Modern corporate security is like guarding a fortress that is attacked on all fronts, from the digital infrastructure to applications to network endpoints.
This complexity is why AI technologies such as deep learning and machine learning have become groundbreaking defense weapons in the company’s arsenal for the past three years. There is no other technology that can keep up. It has the ability to quickly analyze billions of data points and discover patterns to help a business act intelligently and instantly to neutralize many potential threats.
For the past five years or so, investors have been investing hundreds of millions of dollars in a wave of new security startups using AI, including CrowdStrike, Darktrace, Vectra AI, and Vade Secure. (More about these companies below).
It is important to note, however, that cyber criminals themselves are finding increasingly easy-to-use AI solutions to use as effective weapons against the company. You can counter-attack against AI-led defenses in an endless battle for one-man manner. Or they can hack into the AI themselves. After all, most AI algorithms are based on training data, and if hackers can play around with the training data, they can skew the algorithms that enable effective defense. Cyber criminals can also develop their own AI programs to find vulnerabilities much faster than they used to be, and often faster than the defending companies can fix.
Man is the strongest link
How does a company CISO ensure the optimal use of this technology to secure the company? The answer lies in making use of what is known as the Moravec Paradox, which suggests that tasks that are easy for computers / AI are difficult for humans and vice versa. In other words, combine the best of technology with the human intelligence resources of the CISO.
If clear guidelines can be created in the form of training data for AI, the technology can detect security threats far better than humans. For example, if there are guidelines for certain types of IP addresses or websites that are known to be the source of malicious malware activity, the AI can be trained to look for them, take action, learn from them, and learn from them more intelligent to detect activity in the future. When such attacks take place on a large scale, the AI can detect and neutralize such threats far more efficiently than humans.
Humans, on the other hand, are better able to make decisions based on judgments that can be difficult for computers. For example, let’s say a certain well-disguised spear phishing email speaks of information that only an insider could have known. A vigilant human security expert with this knowledge and intelligence will be able to connect the dots and see that this is “likely” an inside attack and flag the email as suspicious. In this case, it is important to know that it will be difficult for the AI to perform this type of abductive thinking and come to such a decision. Even if you cover some such use cases with appropriate training data, it is next to impossible to cover all scenarios. As any AI expert will tell you, AI is not poised to replace general human intelligence or what we call “wisdom” for the foreseeable future.
But … humans could also be the weakest link
At the same time, humans can be your weakest link. For example, most phishing attacks are based on the naivety and ignorance of an untrained user and cause them to inadvertently divulge information or take an action that opens the company up for attack. If not all of your employees are trained to identify such threats, the risks increase dramatically.
The key is knowing that AI and human intelligence can combine to form an excellent defense against cybersecurity threats. While AI is a groundbreaking weapon in the fight against cybercrime, it cannot go unattended for at least the foreseeable future and will always require human support from trained, experienced security professionals and vigilant workers. This two-factor AI plus Human Intelligence (HI) security, if carefully implemented as a guideline across the enterprise, will go a long way in winning the war on cybercrime.
7 AI-powered cybersecurity companies
Learn more about the top emerging AI-first cybersecurity companies below. Each of them bites off some of the company’s security needs. A robust cybersecurity strategy that must be defended at all points is almost impossible for a single company to manage. Attack fronts include hardware infrastructures (data centers and clouds), desktops, mobile devices (cell phones, laptops, tablets, external storage devices, etc.), IoT devices, software applications, data, data pipelines, operational processes and physical locations including home offices, communication channels ( E-mail, chat, social networks), insider attacks and, above all, training on the security awareness of employees and contractors. Given that bad actors are increasingly using attack techniques against companies (phishing, malware, DoS, DDoS, MitM, XSS, etc.), those in charge of security technology need all the help they can get.
