Strategies for enabling the effective use of AI technologies in cyber-defense were highlighted by a panel of experts during the RSAC 365 webinar ‘AI Meets Cybersecurity: Crossing the Streams and How to Manage the Dynamic Results.’
The panelists firstly outlined the fact that the growth in AI tools has negative as well as positive connotations. While organizations are increasingly using AI to detect and predict threats across their networks, such tools are also readily available to cyber-criminals to discover any vulnerabilities in a system. In many respects, it is easier for malicious actors to achieve their aims through AI than defenders. Jermon Bafaty, CEO & founder of Platinum Technologies, commented: “If I as a bad actor have access to open source technologies that I can mess around with until I find that one thing in an application that might have been around for five years, I pretty much have the advantage.”
Heng Xu, professor of information technology and analytics at the American University highlighted a major issue surrounding a lack of data about attacks that have been carried out, which makes it difficult “to twin the models to better predict future attacks.”
In the view of Dr. Chenxi Wang, general partner at Rain Capital, the focus should be on developing AI models that aren’t necessarily searching for threats but will nevertheless be aware of their presence. “We need to build models to say what is normal and hence when we see something that is abnormal we can potentially flag it,” she stated.
However, she noted we are still a long way from having an understanding of what is normal, as there are so many elements in an organization’s infrastructure that are connecting to different IP addresses. This makes it impossible to ascertain the “intended behavior of everything.” As such, Wang observed that “there is an urgent need for us to use data to really understand the intended behavior and profile for things inside our environment.”
The difficulty with getting to this point is that it requires significant information sharing, which is accessed by attackers, can be used against organizations. “It is this chicken and the egg problem,” noted Bafaty, adding “it’s a real challenge in trying to decipher and decide how much information we really share and to who.”
The speakers went on to discuss how AI can be utilized to redefine cyber-defense. Xu highlighted the importance of different organizations sharing data about their infrastructure, but being aware of the unique environments in which AI tools will operate in. “How can we transfer learning from one company or one giant dataset within one context and then deploy it with some adaptations to other contexts?” she asked.
It is critical, therefore, that methods for exchanging data safely between entities are developed. Wang added: “I’m hoping the new administration will start some meaningful initiatives for public and private data sharing, and potentially utilizing emerging tech will allow you to exchange data without sacrificing privacy.” This approach will ultimately enable more accurate AI prediction models to be built.