AI will change the face of security, but is it still the stuff of sci-fi?
The technology industry has always had a big problem with hype, with marketing teams, analysts and the media alike tending to fixate on the next big thing that will revolutionise our lives. Artificial intelligence is the latest technology to be seized by hype, due in part to its role as a staple of science fiction for decades – something which sets it apart from other much-discussed topics such as big data analytics.
This makes the concept very easy to relate and explain – even if most sci-fi AI are cautionary tales, from HAL 9000 to Skynet, or even going back into mythology with the Golem. This familiarity means even the meanest application of machine learning will readily be described as an AI breakthrough by some companies, if it will help secure a sale.
However, before we reach the brilliant AI seen in sci-fi, we need to go through some fairly dumb stages – although this still have huge value in themselves. Some truly astounding breakthroughs are happening and when it matures as a technology it will be the most astounding development of all time. It will change the human condition in ways similar to, and bigger than, flight, the Internet and Big Data.
In the security field, AI is being toted as the ultimate solution for advanced cyber attacks. The perfect vision for the future of AI in the security industry is the creation of an advanced system that can take care of everything for us, both detecting threats and complex decisions before we humans are even aware there was a threat. Not only would this AI need to be a bona fide simulated mind that can pass the Turing Test, it would also need to be a fully trained cyber security professional, capable of replicating the decisions made by the most experienced security engineer, but on a vast scale.
What can AI do for cyber security?
Such a creation appears to be many years away at this point, although it’s important to remember what an unpredictable field technology often is. I expect AI to continue to follow a similar path to the internet. That too came with lot of slightly crazy expectations that it failed to deliver on, while at the same time delivering a set of unforeseen possibilities that have nevertheless transformed our lives.
While we wait for this sudden breakthrough to occur, the current role of AI in security is to make our own human intelligence more effective in finding evidence of cyber attacks, seen through the application of machine learning.
An important concept dating back to the early days of forensic criminal investigations is Locard’s Exchange Principle – the idea that all crime scenes involve the criminal taking something away, but also leaving something behind – which forms the clues for forensic investigators to follow. The idea holds true for cybercrime today, except that the huge volume of potential evidence is too big, and the actual clues too small, for a human to process.
A powerful AI or machine learning-based tool will take care of the gargantuan task of analysing these vast piles of digital evidence, breaking them down into the key data points that require human attention. Crucially, this means the security experts can focus purely on bringing their intuition and experience to bear, rather than wasting time tediously crunching data.
A good comparison might be an inexperienced computer user who is unfamiliar with the programme layout or keyboard shortcuts. They work painstakingly slowly because they are concentrating on using the tool in front of them, rather than the actual task.
The most important thing we can do is to make the tool invisible, enabling the user’s brain to exist solely in the task space, not the tool space. This is exactly what a good machine learning or AI tool will achieve for a cyber security investigator – freeing them from having to manage the amount of data, and enabling them to concentrate on pure analysis.
What does AI mean for security jobs?
The obvious result for security firms – and for the organisations they are protecting – is that security teams are able to operate with a far higher level of effectively. This means that evidence be found and analysed more quickly and efficiently, and also crucially also enables teams to discover things they may have gone entirely unnoticed when left to human capabilities alone.
A persistent fear around any new technology is that it will steal jobs from humans. In the case of security however, this would be like saying spreadsheets have made accountants redundant. Instead, it has made them far more efficient, and capable of achieving things that would have previously been impossible.
We currently see AI both creating more security jobs, and enhancing existing ones as it helps to make the field of security much more interesting and rewarding. With the more tedious analysis out of the way, practitioners will have more free time to use and improve their skills. This means those who already have the security skillset can progress their abilities even further, while those lacking skills and experience will be able to learn them faster. Since each employee is now capable of achieving more, it also frees up more space and budget to hire additional team members.
We expect this trend to continue into the future, persisting even when we do finally develop a true AI sophisticated enough to make complex decisions on its own, as true human intelligence will always have an edge in making intuitive leaps and spotting patterns that the more straightforward AI analysis will miss.