Slowly but surely, cyber security is evolving from the days of castles and moats into the modern era of software driven business. In the 1990s, after several failed attempts to build secure operating systems, the predominant security model became the network-perimeter security model enforced by firewalls. The way it works is clear: Machines on the inside of the firewall were trusted, and anything on the outside was untrusted. This castle-and-moat approach failed almost as quickly as it began, because holes in the wall had to be created to allow emerging internet services like mNews, email and web traffic through.
Artificial intelligence will replace large teams of tier-1 SOC analysts who today stare at endless streams of threat alerts.
With a security wall that quickly became like Swiss cheese, machines on both sides were still vulnerable to infection and the antivirus industry emerged to protect them. The model for antivirus then and now is to capture an infection, create a signature, and then distribute it widely to “immunize” other machines from getting infected by the same malware. This worked for vaccines, so why not try for cyber security?
Fast-forward to 2016, and the security industry hasn’t changed much. The large security companies still pitch the castle-and-moat model of security — firewalls and signature-based detection — even though employees work outside the perimeter as much as inside. And in spite of the fact that most attacks today use one-and-done exploit kits, never reusing the same malware again. In other words, the modern work force coupled with modern threats has rendered traditional security techniques obsolete.
Software is eating security
While most enterprises today still employ these dated security techniques, a new model of security based on artificial intelligence (AI) is beginning to take root in organizations with advanced security programs. Necessity is the mother of invention, and the necessity for AI in security became obvious when three phenomena emerged: (1) The failure of signature-based techniques to stop current threats; (2) the voluminous amounts of security threat data; and (3) the scalability challenges in addressing security threat data with people.
“Software is eating the world,” the noted venture capitalist Marc Andreessen famously said in 2011 about such obvious examples as Amazon, Uber and Airbnb disrupting traditional retail and consumer businesses. The security industry is ripe for the same kind of disruption in the enterprise space, and ultimately in the consumer product space. Artificial intelligence will replace large teams of tier-1 SOC analysts who today stare at endless streams of threat alerts. Machines are far better than humans at processing vast amounts of data and finding the proverbial needle in the haystack.
Artificial Intelligence is experiencing a resurgence in commercial interest because of breakthroughs with deep learning neural networks solving practical problems. We’ve all heard about IBM’s Watson winning at “Jeopardy,” or making difficult medical diagnoses by leveraging artificial intelligence. What is less well known is that Watson has recently undergone a major deep learning upgrade, as well, allowing it to translate to and from many languages, as well as perform text to speech and speech to text operations flawlessly.
Many of us interact with deep learning algorithms unwittingly when we see TV show and movie recommendations on Netflix based on what we’ve viewed previously or when your Mac properly identifies everyone in a picture uploaded from your phone. Or when we ask Alexa a question and Amazon Echo gives an intelligent response — likewise for Cortana and Siri. And one of the most hotly debated topics in machine learning these days is self-driving cars, like Tesla’s amazing Model S.
Deep learning allows a machine to think more like a human. For instance, a child can easily distinguish a dog from a cat. But to a machine, a dog is just a set of pixels and so is a cat, which makes the process of distinguishing them very hard for a machine. Deep learning algorithms can train on millions of pictures of cats and dogs so that when your in-house security camera sees the dog in your house, it will know that it was Rover, not Garfield, who knocked over the vase.
With deep learning, today’s next-generation security products can identify and kill malware as fast as the bad guys can create it.
The power of deep learning becomes clear when you consider the vast speed and processing power of modern computers. For instance, it takes a child a few years to learn the difference between a house cat and a dog. And if that child grew up to be a cat “expert,” it would take Gladwell’s 10,000 hours to become a feline whisperer. The amount of time it takes to expose a human to all of the training data necessary to classify animals with near perfection is long. In contrast, a deep learning algorithm paired with elastic cloud computing resources can consume hundreds of millions of samples of training data in hours, to create a neural network classifier so accurate and so fast that it would outperform even the most highly trained human experts.
What’s more fascinating than this new technology allowing machines to think like a human, is allowing machines to act like a human. Since the 1950s, we’ve been fascinated with the notion that robots might one day be able to think, act and interact with us as our equals. With advances in deep learning, we’re one giant step closer to that reality. Take the Google Brain Team’s DeepDream research, for instance, which shows that machines trained in deep learning can create beautiful pieces of art, in a bizarre form of psychedelic machine “dreaming.” For the first time, we see incredible creativity from machines because of deep learning, as well as the ability to make decisions with incredible accuracy.
Because of this ability to make classification decisions with incredible accuracy, deep learning is leading a renaissance in security technologies by using the technology to identify unknown malware from benign programs. Like the examples above, this is being done by training the deep learning neural networks on tens of millions of variants of malware, as well as on a representative sample of known benign programs.
The results are industry-changing, because unlike legacy security products that provided protection either through prior knowledge of a threat (signature-based) or via segmentation and separation, today’s next-generation security products can identify and kill malware as fast as the bad guys can create it. Imagine a world where security technologies actually enable more sharing rather than less, and allow a more open approach to data access rather than restrictive. This is the direction deep learning is allowing us to go.
Are you ready?
Disruption is clearly coming to the security space. The market has been waiting for better technology that can keep pace with the fast-evolving adversarial threat. Breakthroughs in deep learning artificial neural networks are now stopping attacks previously unseen in real time before they even have a chance to run. It’s time to get on-board with a new generation of technology that is disrupting traditional castle-and-moat security models.