When the promise of AI is only skin deep: the realities of AI in cybersecurity

By Christian O’Connell, Chief Data Scientist, at Venari Security.

  • Tuesday, 1st November 2022 Posted 2 years ago in by Phil Alsop

Defending modern businesses against cybercrime has become increasingly complex. Subsequently, businesses are looking for ways to tackle the growing volume of data and are increasingly adopting artificial intelligence (AI) as a tool to manage this challenge. But these solutions can often be just superficial; focusing on automating processes rather than providing a novel data science-led approach. Indeed, data scientists in cybersecurity are embedding AI into solutions that solve more difficult problems, such as deciphering threats within encrypted network traffic – but this isn’t the case for all uses of AI in security applications.

So, what does an effective data science approach look like in cyber security, and why is it important for business leaders to understand what cybersecurity professionals mean when they say they are using AI?

AI as automation in cybersecurity

Using AI in cybersecurity is nothing new. AI’s ability to recognise patterns in vast amounts of data makes it an effective tool for cybersecurity professionals, who deal with vast amounts of traffic across their networks.

For example, cyber security teams have turned to AI to help them automate repetitive tasks, such as responding to high-volume, low-risk alerts. Here, teams need to react quickly – but the threats tend to be recognisable, with a low risk of AI making a mistake. Handing these tasks over to AI means the technology could spot when threats appear on end-user devices, shutting them down before the threat can spread across to the wider network.

Additional tasks such as threat monitoring, gathering data on malware, and analysing past incidents to identify inherent characteristics can all help cybersecurity professionals focus on tackling more sophisticated threats and on taking a deeper investigative dive into more complex issues.

However – these uses of AI are fairly basic. They do not utilise the full power of AI in cybersecurity – and this is where some companies are separating themselves from the pack to use AI in more innovative ways.

Many brands are misusing the term AI – something that business leaders need to be aware of when choosing the best cybersecurity tools for their businesses. 

The problem with AI

It is important to state that AI is not a panacea – and the term itself can be a bit of a misnomer. Just because organisations say they are using it in their products, doesn’t necessarily mean that they are using it effectively. As a result, the benefits and full potential of using AI within technology products may not be immediately obvious – and requires business leaders to know what they need to look for to protect their organisation and its data. 

While some teams use basic AI for automating simple applications, more sophisticated approaches for prediction and active threat prevention are now being deployed. This range of possibilities can have an iceberg effect, lulling businesses into a false sense of security where they may end up being let down by a sub-optimal approach to data science.

As the cyber threat landscape becomes increasingly difficult to navigate, it is vital that organisations know they’re equipped with the tools to help them stay secure.  

Getting past the superficial and into encrypted networks with AI

In 2013, less than half of all web traffic was encrypted – today, that number stands at 95%. The benefits of encryption are numerous, but extend to the criminals as well.  The same encrypted channels designed to preserve privacy are being used to hide malicious activity from detection.

This behaviour is easily concealed within legitimate encrypted traffic, with TLS encryption often used to hide aspects of intrusion, egress, and lateral movement in target networks. This presents a substantial and very serious blind spot for security teams. The majority of existing malware detection and countermeasures target decrypted traffic and are unsuccessful when it comes to detecting threats in encrypted traffic. Instead, security teams need systems that empower them to identify unusual activity without decryption.

This is where AI has the potential to really add value in cybersecurity. Encrypted Traffic Analysis (ETA) is an emerging field of identifying and detecting suspicious or anomalous behaviour hidden in encrypted traffic. It uses a combination of artificial intelligence, machine learning, and behavioural analytics to analyse networks – crucially, without decryption.

ETA ultimately improves encrypted network traffic visibility while having a limited impact on latency or privacy infringement. It also understands the behaviour of traffic across networks and provides alerts in near real-time, allowing security teams to react immediately rather than after an incident. This significantly increases the rate at which suspicious activity can be identified in encrypted traffic, thereby reducing business risk.

Driving best practice uses of data science in cybersecurity

While it may look like many organisations are providing the same promise on the surface, products can offer a very different outcome. Therefore, business leaders need to be discerning about the cybersecurity solutions they are bringing into their organisation – and this means truly understanding what level of intelligence can be offered by certain products marketed as using AI.

This starts with recognising that AI is more than just an ‘add-on’. It’s about adopting a research and development approach to data science in cybersecurity, that acknowledges AI has a place at the heart of providing insight to teams. At Venari Security, the data science team operates like an academic hub at the heart of the business. Going from first principles and mapping out new territories to building the most sophisticated and scalable models, the team incorporates AI into their technologies from the start – rather than an afterthought.

After all, the potential here is vast. Once armed with a data science approach to cybersecurity – including properly embedding AI into solutions – cyber teams can put intelligence at the heart of their operations and give themselves the best chance against threats in the real world.