There have been a number of improvements and innovations in cybersecurity over the years, and it has evolved—as a whole—to keep pace more or less with advances in attack tools and techniques. If you look at reports and surveys about cybersecurity, though, or glance at the news headlines on any given week, it’s obvious that we are basically running to stand still. One of the challenges that continues to plague cybersecurity and force companies to constantly scramble to play defense is that it is primarily reactionary. Cybersecurity solutions based on artificial intelligence provide more proactive defense to shift the battle in favor of organizations.
Giving Attackers a Head Start
Reaction is a horrible strategy for security. What if the lock on the front door of your house was designed to let anyone enter unless the individual was already cataloged in a database of known criminals? What if you couldn’t put your seatbelt on until your vehicle first detected an impact? The entire premise of security has to be built on an assumption that the measures you have in place can protect you from threats you don’t already know about.
The problem with most cybersecurity tools is that they rely on signatures. But where do the signatures come from? When a new exploit or malware variant is detected, security researchers reverse engineer it to learn how it works and identify unique attributes and techniques used by it. Those elements are then used to develop the signature that allows cybersecurity tools to detect that threat when it tries to infiltrate the network or execute on an endpoint.
Antivirus software, web application firewalls (WAF), host intrusion detection systems (HIDS), and other common cybersecurity tools depend on signature updates from the vendor or leverage open source or commercial signature feeds in order to detect and identify threats. That means the attacker has the initiative.
Can you see why this is a fundamentally flawed strategy? Signatures are broken as a detection method because the attacker always gets the first move. The signature can’t be created until the threat exists and is discovered, and the cybersecurity tools can’t effectively defend against the threat until the signature is developed and deployed. There is always some period of time where the cybersecurity tools are ineffective at detecting the new threat and systems are vulnerable.
Changing the Game with Artificial Intelligence
What if the cybersecurity tools were just smarter—and could be trained to recognize a threat without a signature? I’ve talked with a number of cybersecurity professionals over the years about what tools they use to defend and protect their own computers. The answer is often, “None.” Why? Because as cybersecurity professionals they just know how to recognize and avoid threats.
That is where artificial intelligence comes in. Rather than relying on cybersecurity tools that depend on signatures to provide adequate protection, why not implement cybersecurity based on artificial intelligence—artificial intelligence that can be trained to proactively recognize threats the way cybersecurity professionals do?
With the meteoric rise of cloud computing, DevOps, and containers makes it even more critical to change the game and take a more proactive approach to cybersecurity. I spoke with Ivan Novikov, CEO and co-founder of Wallarm, earlier this year about his cybersecurity predictions for 2019. One of his predictions was that AI will play a crucial role:
“The more sophisticated and complex applications become, the more they are exposed to potential risk and vulnerabilities. DevOps and microservices have accelerated the pace of application development—and made it virtually impossible to adequately manage risk or detect threats manually. Machine learning and artificial intelligence deliver more accurate results and will play a crucial role in helping to identify and mitigate vulnerabilities effectively.”
The sheer volume of existing threats is almost unfathomable—and yet hundreds of thousands of new threats are identified every day. Maintaining a database of signatures for these threats is just not practical. Relying on a reactionary defense that leaves you vulnerable to hundreds of thousands of new threats while you wait for a signature is dangerous. Companies need to look at cybersecurity solutions built on artificial intelligence—tools that can provide more effective protection and proactively defend against new threats.