detect more vulnerabilities and risks within applications, open-source software and other programs without returning false positives.

Industry impact: High-Tech Bridge took popular cryptocurrency applications and tested them for security issues and weak designs. The analysis discovered that 93% of the applications had a minimum of three medium-risk issues and 90% had more than two high-risk vulnerabilities.

Palo Alto Networks

Location: Santa Clara, Calif.

How it's using AI in cybersecurity: When it comes to cybersecurity providers, Palo Alto Networks is a heavy-hitter, working with more than 50,000 customers across industries in more than 150 countries. Its products support a wide range of needs, from firewalls and cloud security to threat detection and endpoint protection.

Artificial intelligence in cybersecurity application: Palo Alto Network’s security operating platform automates threat identification across a company or organization’s network, cloud and endpoints.

Industry impact: The University of Arkansas required a new firewall when it saw an influx in student population and network traffic. After putting Palo Alto Networks into affect, the university has more control over campus traffic and was able to ensure open access for faculty and students without compromising the security of sensitive or important data.

PerimeterX

Location: San Mateo, Calif.

How it's using AI in cybersecurity: PerimeterX offers a machine learning-powered bot detection solution for e-commerce, hospitality, media and enterprise SaaS customers.

The detection platform analyzes sensor data using machine learning and behavior analytics to create a risk score that identifies whether a user is a risk or not.

The product features a comprehensive integration set, ensuring simple deployment for a variety of infrastructures.

Industry impact: One of PerimeterX’s case studies highlights CouponFollow's need to curb scrapers from competitor sites stealing its coupon data. The website began using PerimeterX to identify and block the scrapers without compromising user experience. A few months after deployment, the bot defender was blocking over 98% of scraping attempts.

Securonix

Location: Addison, Texas

How it's using AI in cybersecurity: Securonix provides a variety of security solutions, from cloud and cyber threats to fraud prevention and data exfiltration.

Utilizing big data and machine learning, the company’s technology tracks behaviors in users and accounts to understand what’s “normal.”

Securonix solutions then detect threats and fraud while filtering out non-threatening user changes and behavior.

Industry impact: A mid-sized bank with a robust client base needed help managing threats of data theft and fraud. The bank deployed Securonix over its current SIEM to add another layer of protection for detecting both internal and external attacks.

SentinelOne

Location: Mountain View, Calif.

How it's using AI in cybersecurity: SentinelOne is a complete endpoint protection platform providing defense across multiple types of attack and throughout the entire threat lifecycle.

Between SentinelOne’s Static AI and Behavioral AI engines, threats are detected and contained autonomously.

Whether malware, phishing emails, trojans or exploits within documents and files, the platform can prevent, detect and even in last attempts, undo attacks.

Industry impact: According to a SentinelOne case study, a financial tech company’s workstations and servers outnumbered its security resources. Managing threats and attacks began taking too much time for the security team. SentinelOne was deployed and now defends more than 8,000 endpoints autonomously, freeing the team to direct their efforts on other areas.

Shape Security

Location: Mountain View, Calif.

How it's using AI in cybersecurity: Shape Security provides software that fights imitation attacks like fake accounts, credential stuffing and credit application fraud for businesses in retail, finance, government, tech and travel.

Shape’s machine learning models have been given access to data resembling attackers, enabling the system to learn what human activity looks like against fraud.

Shape’s solutions, Enterprise Defense and Blackfish, use this AI to identify the differences between real and artificial users and then block, redirect or flag the fraudulent source.

Industry impact: After a Fortune 500 retailer lost tens of millions in account hijackings via its gift card program, the company deployed Shape’s products and eradicated these takeovers, saving millions of company and customer dollars.

SparkCognition

Location: Austin 

How it's using AI in cybersecurity: SparkCognition provides AI-powered operations, security and automation solutions to a range of industries, from cybersecurity and aviation to finance and manufacturing.

For organizations and businesses in need of cyber defense solutions, SparkCognition provides machine learning-powered products that detect and protect against malware, ransomware, trojans and other threats.

Industry impact: In May of 2017, the company’s product, DeepArmor, detected the large ransomware attack called “WannaCry” when many other systems around the world could not. The attack affected numerous organizations, including hospitals in 99 countries.