• Follow us

Social Media

AI won't automate cybersecurity — but it'll improve the solutions we already have

Cybersecurity, a huge industry worth over $100 billion, is regularly subject to buzzwords. Cybersecurity companies often (pretend) to use new state-of-the-art technologies to attract customers and sell their solutions. Naturally, with artificial intelligence being in one of its craziest hype cycles, we’re seeing plenty of solutions that claim to use machine learning, deep learning and other AI-related technologies to automatically secure the networks and digital assets of their clients.

But contrary to what many companies profess, machine learning is not a silver bullet that will automatically protect individuals and organizations against security threats, says Ilia Kolochenko, CEO of ImmuniWeb, a company that uses AI to test the security of web and mobile applications.

While machine learning and other AI techniques will help improve the speed and quality of cybersecurity solutions, they will not be a replacement for many of the basic practices that companies often neglect.

Artificial intelligence won’t automate cybersecurity

“In cybersecurity today, we overestimate the capacities of machine learning,” Kolochenko says. “When talking about AI, many people have this illusion that they can just plug in software or hardware that is leveraging AI, and it will solve all their problems. It will not.”

According to Kolochenko, one of the main causes of data breaches and security incidents is lack of visibility on company data and assets. Organizations are growing larger and more fragmented, and they’re not doing a good job at keeping tabs on all their data and computing devices.

“Organizations are becoming so large, so clumsy that they have no idea where their data is stored, who has access to their data, how many devices, cloud storages, IoT devices, etc. they have, and all this leads to a very expansive, continuous and inevitable incidents and data breaches,” Kolochenko says.

This is an area where machine learning won’t help. Organizations need to have proper processes and practices in place to keep a continuous inventory of their digital assets. “If you do not have a process—even a paper-based process—of how you do things, who is responsible, who is accountable, who has the capacity to do continuous inventory, AI will not help,” Kolochenko says.

Machine learning will automate repetitive tasks, if it has the right data

This doesn’t mean, however, that machine learning is not without use in cybersecurity. It will still help network administrators to identify safe behavior and potential threats by accelerating the process of searching through data.

“AI can support you and accelerate you and take care of some routine time-consuming tasks and free up your team to spend their efforts on really complicated and more important tasks,” Kolochenko says.

Machine learning can specifically help in tasks that can’t be represented in classical rule-based algorithms. “We consider using artificial intelligence only when software solutions that don’t use big data and machine learning can’t provide you with meaningful outcomes, where we don’t know in advance all possible combinations, all possible use cases,” says Kolochenko.

Kolochenko also reminds that a prerequisite to using machine learning is to have the right training data. Not having data in proper amounts and quality will result in AI models that give the wrong signals or produce biased results.

“If you want to make sure the machine learning model will provide you with reasonable answers, you have to make sure that the data is comprehensive and it’s relevant. If you don’t have any data, you’d better reconsider reviewing the use of machine learning,” Kolochenko says, adding that many of the startups that talk about AI and cybersecurity don’t have the data required to solve the problems they advertise. “For every startup the biggest challenge is where to obtain reliable data,” he says.

Machine learning and anomaly detection cybersecurity broken lockSource: Depositphotos

The most common description of using AI in cybersecurity is to use machine learning for anomaly detection. Basically, the idea behind anomaly detection is to feed a machine learning algorithm with a company’s data and let it determine the normal behavior, the baseline, and detect and block the deviations from the norm, the anomalies.

In theory, it sounds like a very promising idea and there are several companies that have implemented it with a degree of success. But in practice, cybersecurity and threat detection and prevention are much more complicated.

“We still have companies who try to advertise a particular approach to machine learning, such as unsupervised learning and full automation,” Kolochenko says.

Unsupervised learning is a type of machine learning training in which you provide the algorithm unlabeled data and let it arrange them in clusters and groups based on the common characteristics it finds. Supervised learning, the more common AI training method, requires humans to annotate training data, such as writing the descriptions of images or audio samples.

