Within the ongoing arms race in the perimeter of information security, artificial intelligence and machine learning are two of the most promising innovations.
While AI in common „personal assistants“, like those developed by Amazon, Alibaba and Google has recently reached levels at which it can convincingly make phone calls on behalf of their users, the capabilities of AI in the hands of defenders, as well as attackers, will likely evolve from buzzword to technology of significant importance over the next years.
On the defensive side, artificial intelligence powered intrusion detection will deliver the ability to pick up on anomalies within an organizations network or perimeters and raise alerts or even countermeasures much quicker than would be possible for any human security team. AI technologies supreme and literally superhumanly quick pattern recognition capabilities enable it to consistently collect intelligence regarding new threats, attempted attacks, acceptable user behaviour and constantly evolve its knowledge. This does allow AI-powered intrusion detection mechanism to find the proverbial needle in the haystack (and react to it) much faster and more concise than classical signature-based intrusion detection systems or a human security analyst.
This does have a flip-side, of course: The same AI capabilities could be used to learn about specific defences and normal user behaviour pattern in an organization and mask the malicious behaviour so it will not be recognized by classical intrusion detection systems or human onlookers.
An incident like this has, in fact, already been reported by British cybersecurity company Darktrace, who also work on countermeasures for this very scenario. Since pattern recognition, the skill at which artificial intelligence and machine learning systems excel at, is the most important skill in penetrating networks and finding vulnerabilities this seems to be poised to soon be supplemented by the technology as well. It is very imaginable that the days of purely signature-based vulnerability scanning will come to an end and give way to AI systems that will be able to chain exploits like a human penetration tester would – just much quicker and possibly more resourceful.
Another field that is set to be revolutionized by machine learning processes and artificial intelligence is the classification of data. While, with today’s methods, classification is usually a manual process that is heeded only by few technologies, artificial intelligence has the potential to automatically classify files according to their sensitivity.
This is advantageous especially for the enormous amounts of data currently being processed in large organizations and with regulations as, among others, the European GDPR requiring stringent classification of data like personally identifiable information (PII) or not. AI and/or machine learning systems could enable organizations as well as individuals to automatically classify any amount of data and adhere to laws, regulations and internal policies with much less effort.
In conclusion, artificial intelligence and machine learning systems might turn out to be much more than marketing hype in the intermediate term. They will potentially offer supreme detection, prevention and protection, as well as a fast response but, might also pose a threat in aiding attackers to be much more sophisticated in their ways. The arms race is certainly on in the field, much more than ever.
What are your thoughts? Let me know on Twitter @UlvBjornsson or in the comment field below.