Brooks Wallace at Deep Instinct explores the potential for advanced artificial intelligence to provide faster, safer and more efficient tools for the cyber-security industry
Cyber criminals are getting smarter, utilising far more advanced techniques that are overcoming even the most elaborate defences. Traditional detection and response systems alone are no longer enough and we are past the point where any organisation should have to accept ‘second best’ in the market.
As criminals increase in sophistication and technical ability, so must we. Despite 77 percent of businesses confirming that cyber-security is a high priority, a staggering 39 percent have still reported breaches or attacks in the last 12 months. It’s time to look towards a more innovative and effective solution that takes a prevention-first approach.
Enter deep learning. Deep learning is the most advanced subset of artificial intelligence, sometimes referred to as ‘deep neural networks.’ This technology represents the next step in intelligent security as its very foundations take inspiration from how the human brain works. The more raw data that is fed into the machine, the better it is at intuitively understanding the meaning of new data. With deep learning technology, companies can block cyber attacks altogether – from detecting and responding to attacks, to actually predicting and preventing them.
Moving beyond machine learning
Traditional cyber-security companies use conventional technology, namely machine learning (ML), for detection and remediation. Fundamentally, this approach cannot prevent attacks early in an attack chain. With ML technology, attacks can be executed before systems can even identify them as being malicious, which can often take several minutes or longer.
Deep learning, on the other hand, rapidly speeds up this process and is able to predict known and unknown attacks and identify potential breaches in less than 20 milliseconds. That’s 10 times faster than a human eye blinks.
Deep Learning is the highest subset of AI, making it several degrees more advanced than ML. It is currently being used in cyber-security with the creation of neurological networks which have been ‘trained’ by raw data samples, containing millions of labelled files both malicious and benign: over time, the network learns to instinctively identify malicious code.
Because the neural network is being trained with this raw data, it can actually predict and prevent attacks before they take place. This technology moves away from the traditional endpoint detection and response approach to one of complete prevention – seeing and stopping potential threats before they even become actual threats.
This is a relatively new approach within the cyber-security industry. However deep learning has a number of real-world applications already. Companies such as Tesla, YouTube, Netflix and Amazon have been benefiting from deep learning in use cases such as autonomous driving, recommendation systems, and image recognition.
Developing deep learning technology is not a straightforward process. It requires huge sets of raw data and time for the machine to learn to differentiate malicious code from benign code. Unlike machine learning, deep learning technology is not given the information of which data files are good or bad – the technology is designed to make the determination for itself. The continual learning process means that the technology is able to predict and prevent without feature engineering – making it harder for criminals to understand how it works and overcome it.
Predicting incoming attacks
It is widely known that criminals can manipulate machine learning for their own gain. Techniques that are often used by cyber criminals looking to exploit machine learning include adversarial machine learning, where the machine learning data set is poisoned. This allows the threat actor’s malware to evade products based on machine learning by tricking the model into thinking something malicious is actually benign. Once the machine recognises that data set as safe, hackers then have a back door into the network.
Deep learning eliminates this risk through its use of raw data which is more robust and resilient to adversarial attacks. The number one priority for security teams is to anticipate risk and work to be steps ahead of cyber criminals. The nature of deep learning makes it harder for criminals to compromise the technology, and so offers businesses a stronger defence against attacks.
Ransomware has made international headlines in recent months and the threat of more widespread and costly attacks is very real. Threat actors, and their rising levels of sophistication, are out of control. The developments in nation-state attacks are a big part of this. The disruption and downtime caused by these attacks can be devastating for business productivity and output, as teams work to recover lost assets.
A deep learning approach can give IT leaders peace of mind knowing that both known and unknown attacks are being prevented in equal measure and with both speed and accuracy. Applying deep learning as part of a multi-layered security stack can reduce the number of alerts a security team is reviewing every week by as much as 25%, giving security teams time back that would otherwise be spent on recovering lost assets.
Organisations still require conventional technology to maintain a strong infrastructure. Deep learning will help to further improve their security stance, enhancing and extending the perimeter and providing more complete protection.
So instead of being a new technology to replace existing systems, deep learning has been designed with agility in mind. Organisations can add this technology to their existing security stack, improving and hardening their security posture, and giving an immediate return on their investment across the security chain in lost time spent reviewing false positives and other benign threats.
The future of deep learning
Deep learning may be a relatively new concept in the world of cyber-security. However, companies are already building deep learning within their own products. As ransomware becomes a board room priority, organisations will be looking to prevent these damaging breaches from impacting their business operations, customer data, reputation, and bottom line.
The recent Colonial Pipeline breach shines a light on the severity of a ransomware attack. Not only will the company be long-remembered for this breach, it also impacted the lives of millions of US citizens. However, had deep learning been in place, the ransomware would have been detected and stopped in pre-execution, before it ever had a chance of doing damage.
Every day, businesses and consumers are experiencing new and unknown cyber attacks, and it’s becoming harder to stay in front of criminals. Now that threat actors have caught up with machine learning prevention solutions, it’s time for security to enter the next stage of defence. A preventative approach is far more effective than detection and response.
Any successful cyber attack is extremely costly, often putting businesses on the edge of collapse. Being able to stop criminals in their tracks before they even come close to a company network will prove extremely valuable.
A cyber solution that can predict and detect unknown attacks, all without the assistance of human engineering, will revolutionise an organisation’s cyber defence. With deep learning, businesses will not only be able to prevent the attacks of today, but also predict and prevent the attacks of tomorrow.
Brooks Wallace is VP EMEA at Deep Instinct.
Main image courtesy of iStockPhoto.com