AI Security – Who is it Really Outsmarting?

We all wish we were smarter. And I believe that the vast majority of people, in some way, strive to GET smarter.

As someone who has been involved in the cybersecurity industry for years, and watched it evolve, I see countless companies in this market using the aspect of intelligence to position themselves as being smarter than others. But if you have to proclaim your intelligence, are you actually smart? Or even smarter than me? Or than the next company?

At the RSA conference in April, claims of machine learning and/or artificial intelligence seemed to be everywhere and “smart” was the top buzzword that vendors used to describe their technology. How smart are we as an industry, though, if we can’t get ahead of the threats that hit the hardest and inflict the most damage? Ransomware. Fileless attacks. Zero-day exploits.

With all the hype around AI, machine learning and cognitive automation, might some of us be ‘outsmarting’ ourselves?

AND…why is it that we need to apply “advanced” and “next-generation” technology in order to defend businesses (and consumers) against so many types of attacks? Isn’t future-proofing how you protect your IT infrastructure and IP a better play than trying to look smart yet being rendered stupid in the face of a targeted attack?

The Real Truth About Artificial Intelligence

Okay, AI is cool, super cool, and it’s amazing that, mathematically speaking, AI can speed up data processing and analysis in ways that are unparalleled. And AI is becoming an essential tool outside of cyber too, with applications that we haven’t even seen yet. There’s no doubt that it’s a beneficial technology.

But just claiming “you do AI,” or “AI-driven cybersecurity,” doesn’t really say anything. Marketers are always looking for that next cool thing to use in the next campaign, or that big-bang message that all of a sudden resonates with buyers and hits it out of the park. It’s hard to come by, because brands are built over time, not erected overnight with a single statement which can ultimately lead to the over-inflation of claims.

$89 billion was spent worldwide on IT security and services in 2017, according to a recent Gartner study. That is projected to increase to $96.3 billion this year. Cybersecurity is one of the industries that has relied on this trend to push customers toward a “smarter” message.

Last week at the Gartner Security and Risk Management Summit, Anton Chuvakin and Tony Bussa, two highly respected Gartner analysts, addressed the buzz and the reality of AI –essentially stating that, when you break down the definition and the technology incorporated thus far, security-based AI actually doesn’t really exist yet. The screenshot captured below makes it clear:

The analysts went on to point out that the very purpose of AI is to automate decision-making and add automation to certain security functions but that is challenging to near impossible when there is a significant cyber skills gap. And the AI skills gap is even worse as security-based AI is its own discipline, requiring dynamic, defined skills.

In fact, I would like to make the case that compared to AI and the liberal use of the term AI, there’s innovation out there that is – pardon the contrast – dumb. Yes, that’s right, dumb technology (so smart and powerful that it works silently, without loud proclamations of intelligence) which, until now, hasn’t existed for the world to leverage.

MTD vs AI

Moving Target Defense works on a completely different principle than other protection platforms. AI-solutions consider themselves smart because they are very good and very fast at extrapolating and predicting to detect and hunt for threats. But they make mistakes that at best cost time and at worst are devastating. Things flagged as threats that are benign. Completely missing brand new threats that they have no frame of reference for.

Moving Target Defense doesn’t even play the game. It works behind the scenes, dynamically morphing the memory space so attacks have no levers to exploit. Clever on the inside, from the outside, simple. And completely effective. No false steps, no specialized skills needed. If AI lets you run the race faster and better, Moving Target Defense makes the track and trophy simply disappear.