The benefit of unsupervised learning is that it doesn’t need humans to label the training data, a practice that is can become costly and slow. It is especially suitable for use cases where data is abundant but annotating it would is either impossible (because of the multitude of characteristics and parameters) or would require too much effort.

But there’s no guarantee that a machine learning algorithm trained through unsupervised learning will extract the right correlations, especially when you’re trying to profile a very complex space.

“Unsupervised machine learning is really good for simple tasks, but really depending on the complexity, you may need to shift to rainforest learning, or supervised learning and so on. the more complicated the task is, the more business logic that is not obvious that can’t be clustered, and the more untrivial and illogical the task is, the more human intervention you will need,” Kolochenko says.

Some companies have worked around this by using semi-supervised learning, where they allow their AI models to train through unsupervised learning while employing human analysts to guide and apply corrections where the algorithm makes mistakes. Over time, the AI algorithm learns both from the data and the human feedback and performs much better than it would had it gone through unsupervised learning.

“We certainly see good progress on the market, and we see companies that leverage machine learning to deliver value to their customers,” Kolochenko says. “It can be demonstrated either by reduction of false positives and increasing detection of threats that were previously undetectable.”

But these improvements are not proportional to the evolving cyberthreats, growing generation of data, and the widening skills gap in the cybersecurity industry. “We’re not keeping up with our own growth. We improved speed, we improved reliability, we reduced noise. But I can’t say that we’ve made a revolution,” Kolochenko says.

Machine learning and application security testing

ImmuniWeb’s AI platform is tailored for identifying vulnerabilities in web and mobile applications. But Kolochenko points out that machine learning is just one of many tools his company uses to root out security holes in the systems of its customers. The general strategy of ImmuniWeb is to use AI to augment the skills of human analysts, not automate the entire process.

“I always tell my customers that machine learning is just one way of performing some processes and tasks, it’s not a replacement,” Kolochenko says.

For simple tasks, such as detection of simple cross-site scripting (XSS) and SQL injection vulnerabilities, the company uses traditional, rule-based tools that have already proven their worth. There’s no need to use machine learning for something that already has a simpler and more practical solution.

For more complicated tasks that require to consolidate data from various sources and can’t be performed with classic tools, the company uses its own proprietary AI algorithms. “For example when we need to bypass a particular web application firewall (WAF), it’s not something that classic algorithms will perform well. Our machine learning algorithms jump in and we use aggregated knowledge from our pen tester, from public sources, to try to bypass the WAF in the fastest manner,” Kolochenko says.

But the machine learning algorithms often need help from human pen testers to complete their tasks. “If the AI fails, the issue will be escalated to our people. So, we still have people and we don’t claim that we have unsupervised machine learning,” Kolochenko says. “We have 10 percent of the most complicated tasks—such as CAPTCHAs that can’t be bypassed, or a functionality that has never been seen before—that will be shifted to our people.”

The use of AI in application security testing has enabled the company to scale its efforts. “Compared to traditional penetration testing, where we allocate one percent of our effort to take care of web application penetration testing during the week, we can afford to spend one hour per day and deliver a full report with all vulnerabilities detected, remediation guidelines, in just one business day,” Kolochenko says. “We make our people scalable and augment them using machine learning.”

This story is republished from TechTalks, the blog that explores how technology is solving problems… and creating new ones. Like them on Facebook here and follow them on Twitter.

Read next: Facebook should stop trying to disrupt payments with Libra and focus on repair

Read More



Leave A Comment

More News

TechCrunch » Social

Hatebase catalogues the world’s hate speech in real 2019-09-10 17:49:26Policing hate speech is something nearly every online communication platform struggles with. Because to police it, you must detect it; and to detect i

Nextdoor adds new funding, closes growth round at 2019-09-10 11:59:39Social networking platform for neighbors Nextdoor today announced it has secured additional funding to close out its $170 million growth round. The ne

Twenty and Mappen merge to help users hang 2019-09-10 10:27:25Today, social networks Twenty and Mappen are joining together in a merger under the Twenty brand. From the beginning, Twenty’s goal has been to

