Cyber security has been brought to the forefront of the world’s attention as data leaks ran rampant in news headlines at the end of 2016 and into the early weeks of 2017. Government databases remain constant targets from nation states and rogue, independent hackers, but truthfully no data is safe, including that which belongs to businesses. In the coming year, large security software companies will continue to develop advanced-threat and endpoint protection consisting of artificial intelligence (AI), through in-house research or by acquisition. With the help of machine and deep learning, these companies will hope to combat the constantly evolving malicious attacks on business data and prevent the next negative news headline from containing their name. AI will not only help prevent direct data leaks, but also aid in protecting internet of things (IoT) endpoints. These endpoints, which include security cameras and DVRs, were exploited for their vulnerability in 2016 and used in massive distributed denial of service (DDoS) attacks against both the domain name system Dyn and security blog KrebsOnSecurity.com. Machine learning functionality will help shield other domain name systems and businesses from large-scale DDoS attacks in the coming year.
“Vendors need to figure out a way to protect their customers, and do so quickly to get their slice of that $470 billion pie.”
Cyber security companies are aware of the need for artificial intelligence in their products. Deep learning algorithms can sift through massive amounts of data much faster than a human security engineer, and when assessing whether a cyber event is an attack or a false positive, time is of the essence. AI algorithms still tend to throw out false positives at a high rate, so the need for a human to monitor the responses is still necessary, but these machine and deep learning capabilities are continuing to become an extremely important supplement for security engineers. Traditional, large security vendors, such as McAfee and Symantec, are developing AI features in-house that predominantly focus on anti-malware, endpoint security and zero-day attacks. Other vendors have made acquisitions of cyber security startups that focus on AI in security products to add the functionality to their existing products.
On February 8, 2017, Sophos announced its purchase of Invincea to improve anti-malware and endpoint protection with deep learning capabilities. Even Amazon Web Services (AWS), which seemingly has infinite internal resources, purchased harvest.ai, a cyber security firm that uses machine learning AI to prevent targeted attacks and protect company data. Data security is crucial for AWS to maintain its massive, ever-expanding business in the coming years. 2017, like the past year, will show consistent growth in both acquisitions of these smaller AI-centric cyber security companies, and in internal AI research and development for some of the larger vendors.
IoT for some time now has been considered a potentially massive opportunity, with some experts predicting the market annual revenues could exceed $470 billion by as soon as 2020. However, mass adoption could be stunted by the lack of security for IoT endpoints, so vendors need to figure out a way to protect their customers, and do so quickly to get their slice of that $470 billion pie. The Mirai attacks last year on both KrebsOnSecurity.com and Dyn brought to the forefront the incredible need to shore up security in the IoT world, and AI will play a part in helping to improve security tactics and prevent future IoT botnet attacks. The way that the Mirai malware works is that it takes anything connected to the internet and turns it into a bot, allowing a hacker to remotely control the device. When applied to hundreds of thousands of devices, the network of bots (botnets) can be used in large-scale DDoS attacks, which launch an uncontrollable amount of traffic at a specific website and effectively shut it down.
AI will help protect businesses from such attacks by quickly analyzing and predicting the traffic to determine whether or not it is positive or malicious traffic. By doing so, with the help of sophisticated security engineers, cyber security vendors will be able to reject the traffic and protect their customers swiftly and efficiently. While this may be the first of many steps to preventing harmful attacks caused by IoT endpoints, and a potential short-term remedy, it is a necessary one for the present. Ultimately IoT vendors will need to boost their initial endpoint security so that hackers are unable to get ahold of the devices in the first place, but the odds of this happening in the upcoming year are unlikely.
While AI will aid in cyber security capabilities, it will also help the hackers themselves. Those with malicious intent will begin to build their own deep learning algorithms that will increase the brevity of the attacks and put company and individual’s data at risk. Cyber security vendors will constantly feel the pressure to stay one step ahead of the mutating malware and automated attacks to keep their customers protected. In the upcoming year, it is almost inevitable that a cyber attack will be aided by some form of machine or deep learning that is combated by a different machine or deep learning program. Both these attacks and security actions will be carried out by humans (no need to worry about SkyNet, yet), but AI will play a prominent role in assisting the hackers and security engineers alike.