AI for cybersecurity

As organizations struggle to deal with the growing sophistication of hackers and the influx in data breaches, it's becoming clear that AI could be a critical tool for automatically defending applications from cyber attacks - but there are challenges to overcome. Ivan Novikov, the CEO of AI security company Wallarm, offers some insight below on how AI can be utilized in today's environments to better protect data.

ADM: How is AI used in cybersecurity today?

Novikov: In cybersecurity, AI is a double-edged sword. On one hand, new advancements in the technology are empowering hackers to execute more intelligent and effective cyber attacks at alarming rates. The availability of open-source frameworks like TensorFlow, Torch, and Caffe has democratized AI and fueled this trend. On the other hand, AI is enabling organizations to automate and strengthen security capabilities at scale, including:

• Penetration testing
• Intrusion detection
• Vulnerability discovery and prioritization
• Defensive posture development
• Exploitation discovery

Leveraging AI, enterprises can more efficiently discover network assets, scan for vulnerabilities, and monitor applications and networks for anomalies in real time. This helps organizations to defend against the influx of malicious cyber activity and helps DevSecOps teams to focus on streamlining the development of a secure product.

ADM: What kinds of security challenges can AI defend against?

Novikov: The current state of business requires organizations to integrate with external SaaS APIs and store large amounts of data. As a result, hackers have more opportunities to find vulnerabilities and penetrate defenses. AI addresses this issue by expediting vulnerability discovery and improving virtual patch generation. Traditionally, security practitioners were tasked with generating instructions, rules, and signatures to discover vulnerabilities. Moreover, for more sophisticated APIs, signature-based approaches may be broken altogether. Manually generating virtual patches can take longer than 20 hours to do. Because today’s hackers act quickly, manually handling this process is no longer effective. With AI, vulnerability detection and patch generation is automated, helping organizations to better defend against these challenges.

ADM: What obstacles are keeping AI from working at scale in cybersecurity?

Novikov: As with any new technology, there are not yet enough skilled practitioners to design and deploy AI-powered solutions everywhere they’d be useful. It was only recently that AI and machine learning were brought into production. Before that, it was mainly used in research environments. As a result, many organizations lack a substantial understanding of the technology. But even more importantly, by its nature, AI and machine learning require substantial amounts of training data to develop models and derive the correct answers and predictions. More often than not, individual organizations lack the volume of activity, history, and diversity to build these models out on their own. In these instances, the best solution is to rely on a service or a vendor that can build AI models to share history across multiple organizations in the industry and learn from both the attackers and defenders to build the models that are both broad and deep.

ADM: What are considerations for leveraging AI and cloud together?

Novikov: Cloud and AI go hand in hand because they both facilitate scalability and improve performance for organizations. Similar to AI, the benefits of the cloud can also create security challenges. For example, the speed, scale, and flexibility of the cloud creates a greater threat surface, and the increased data storage capabilities have made it impossible for humans to quickly retrieve and analyze relevant data without the assistance of automation. Thus, AI better ensures the cloud is secure, helping organizations that are looking to scale while also addressing vulnerabilities resulting from integrations.

ADM: How has AI impacted development teams from a security standpoint?

Novikov: Traditionally, development and security teams’ roles were separate. In other words, security wasn’t always factored into the development of products. Given the proliferation of cyber attacks, this has changed. When you consider the speed and scale required by today’s businesses, along with the current state of cybersecurity, developer roles have changed drastically. Because of this, development teams have increasingly aligned goals with security teams, and they have turned to AI to keep pace with the evolution of the industry.

ADM: What are some up and coming trends and technologies that will affect the security industry?

Novikov: The term ‘fuzzing’, which means injecting random inputs and commands into applications to test for quality assurance, first entered the security fray back in 1988. 2019 will be something of a milestone in its maturity. As it turns 21, fuzzing as both a defensive measure as well as an attack method, will become much more mainstream. Fuzzing will be used to automatically generate hundreds of security tests to deliver tangible agility and security benefits across the three primary areas of concern for CISOs without requiring developers to become overnight security experts:

• Vulnerability detection - dynamically and constantly assess threats, bugs, and configuration errors to mitigate threats and ensure regulatory compliance
   
• Secure cloud deployments - Address distributed nature of new infrastructure and complicated application APIs by detection configuration violations and mirroring infrastructure deployment models with the correct security toolchain deployment model
   
• Securing operations - continuous testing to identify vulnerabilities at the application layer to mitigate against attacks

ADM: How can companies prepare themselves for hackers and other cybersecurity attacks?

Novikov: Development and security teams should establish processes to work together to address the increasing complexity of data and be aware of new threats on the horizon (e.g. logic bombs enabled by a heavily distributed application structure) to inform secure coding practices. As organizations scale and increase integrations, perimeters will become more porous, providing more opportunities for hackers to penetrate networks. This means it’ll be important to leverage AI-powered application security products to address the new architecture and keep pace with all cyber activity.