Not just sci-fi: how cyber security AI has outsmarted humans

Not just sci-fi: how cyber security AI has outsmarted humans

Elon Musk’s latest prediction that AI will outsmart humans in less than 5 years is a bold re-reckoning that envisions humans becoming cyborgs, and machines taking on super-human qualities. Things, Musk tells us, will get “unstable or weird”.

For many, this is still the stuff of sci-fi. There are no signs that AI, in its broadest sense, comes close to human sentience and capability. When we talk about the power of AI, it’s more helpful to consider the specific use cases and sectors where it will, undoubtedly, have a transformative effect. And the one area where the future is now.

Cyber security is a high priority for companies and organisations who are seeing more and more attacks against their digital infrastructure. Hackers have become savvier at exploiting technology to their advantage, and only need to be successful at compromising one weak link to begin an infiltration, whereas defenders need to get it right every time. The odds have been stacked against them.

But many thousands of people working in cyber security today rely on AI to perform a whole range of tasks that would previously have been part of their job description. These tasks include monitoring digital activity across different parts of the workforce and global locations, identifying anomalous behaviours, writing up reports on security events for the boss to read, and taking action to limit the spread of possible attacks.

There is little doubt that AI is doing these jobs better and ‘smarter’ than humans can. Digital networks handle terabytes of data every day – the scale is unthinkable for humans, who have limitations on how much information they can process at a time, and need regular breaks. But it’s more than just a scaling issue – the AI gets to better outcomes, uncovering damaging cyber attacks that the human doesn’t. Today, AI is detecting the most sophisticated attacks out there including those from the sophisticated Chinese cyber espionage group known as APT41 and even the alleged Russian ransomware gang EvilCorp.

Pinpointing weird and abnormal activity that human teams are unable to detect amid the noise of normal digital activity, was the first step in outsmarting humans. The second step is more fundamental still – the AI now interrogates its own findings. In other words, instead of human beings looking at the outputs of the AI and applying their human understanding, AI is now taking care of this too. Known as an AI Analyst, this technology applies contextual understanding to launch a full-blown investigation into what has happened on the network. The result of the investigation is a machine-generated, human-readable report about the incident.

The time savings are huge, and vital for overwhelmed human security teams. Where a human security analyst would take 3 hours on average to interrogate a suspicious event and apply their domain expertise and knowledge to figure out the extent of the compromise, assess the likely impact, and make recommendations for action – the AI does this in seconds. And the report can be generated in whatever language is required, enabling not just an instant response, but a global one too. Cyber AI is now carrying out 1.4million investigations every week, elevating human teams to focus on tactical and strategic tasks like shaping long-term strategy and policies.

By 2021, the role of the security analyst will be changed for good. It will be normal for internal security investigations to be performed by AI. 2021 will also be the year where businesses fully embrace autonomous response – the application of AI that fights back against cyber-threats automatically, without a human being involved.

While 1,000 organisations already use Autonomous Response technology, this will accelerate dramatically as we see AI being used to power cyber attackers. At this point, Autonomous Response will be the means for survival – only AI can fight back against AI. In a recent survey, it was revealed that 88% of security leaders say supercharged AI attacks are inevitable with over half anticipating the industry will see these attacks in the next 12 months.

Organisations will effectively delegate the first-line response to an emerging cyber-threat to machine algorithms then, allowing the AI to react at computer-speed to fast-moving attacks. We are already used to the idea of AI recommending what to watch on Netflix based on our personal preferences – in security, AI will be recommending what action to take in response to a cyber-attack. In many cases, the action will be taken without the human in the loop – time is rarely on your side when dealing with computer-driven attacks, and action usually needs to be instantaneous to prevent the breach or damage.

All of this will be normal – AI will be expected to have your back at all times – when the team is busy, or they are resting at home, at the weekend, or simply when they can’t get there quickly enough. The human role changes from the central character of threat detection and response, to a supporting role. But it also enables the human to step onto a bigger stage altogether and focus on shaping policy and longer term strategy.

AI has been advanced, perhaps to the greatest extent, in its ability to handle cyber-attacks. AI has proven that it can outperform human capabilities in detecting, understanding and stopping cyber-threats. This step forward is necessary and should be welcomed – not feared.


Author: Max Heinemeyer, Darktrace’s Director of Threat Hunting

Copyright Lyonsdown Limited 2021

Top Articles

Double trouble: the rising threat of double-extortion ransomware

Ransomware attackers continue to threaten businesses at an increasing scale, speed and sophistication.

The blurring line between nation-state and cyber-criminals

Russia is widely known to be involved in a plethora of cyber-criminal activity.

XDR: Delivering value where SIEMs fail

Implementing an XDR solution means faster detection, and remediation of cyber incidents

Related Articles

[s2Member-Login login_redirect=”” /]