Intelligent Security Systems (ISS)

Intelligent security systems (ISS) are growing in both popularity and necessity. Malware continues to grow and evolve while hackers continue to innovate. And companies are responding since their data is more vast and valuable than ever. Humans can only adapt so quickly, but ISS’s aim is to improve our ability to defend against dangerous web-based threats.

Intelligent security is a somewhat vague term, but, in theory, the concept is technology that is adaptive and more effective in combating cyber threats. Integrated malware identification networks improve an application’s ability to identify and combat emerging forms of malware. They can come in the form of anything from home network devices and cloud server monitoring, to adaptive authentication and next-generation firewalls.

Human error is the largest contributor to cyberattacks, impacting nearly 90 percent of incidents. Automation and artificial intelligence (AI) could, theoretically, improve any aspect of cybersecurity management by reducing the human role. Sometimes security teams fail to notice or respond to threats; sometimes employees fail to update vulnerable applications. With AI, the vast majority of IT security professionals and teams will be able to detect threats they couldn’t before, improving their overall effectiveness.

Intelligent malware is a growing threat and intelligent security may be the only solution. These products will have to adapt to mutating malware which could slip by security mechanisms if the malware’s signature changes.

Vulnerability management software and endpoint protection software solutions will be the largest areas in which AI will be utilized. Patches and updates will be triggered through threat intelligence feeds to ensure endpoints, applications and databases are not subject to emerging threats or newly discovered flaws. Attacks will also be discovered more quickly, giving security teams more time to combat and resolve any penetrations.


The pioneers of intelligent security

Big names leading the way in vulnerability management and endpoint security are Darktrace and Cylance. Darktrace is leading the AI push into vulnerability management through “immune system technology.” It’s a fancy way to say the company utilizes machine learning to discover new threats and patch potentially vulnerable systems. It gained some attention this year when it landed a whopping $75 million in Series D funding, bringing its total funding to $179,500,000.

Cylance also uses machine learning to identify and protect against advanced threats, fileless malware and malicious documents. It’s designed in the form of a next-generation antivirus solution powered by AI and machine learning as a service to identify malware entering a system before it’s actually executed. It didn’t receive funding in 2017, but it landed $100 million in 2016 and has received a total of $177 million.

Those two tools incorporate AI into protection and detection, but remediation tools may be the next big group of security solutions to incorporate AI. Demisto is using AI and machine learning to automate incident response and security operations practices. This is the kind of tool that would help those incidents caused by struggling security teams. It combines case management, incident automation and collaboration tools to help teams organize their defense strategies and tackle attacks. It landed $20 million in 2017 and another $6 million the year before.

“Our comprehensive platform combines security orchestration, case management, collaboration and threat management to reduce manual work and provide decision support for SOC (security operations center) analysts,” Demisto CEO Slavik Markovich said in an interview with SuperbCrew. “Demisto simplifies the way enterprises manage incident response and their SOC with its automated and collaborative platform, and it delivers unprecedented insight and resolution into complex threats.”

More than half of companies surveyed by Intel Security in 2017 have adopted hybrid cloud solutions, and 73 percent of companies plan to implement fully software-defined data centers. Those numbers are only going to grow. Some people think the burden of securing enterprise applications is on the SaaS providers, but there are a number of networking and identification threats the actual company should still work to prevent.

Companies such as Bitglass are using AI to power cloud security through cloud access security brokers (CASBs). A CASB is essentially a gateway for deploying and accessing cloud-based applications in a secure environment. The platform uses machine learning and AI to automatically identify new applications and learn from their behavior to identify vulnerabilities and leakage paths. It can do this for nearly any application across any device in any location. As a result of its cloud security innovation, Bitglass received $45 million in funding during 2017.


The future of intelligent security in business

While these markets of existing security solutions continue to grow, new ones are emerging. Integrating threat intelligence feeds into legacy tools will become more common. In many cases, it’s easier to secure existing solutions than adopt an entirely new security platform. It can also be applied to things not entirely focused on security such as network and application performance monitoring.

