Imagine, if you would, an enterprise network that is capable of detecting, reporting, and mitigating cyberattacks without any human input. Imagine a fraud detection system capable of finding flags that would escape the notice of even the most skilfull and experienced technician. Imagine autonomous software capable of isolating, eliminating, and restoring the damage dealt by malware in an instant.
Artificial intelligence and machine learning promise to bring all this and more to the cybersecurity space.
Mind you, that promise isn’t entirely inaccurate. At some point in the future, technology like that described above will be a reality. But we simply aren’t there yet.
And the misconception that we are can result in a great deal of harm.
“Artificial intelligence is an awful name...it’s quite misleading,” explained McAfee CTO Steve Grobman in an interview with Tech Target. “People assume the technology is more capable than it actually is. And it is also susceptible to being presented in a very positive fashion.”
What Grobman means is that machine learning, while an excellent means of augmenting existing cybersecurity teams, simply isn’t capable of replacing human professionals at this point in time. Moreover, even when it is, it would be naive to assume that IT professionals and white hats would be the only ones with access to such technology. Cybercriminals have proven on multiple occasions that they’re more than willing to co-opt business processes and technologies if it suits their purposes.
There is not a single doubt in my mind that even as businesses are devising AI-driven cybersecurity tools, enterprising black hats are working on AI-driven hacking tools. Just as there’s no doubt in my mind that, moving forward, we may encounter a sort of cybersecurity arms race in the arena of machine learning. We’ll face the challenge of designing a system that learns faster than the systems designed to defeat it.
At the end of the day, machine learning and artificial intelligence are both extremely promising. Together, they have the potential to fundamentally change how we protect our systems and data from attack, acting as something akin to digital immune systems for enterprise networks. It’s important to remember, however, that this will not make our businesses impenetrable.
Rather, it will serve as a new layer atop our existing security practices and controls, a means to make our organizations just a little more secure.