Artificial intelligence (AI) is making headway in the security industry as a means to better analyse mountains of information, but will not be widely adopted in the short term because of a lack of actionable data and human expertise, according to security services supplier Check Point.
Speaking at Check Point’s annual European conference, CPX360, in Barcelona, the supplier’s head of product management and marketing for threat prevention, Orli Gan, said AI had the potential to be hugely useful, but was still prone to serious and embarrassing errors – noting the 2017 incident in which a Microsoft AI chatbot started to tweet anti-Semitic hate speech after alt-right trolls gamed the system.
“The key problems in applying AI to security come from not enough data or expertise, and the result is the problems we see – access to cyber security training data, in particular, is limited because people are reluctant to share their data with us for the sake of training,” said Gan.
“The second problem is that verdict logic is obscure – you have to trust the results, but the systems are notorious for having a high false detection rate.”
If these problems can be overcome, said Gan, the security sector could be revolutionised by the mechanisation of tasks previously performed only by human analysts. To this end, Check Point has been investing in AI for a few years, and has built machine learning into some of its threat intelligence products to run analytical tasks.
As a result of running AI within its predictive threat intelligence technology, Check Point now claims that 10% of the attacks it blocks are attacks that its human analysts would not otherwise have spotted. In other areas, it is now capturing 13% more malicious executables, and has improved its context-aware detection rate twofold.
In October 2017, IBM global head of cyber security intelligence, Nick Coleman, told the Isaca CSX 2017 conference in London that security professionals risked making themselves obsolete if they did not move towards adopting AI.
Read more about enterprise security
- As part of a deal between NHS Digital and Microsoft, NHS organisations will be able to get a threat detection service, alerting them to any cyber security issues.
- With just four months to go before the General Data Protection Regulation compliance deadline, there is a growing anxiety in many parts of the regulated community that their GDPR plans may not be fit for purpose.
- Multiple and serious vulnerabilities have been found in a software management system widely used in corporate and industrial control environments, researchers warn.
Coleman argued that automating some tasks would enable cyber security teams to become more efficient, which will gain importance as more and more jurisdictions adopt increasingly stringent data protection and security regulations.
Looking further ahead, Check Point CEO Gil Shwed said a future “sixth generation” of cyber security would inevitably make more out of AI’s potential capabilities.
Shwed referred to this as “nano security” and predicted that so-called “nano agents” embedded on every device – whether a smartphone, an autonomous vehicle, an internet of things (IoT) sensor or indeed anything else with an internet connection, that will control every security attribute, with central intelligence and control powered by AI.
Shwed said Check Point would be running some proof of concepts around this technological vision later this year.
At CPX360, Check Point also announced the availability of Infinity Total Protection, which it billed as a “revolutionary security consumption model” that utilises its Infinity Architecture Components to provide a subscription service covering both security hardware and software, including fully integrated endpoint, cloud and mobile protections and zero-day threat prevention, together with unified management and 24x7 support.
Infinity Total Protection was designed specifically to enable enterprises to protect themselves from the current wave of large-scale, fast-moving cyber attacks that target multiple verticals, such as WannaCry, and largely bypass the traditional static detection-based defences currently in use at most organisations.