Facebook tightens policies around self-harm and suicide 2019-09-10 09:47:03Timed with World Suicide Prevention Day, Facebook is tightening its policies around some difficult topics, including self-harm, suicide and eating dis

Spotify users can now share music and podcasts 2019-09-09 09:46:22Spotify users can now share their favorite music and podcasts with friends on Snapchat, the company announced this morning, with added support for sha

Freeda raises another $16 million for its media 2019-09-09 03:11:32Italian startup Freeda Media has raised a $16 million Series B round. Existing investor Alven is leading the round, with Endeavor Catalyst, UniCredit

Looking to become the video-based social network of 2019-09-06 12:49:23When Medal.tv first launched on the scene, the company was an upstart trying to be the social network for the gaming generation. Since its debut in Fe

NY attorney general will lead antitrust investigation into 2019-09-06 10:20:50New York Attorney General Letitia James announced this morning that she’s leading an investigation into Facebook over antitrust issues — i

Daily Crunch: Facebook Dating comes to the US 2019-09-05 14:32:14The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox ever

Facebook’s lead EU regulator is asking questions about 2019-09-05 13:15:35Facebook’s lead data protection regulator in Europe has confirmed it’s put questions to the company about a major security breach that we

Facebook is making its own deepfakes and offering 2019-09-05 13:15:25Image and video manipulation powered by deep learning, or so-called “deepfakes,” represent a strange and horrifying facet of a promising n

YouTube launches a dedicated Fashion vertical 2019-09-05 11:18:19YouTube today is launching a new vertical called YouTube Fashion that aims to capitalize on the popular style and beauty content that attracts million

Mashable

iPhone 11 review: More 'pro' than it looks New! 2019-09-17 18:26:18Every product here is independently selected by Mashable journalists. If you buy something featured, we may earn an affiliate commission which helps s

Facebook bans more than 200 white supremacist groups, New! 2019-09-17 18:16:01Facebook has expanded its definition of terror organizations as it's being pressured to respond to the growing threat of white supremacist “lon

Southwest is selling a lunchbox of its discontinued New! 2019-09-17 17:07:36Southwest Airlines joined most of its competitors when it stopped handing out peanuts on its flights in 2018, citing allergy concerns. But people real

Facebook reportedly working on fashionable smart glasses to New! 2019-09-17 17:02:36A super secret Facebook project is reportedly in the works. CNBC reported Tuesday that Facebook has been working on smart glasses, meant to eventually

Get the Dell Vostro 14 3000 laptop for New! 2019-09-17 17:00:03TL;DR: The no-frills Dell Vostro 14 3000 laptop (1TB) is already an affordable choice, but you can get it for $299 with code BIZLT299 — a 6

Sega Genesis Mini promo bundle — get your New! 2019-09-17 16:55:05TL;DR: The Sega Genesis Mini launches on Sept. 19, but you can get a special bundle (which comes with your choice of controller) at Walmart for only $

15 tweets for people who really love the New! 2019-09-17 16:39:36Anyone who watches Succession knows that not only is the HBO drama a genuinely good show, but it also has the single best theme song on television rig

Uber's self-driving cars ride into Texas New! 2019-09-17 16:26:19Uber's autonomous cars are coming to Texas.  On Tuesday, Uber's Advantaged Technologies Group announced it would test its vehicles in Dallas. D

Elon Musk claims ‘pedo guy’ is a common New! 2019-09-17 16:03:01The insult, which Musk called a British cave diver on Twitter, means "creepy old man," according to the Tesla CEO. However, Musk and his legal team

New Mercedes concept car blends past designs with New! 2019-09-17 16:02:23Modeled after a 1902 luxury car of a similar name, the Vision Mercedes Simplex adds a few millennials touches to the nearly 102-year-old vehicle. Read

Seinfeld is coming to Netflix in 2021 New! 2019-09-17 16:01:39The 1990s show is making its first appearance on the streaming giant, soon after Netflix's planned removals of The Office and Friends. Read more...Mo

These memes about AirPods will make you say New! 2019-09-17 16:00:22Like many tech products before it, AirPods have found themselves to be the center of many hilarious memes. In fact, here are a few that are pretty har

