Machine Learning and Artificial Intelligence in Cybersecurity

摘要

Machine Learning and Artificial Intelligence are being applied more broadly as computing, data collection and storage capabilities increase. Machine Learning and Artificial Intelligence promise improved response with reduced human workload by automating repetitive tasks with Artificial Intelligence. Machine Learning provides the ability to rapidly analyze the overwhelming volume of data that our networks and applications see. As machines see this huge volume of data, threats are analyzed enabling the machine to learn and improve its responses. All this data is also captured to support predictive analytics that also improve cybersecurity. Machine Learning and Artificial Intelligence can greatly contribute to enhanced cybersecurity effectiveness as they bring unparalleled speed to the detection and remediation of threats."I believe we all recognize that in 2016 we hit an inflection point. There was a study done in Q3 of last year. The number of new machine-to-machine connections that were added to the network exceeded the number of phones and tablets added to the network," according to Chuck Robins, CEO of Cisco Systems, Inc. "We're moving into a world of unbelievable massive expansiveness. Distributed connectivity across hundreds of billions of devices. And through Artificial Intelligence, through Machine Learning and scale, we have the ability to extract greater insights from all these connections than we ever have in the past."Not every task is ideally suited for machines; there is still a major role for humans in the cybersecurity loop. A comprehensive cybersecurity strategy must address what human will do and how they will leverage the advantages of Machine Learning and Artificial Intelligence.Why Machine Learning? Humans alone simply cannot keep pace. As noted in the Cisco 2018 Annual Cybersecurity Report', "defenders fail to recognize the speed and scale at which adversaries are amassing and refining their cyber weaponry." The threat has become intelligent, automated and pervasive but our security typically remains static and confined to the edge. The new question is not of if you will be attacked, but when will you be attacked and how.The threat has changed. Adversaries are no longer just pranksters or petty thieves. Attacks have become commoditized and militarized. Everything from our electricity to our national security have become fair game. These attackers use Machine Learning to identify and exploit system vulnerabilities, often before the public becomes aware. Machine Learning can filter through seemingly innocuous personal data on the web to aid in constructing believable phishing messages. Machine Learning can even help attackers bypass traditional security.The attack model has also changed. The old method of shoring up the boundary to keep attackers out is no longer effective. Attackers now hide behind legitimate traffic and bury malware in encrypted packets to avoid detection by firewalls, intrusion detection and even sandboxed analysis. Malware has become self-propagating and no longer relies solely on human interaction to infect a system.We can no longer presume the attack will come from the outside, that it will be easy to see or understand or that defense boundary architectures will protect us. Today's greatest threat is within. Whether malicious or human error, up to 70% of attacks occur inside the trusted boundary on east-west traffic.The rapidly increasing threat leaves most organizations with a skills and resource gap. Security teams already overburdened with traditional IT security now oversee a rapidly expanding network of mobile and IOT devices. These devices operate locally and in the cloud. One size fits all security no longer applies. Boundary protection where there is no boundary no longer works.Staying ahead of the threat requires a paradigm shift from a defensive posture focused simply on strengthening the border against attack to a pervasive, self-learning security architecture