As a technology leader, you get asked all the time: Are you operating better and faster? Often, someone will throw in the conversation words like artificial intelligence or machine learning to see if you’re keeping up with emerging technologies.
Artificial intelligence can be a confusing term. It’s become a general catch-all for a range of methods and technologies. In cybersecurity, there are three common uses where the term AI comes up that businesses need to understand to see if they’re really using AI, and more importantly, what they expect to get out of it.
Big Data Analytics
The first is big data analytics. This uses statistical analysis of traffic – be it website, emails, or other network data – to predict what are likely anomalies that can indicate security threats such as viruses. This method analyses multiple forms of data, such as in email the origin of communication, which path it took, and its subject matter to predict whether it is likely to be a threat.
However, the process is quite basic and often identifies false positives, classing legitimate traffic as malicious. To avoid this, the potential threats are passed over to human analysts to decide. This isn’t full-blooded AI since it ultimately relies on a heavy dose of human decision-making.
Supervised Machine Learning
A truer form of AI is machine learning. This is where an algorithm categorises data into distinct groups. Supervised machine learning is where the algorithm is trained to put data into categories, for instance, by feeding it with annotated pictures of cats and dogs so it will learn to recognise these in future. Trained with enough data about the sorts of communications that look like cyber threats, machine learning algorithms can learn to distinguish between threats and legitimate traffic.
Supervised machine learning is like big data analytics on steroids. It can make accurate decisions much faster than humans. With today’s threats being made up of often hundreds of elements, the more you can identify and correlate them, the better the quality of detection.
Why is this so critical? Security practitioners will only implement an action when they have confidence that they have identified the problem correctly. The fear of getting something wrong means that in many cases a human must make the final decision. Being able to use machine learning to identify cyber threats with much higher confidence is critical if we are to take automated actions without having human validation slow down the process.
Unsupervised Machine Learning
An even purer form of AI is unsupervised learning. This is where an algorithm analyses data and finds its own insights without being trained. For instance, examining images online, it will teach itself that some of them are cows or zebras. But this can be time-consuming. Let an unsupervised machine learning algorithm loose on security data and it could take years to come up with a worthwhile insight. That said, the insights it finally creates could be transformational, such as identifying certain lines of code associated with viruses or attacks.
A Simple Analogy
There’s another way to think about AI, one that may be easier to remember. An analogy can be made with cooking. Big data analytics is like cooking beans on toast. There are only two simple ingredients, but we need to make sure we have the tastiest ratio of beans to toast. Data analytics looks for examples where the balance isn’t right and flags up the anomaly so it can be rectified by a human chef.
Supervised machine learning allows us to broaden the ingredient list. It’s like making a good curry with many permutations of spices. The more ingredients there are, the higher the number of permutations. Supervised machine learning does what the average cook does – runs thousands of experiments to get the best blend of chilli and lime, knowing what tastes good.
Meanwhile, unsupervised machine learning can be compared to recipes developed by experimental British chef Heston Blumenthal. There is no limit to the ingredients and methods he uses. He has no pre-conceptions about what is acceptable taste.
Who in their right mind would consider using gravel as a cooking ingredient? Heston recently suggested adding gravel to soup to thicken it up. There is little agreement among other chefs or diners as to whether this is a good idea. That level of uncertainty would not help in threat detection where we need a confident answer.
Unsupervised learning isn’t constrained by existing perceptions and this is its strength, yet at the same time it can take many iterations to come back with a recipe we want to use. The outcomes can take significant time and the results can be very mixed. The positive thing is that you could find something amazing that our human brains simply wouldn’t have conceived.
Next time someone asks you about AI or tells you they have a great AI cybersecurity solution for you, consider whether it suits your business needs. You’ll have to factor in the amount of data your business produces and how sensitive and valuable it is. You may only need beans on toast. Perhaps you are after a curry. Or you might need a whole new taste.
AI can offer whole new levels of cybersecurity to streamline your operation. The challenge is deciding what is most appropriate for your business.