Algorithms are already a powerful ally in the fight against cybercrime. The big cybersecurity software development firms are betting en masse for the machine learning as an alert screening tool: automating the early diagnosis of the thousands of incidents recorded every hour can help streamline processes and free senior analysts from work.
The American cybersecurity giant McAfee announced a few weeks ago in Las Vegas at its great annual event that artificial intelligence, more specifically machine learning, is going to be, along with the immersion in the cloud, one of the pillars of its future development. "Machines can help us automate defenses, reducing detection times and locating complex threats," said Raja Patel, executive director of corporate products at McAfee. The company estimates that up to 95% of threats can be detected automatically. "As they learn more and more the systems of machine learning, less analysts will be needed at the lower levels of the cyber defense line, so the best talent can concentrate on more complex tasks. We believe that automating defenses is the beginning of a new era, "Patel added.
The company created (and then sold) by the famous and controversial John McAfee It is not the only one that is betting heavily on artificial intelligence. Trend Micro has also recently revealed that one of its flagship products, Apex One, incorporates automated threat detection and response tools, making it an "easy to deploy and provide the right defense at the right time," he says. Doug Cahill, analyst of the company. Kaspersky, for its part, already announced earlier this year that it uses the machine learning to detect threats from malware, learn from their behavior and develop effective detection models, as well as a threat screening tool.
With everything, from McAfee they assure that the companies are not prepared for a radical change in the cybersecurity. The US company asked the CEOs of the organizations that are their clients if they would be willing to automate their defenses. The answer was negative. "We believe that this perception will change over time," says Patel. "I know of a few large companies in the United States that are currently evaluating the costs and benefits of introducing automated cyber defense models," the executive adds.
The commitment to automation in cyber defense is not just a matter of efficiency. "Knowing the threats we see today is not enough to understand the threats of the future. That's why we are investing in artificial intelligence, "says Steve Grobman, responsible for technology (CTO) of McAfee. "We use the machine learning to see if the threat that has been detected in your computer has a repeated behavior or not; how he has acted in other cases; if you are the first, tenth or millionth to suffer it, etc. ", illustrates Grobman.
This information is obtained thanks to the automatic processing of the 1 billion sensors (half of them are provided by the consumers themselves) that McAfee has scattered around the globe. All these nodes collect data that allows to accumulate 117 million telemetric data every five minutes. "Analyze all this would be impossible without artificial intelligence," ditch the New Yorker. The tools of machine learning that the company has developed are capable of transforming that data into useful information.
McAfee analysts have alerts continuously entering your monitor, ordered by priority, with basic information: what type of threat it is, what type of machine has been detected and where. From there they have to go to another different tool to see if they know something about that particular threat. "Throughout the process they have to manually go to at least seven or eight sites to gather all the information they need to manage the alert," Patel sums up.
The machine learning is ending those processes. "When there are problems, analysts have more than 300 actions to follow. Thanks to artificial intelligence we can leave them in the 30 most likely ", espeta Grobman.
- Attention: the 'bad guys' also use the AI
Cybercrime is already the first illegal industry in the world, ahead of drug or arms trafficking. We have spoken in EL PAÍS RETINA of how professional is the sector: some cybercriminal organizations even turn to recruiting agencies to find the best hackers and convince them to work for them.
The potential of artificial intelligence has not gone unnoticed among bad. Roman V. Yampolskiy, professor of computer engineering at the University of Louisville, argues in this article of MIT Technology Review that we are heading towards a kind of arms race in cyberspace on account of artificial intelligence: some will use it to protect us, others to use it to rob us. The author warns that they are already seeing "artificial computer science attacks increasingly automated and elaborated."
"Cybercriminals use AI to make their attacks more effective, to see who are the simplest victims. We exploit the great potential of machine learning classifying problems, "emphasizes Grobman. Who will succeed? We better be than the seconds.