By Derek Manky, Chief, Security Insights & Global Threat Alliances, FortiGuard Labs
As technology evolves, so too does cybercrime. The recent rise in remote work and the broadening of the attack surface that accompanied it have shown that cyber criminals are nothing if not resourceful and opportunistic. So, as bad actors advance their tool kits to include artificial intelligence (AI) and machine learning (ML) strategies, those who defend against cyber attacks must do the same.
AI-driven security technologies have the potential to anticipate attacks and counter them in real-time. Given that cyberattacks of the future are expected to occur in microseconds, the ability to react at machine speeds is crucial. The role of humans in defending against attacks will shift, focusing instead on ensuring that enough intelligence is fed into security systems to make them successful.
The Need for AI-driven security and ML in the Modern Threat Landscape
Rich media services, increasingly intelligent endpoint devices, semi-intelligent IoT devices, and the emergence of 5G capabilities have combined to create new edge networks and fundamentally change how data is shared. This ongoing shift in how people work and live creates a host of new security concerns to address. Not only are AI-driven technology and ML useful in protecting against attacks, but when the prospective attackers are using that same technology, it becomes a necessity.
Bad actors are already using AI and ML to their advantage, building platforms to deliver malware at unprecedented speeds and scale. And because humans alone cannot keep up with the increasingly complex techniques deployed by cyber criminals, those in the threat detection business must use AI, ML, and automation to maintain an edge over these malicious actors.
Proactive Security Using AI and ML
Staying ahead of cyber threats requires proactive strategies. As a general rule, it’s much easier to have proper defense measures in place before something happens rather than having to undo the damage after an attack. Organizations can transition to proactive security strategies by using AI/ML techniques and sandboxing to analyze information gathered from global threat intelligence networks. Training systems using all three ML learning modes—supervised, unsupervised, and reinforcement learning—further increases accuracy over time.
A successful security-driven networking approach will be one that joins AI-driven security systems with modern threat intelligence and networking technologies to create a unified system. With this strategy, security becomes woven throughout the network in the form of segmentation, behavioral analytics, and zero-trust access. In addition, a distributed security system that replaces traditional sensors with learning nodes can both gather information and function as the first line of defense. In this way, it acts similarly to the human nervous system. Such a system is made possible by using stored knowledge supplemented with ML for threat detection and coarse-grain response.
The Human Element in Modern Cybersecurity Practices
The use of AI and ML in cybersecurity solutions, along with automation, will also lead to a shift in the role of cybersecurity professionals. Next-generation cybersecurity technologies enable integrated, enhanced user interfaces that leverage task automation. This makes it easier to onboard new junior staff and requires less senior-level staff oversight. Moreover, these technologies can effectively compensate for the cybersecurity skills gap and leave more meaningful and high-value work for the humans involved, thereby increasing staff retention.
AI-driven Cybersecurity is the Future
Modern networks are increasingly complex, requiring inhuman levels of awareness and response to keep them safe. As cyber criminals deploy increasingly sophisticated attacks powered by AI and ML, cybersecurity professionals must use those same technologies in response. The threat landscape will continue to evolve, meaning AI-driven systems, trained and refined by humans with high-quality data, will grow more essential as a means to protect digital assets.