This year, Sumo Logic may have started a new trend when it launched its Sumo Logic Integrated Threat Intelligence that integrates CrowdStrike’s intelligence feed to improve network and application monitoring. By combining the two solutions, users can more easily update and patch applications to defend against emerging threats, and discover attacks that may have slipped through the cracks without real-time security information and updates.

Soon, every appliance in a home and every truck in a fleet will have some kind of internet-connected sensor that’s potentially vulnerable to cyber threats.

Paranoia around home and small-business networks has grown as a result of this year’s data security failures. Nearly half of all cyberattacks are already targeted against small businesses, because they often don’t have or can’t afford proper security solutions or services. While investing in technology to secure their data might be more beneficial in the long run, some people seem inclined to utilize AI-based security, not for software, but for their homes and businesses.

While there were just over 200,000 violent home invasions last year, about 320,000 new malware samples are produced every day, and that number is continuing to grow. It seems silly to me that people would be more inclined to use cutting edge technology to protect their home instead of their data, but it’s a much more tangible and poignant threat. To combat this fear, companies like Deep Sentinel are marketing towards individuals hoping to secure their homes. Its technology uses AI and image recognition to trigger alerts from sounds, movements and lights. It’s aimed to both immediately deter criminal activity and alert authorities.

Use cases like home security are interesting, but there is a much more dire need for AI in internet of things (IoT) security and endpoint protection. Soon, every appliance in a home and every truck in a fleet will have some kind of internet-connected sensor that’s potentially vulnerable to cyber threats. We’ve already seen botnets created from taking over millions of webcams, but imagine smart cars or medical equipment being taken over by malware or hackers.

This year, we saw Amazon expand its IoT web services platform to include machine learning models within edge devices in order to secure them in real-time. Offerings like these from major microservice and SaaS providers involved with IoT will continue to emerge. It may come in the form of streaming analytics from IoT endpoints to discover vulnerabilities, or it could come in the form of native machine learning algorithms native to each device. The former is more likely to become popular soon, but it is becoming easier to develop and integrate AI security programs into endpoints.


Intelligent security sytems predictions 2018

Threat intelligence feeds are already popular and will continue to grow in popularity. Companies will both integrate existing systems to include updates from intelligence feeds and utilize applications with native threat intelligence feeds. Response automation is more difficult to tackle because it’s a lot easier to identify a threat than it is to resolve if it’s already penetrated a network. Companies like Demisto will be there to help automate processes for security teams, but they won’t reach the popularity of detection tools any time soon.
Endpoint protection is already one of the most popular uses for AI and machine learning in cybersecurity, and that won’t change in the near future. These tools are the easiest and simplest tools to add threat intelligence functionality to. Companies already integrating endpoint security and AI technology include Crowdstrike, Cylance, FireEye and Symantec. That list will surely grow in 2018.
Since the Dyn DDoS attack that took over thousands of endpoints and hit KrebsOnSecurity.com at 620 GBps, IoT endpoints have been a viable source of takeover for hackers. The current IoT talent shortage has only made the vulnerability more obvious to hackers. Things like risk-based authentication will reduce the likelihood devices are vulnerable. But those practices are hardly the norm.
Bank of America started the trend in 2017 by partnering with Intel to bring biometric authentication to online banking. It would make sense for more financial service providers to follow suit after the events of last year’s Equifax data breach. It’s good PR and it’s good for the safety of both their data and sensitive customer information.

Intelligent security has been on the rise for some time now, and many implementations already exist. Eventually machine learning and AI will improve all aspects of security technology. While it can improve virtually all existing security solutions, AI is not — and will never be — a silver bullet to solve all cybersecurity issues. It is merely a complement to a complex, ever-evolving issue.


author-name

Aaron Montemayor Walker

Sr. Research Specialist, G2 Crowd