AI in cybersecurity - more than just a buzzword?

Jul 16, 2018

Let’s talk real for a second: AI has become the buzzword of pretty much every domain, and we’re sure we’re not the only ones who have noticed. AI is apparently going to revolutionise such diverse industries as fashion and recruitment, and just last week the UK and French governments announced a joint work force on AI between the Alan Turing Institute and the DATAIA. For it’s part, cybersecurity is hardly immune to the allure of AI, with every vendor in the industry currently waxing lyrical about the integration of AI into their solution. Is there a little bit of AI for AI’s sake at play here?

The benefits of AI in cybersecurity

Don’t get us wrong, there are many benefits to AI in cybersecurity. To begin with, AI allows us to process large amounts of data. This is great news, given the data explosion that the internet has set off, which is only going to increase. What’s more, information is becoming stored in increasingly disparate areas: across the Visible web; the Deep web and the Dark web, but also across Connected Storage. Ensuring data security involves scanning massive amounts of data across an increasingly complex internet landscape. 

Scanning a vast amount of data ensures a more thorough search, but the challenge is that you are left with a lot of findings to sift through afterwards. For example, the CybelAngel solution scans 4.3 billion sources, and detects about 1 billion documents, per day. If you’re going to look for data leaks, you may as well look everywhere, but if we weren’t about to filter the findings later, we simply wouldn’t be able to cope with such a vast amount. 

Keeping it resource-lite 

The ability to powerfully filter big data becomes even more critical when you consider the severe resource shortage that is currently plaguing the cybersecurity industry. According to CSO Online, 51% of cybersecurity professionals are experiencing a skills shortage, and this percentage has been steadily growing since 23% of the segment reported the same thing in 2014. This is why CISOs and CIOs often get overwhelmed with unfiltered Threat Intelligence feeds which spew forth hundreds of alerts each day, requiring significant human processing to be made sense of. They simply don’t have time for noisy feeds, and quickly become frustrated with them as a result. 

Extracting meaning from big data

Big data is an extremely powerful success factor in cybersecurity, but it needs to be filtered, and this is where Machine Learning can shine. Let’s look at our own solution as an example: out of the 1 billion documents that we scan each day, we detect hundreds of thousands of potential alerts based on matches with the keywords our customer provides us. From that, our Machine Learning algorithms are able to drill down to the incidents that appear the most critical, which equates to about 15-50 per month for an average client. It does this by mimicking the decision-making process of a human analyst, whose job it is to qualify and investigate potential threats. Machine Learning helps us increase the breadth of our scanning, and therefore our thoroughness, but it also saves our customers’ time, which is becoming an increasingly important commodity for them.

Where our expert cyber analysts shine

We are huge fans of AI, and we are very proud of our advanced application of it in our CybelAngel solution. But we are also aware that AI is at its best when it is applied in a way that draws upon the respective strengths of machines and humans. This is why we also place a lot of importance on our team of expert cyber analysts. 

Of the 15-50 potentially critical incidents that Machine Learning extracts, our expert analyst team is then able to filter down to 5-25 qualified alerts. This is because there are certain things that humans are more sensitive to than machines. In our case, the Machine Learning algorithm sometimes highlights incidents which match our customers’ keywords, but which are not actually relevant to the company. Other times it flags incidents which it believes pose a risk to a customer, but which are not as relevant due to the customer’s particular industry. For example, leaked Marketing plans pose less of a risk to a company within the construction industry than they would for a customer within the beauty industry. We rely on our analysts to perform a final human filter of the algorithm’s findings in order to completely remove the false-positives that arise from the reduced contextual sensitivity of machines. 

The perfect combination of artificial and human intelligence

In order to save our customers even more time, our analysts then go on to investigate the source of the incident in order to produce a contextual report for them. Armed with this information our customer can focus on what they do best: the swift and effective take-down of threats. Of course, our analysts are also available to guide and support our customers throughout the remediation process. These are all tasks which we can’t expect machines to perform at the same level as humans, at least not at this point in the development of technology. 

AI will be an indispensable lever in the future of cyber security as we struggle to keep up with big data and the complexity of the internet landscape. No less so as the industry’s skills shortage continues to worsen over time. That said, we are not believers in AI for AI’s sake. We believe in an application that can harness the strengths of each party. In our case, that means the power of smart algorithms to handle vast amounts of data; the power of Machine Learning to drill down to the most critical incidents; and the power of our analysts to eliminate false-positives and assist in remediation. All this so that our customers have the time and intelligence to focus on what they do best: leading the swift and effective take down of serious threats.