CrowdStrike’s Falcon suite of products is an AI-powered cyber security solution for businesses of all sizes. These products include next generation antivirus, endpoint detection and response, threat intelligence, threat detection, IT hygiene, incident response and proactive services. CrowdStrike says it uses what is known as “signatureless” artificial intelligence / machine learning, which means it is not based on a signature (i.e., on a unique set of characteristics within the virus that differentiate it from other viruses) . The AI can detect previously unknown threats using what is known as an indicator of attack (IOA) – a way of determining the intent of a potential attack – in order to stop known and unknown threats in real time. Based in Sunnyvale, California, the company has raised $ 481 million and claims to have nearly 5,000 customers. The company has grown rapidly by focusing primarily on its endpoint threat detection and response product called Falcon Prevent, which uses behavioral adaptation techniques from crowd-sourced data. It received recognition for dealing with the high profile DNC cyber attacks in 2016.
Darktrace provides cloud-native, self-learning, AI-based cyber security for businesses. The system understands your company’s DNA and its normal state of health. Machine learning is then used to identify deviations from this healthy state, that is, interventions that can affect the health of the company and trigger immediate and autonomous defense mechanisms. In this way, it describes itself as similar to antibodies in a human immune system. It protects the business on multiple fronts including workforce devices as well as IoT, SaaS, and email. It uses unsupervised machine learning techniques in a system called Antigena to scan for potential threats and stop attacks before they can occur. Based in Cambridge, UK and San Francisco, USA, the company has raised more than $ 230 million in funding and claims to have more than 4,000 customers.
Vectra’s Cognito NDR platform uses behavioral detection algorithms to analyze metadata from captured packets and reveal hidden and unknown attackers in real time, regardless of whether the traffic is encrypted or not. Real-time visibility of attacks and uninterrupted automated threat searches based on constantly learning behavioral models shorten cybercriminals’ dwell times and shorten response times. The Cognito product uses a combination of supervised and unsupervised machine learning and deep learning techniques to identify patterns and respond to them automatically. Vectra, based in San Jose, California, has raised $ 223 million in funding and claims to have “thousands” of corporate customers.
SparkCognition’s DeepArmor is an enterprise endpoint cybersecurity solution developed by AI that provides protection against known software vulnerabilities that can be exploited by cyber criminals. It protects against attack vectors such as ransomware, viruses, and malware, and provides threat visibility and management. DeepArmor’s technology leverages Big Data, NLP, and SparkCognition’s patented machine learning algorithms to protect organizations from the more than 400 million new types of malware discovered each year. Lenovo partnered with SparkCognition in October 2019 to launch DeepArmor Small Business. SparkCognition has raised approximately $ 175 million in funding and has “thousands” of corporate customers.
Vade Secure is one of the leading products for predictive email defense. It claims it protects one billion mailboxes in 76 countries. The product protects users from advanced email security threats such as phishing, spear phishing, and malware. Vade Secure’s AI products take a multi-faceted approach, including the use of supervised machine learning models trained on a huge data set of more than 600 million mailboxes managed by the world’s largest ISPs. Based in France and the United States, the company has raised nearly $ 100 million in funding and claims to have more than 5,000 customers.
SAP NS2’s approach is to apply the latest advances in AI and machine learning to issues such as cybersecurity and counterterrorism, and to work with a wide variety of US security agencies and companies. Its technology is based on the philosophy that security in this new era requires a balance between human and machine intelligence. In 2019 NS2 won the James S. Cogswell Outstanding Industrial Security Achievement Award.
Blue Hexagon offers comprehensive, real-time, learning-based security for detecting and responding to network threats in corporate networks and cloud environments. It claims to provide industry-leading split-second threat detection with full explanation of AI judgment, threat categorization, and killchain (i.e., the structure of an attack, starting with the identification of the target, counterattack to undo the target, and evidence of the destruction of the Target). Based in Sunnyvale, California, the company has raised $ 37 million in funding.
Hari Sivaraman is the head of AI content strategy at Venturebeat.
VentureBeat hosts Transform, the world’s leading AI event focused on business and technology decision makers in applied AI. At our event in July 2021 (July 12-16), AI will be one of the key areas we will focus on in cybersecurity. Register early and join in to find out more.
The author will speak at the DTX Cyber Security event next week. Register now to learn more.