The Next Web

Satoshi Nakaboto: ‘VanEck and SolidX withdraw ETF proposal New! 2019-09-18 04:44:54Our robot colleague Satoshi Nakaboto writes about Bitcoin every fucking day. Welcome to another edition of Bitcoin Today, where I, Satoshi Nakaboto, t

ING: People who know the least about cryptocurrencies New! 2019-09-18 04:37:35Were you thinking that cryptocurrency mass adoption was just around the corner? Well, perhaps think again. A recent study from Dutch bank ING has foun

Amazon’s Alexa assistant now speaks Hindi New! 2019-09-18 03:49:56Amazon officially today announced suppor for Hindi in its Alexa virtual assistant, allowing users to issue voice commands in the fourth most

The iPhone 11 has the same amount of New! 2019-09-18 03:19:47Apple revealed its new series of iPhones last week. While the company released almost all specifications of these devices such as processor, camera se

Over 13.7M US medical test records found unsecured New! 2019-09-18 03:04:21Medical records belonging to millions of patients across the world, including echocardiograms and X-rays, are stored on insecure servers that did not

IT firm manager arrested in massive Ecuador data New! 2019-09-18 01:42:00Ecuador offiicals have arrested the general manager of IT consulting firm Novaestrat after a massive data breach exposed the personal information of m

US DoJ wants to seize profits from Ed New! 2019-09-18 01:38:21The US justice department has sued whistleblower Edward Snowden, following the release of his new book, Permanent Record. The department alleges this

Obsessed with death? You might have ‘existential isolation,’ New! 2019-09-17 19:24:27How often do you think about death? For many, the answer is a terrifying “almost always.” But, at some point or another, we’re all c

Review: The $990 Unagi e-scooter is sleek, powerful, New! 2019-09-17 16:26:16E-scooters have a bit of a bad rep. In some cities, you’re likely to hear grumbling about rental scooters strewn about streets like trash or dis

How to build a production and recording studio New! 2019-09-17 15:38:41Welcome to TNW Basics, a collection of tips, guides, and advice on how to easily get the most out of your gadgets, apps, and other stuff. Anyone

The Offspring becomes latest band to play a New! 2019-09-17 13:53:35Punk band The Offspring are going to be performing a gig in … a mobile game? Yep, they join the ranks of the growing number of performers choos

Facebook identifies secret campaign to influence voters in 2019-09-17 12:14:48Earlier today, Facebook announced it had terminated multiple accounts, pages, and groups belonging to two campaigns targeting voters in Iraq and Ukrai

E-Commerce Times

New Insightly Marketing Platform Modernizes Legacy CRM 2019-09-10 14:19:25Insightly has announced the availability of Insightly Marketing, which integrates marketing, sales and project management into a single platform to su

Shifting Cable-TV Landscape Demands New Strategies for Survival 2019-09-10 13:26:10X1 is a Comcast-branded pay-TV service that gives users more control over their television experience. The service recently gained new features that c

Rethinking the User Interface for Consumer Voice Tech 2019-09-09 08:00:00Voice can provide a simple, compelling user experience, but the path to adding voice controls to any product, service or application is complex. As do

Big Data's Seismic Effect on the Broadcasting Industry 2019-09-05 12:13:49Digital transformation has left hardly any industry unshaken. In broadcasting, it's safe to say that it has transformed completely the way we create,

Samsung May Have New Foldable Phone in Wings 2019-09-04 13:33:01Samsung's first-generation foldable phone isn't expected until later this month, but reports of a second-generation device to be released in early 2

How to Choose Shipping Software to Scale Your 2019-09-03 12:09:28Implementing shipping software can be a big step in scaling your e-commerce business -- providing a way to create shipping labels quickly, to gain acc

The High Stakes of Oracle's Appeal 2019-08-31 08:00:00Now Oracle is appealing the Pentagon's award to Amazon of its $10 billion JEDI contract to provide cloud computing solutions. "The Court of Federal

Can Cable TV Survive the 5G Wireless Threat? 2019-08-30 13:07:22Traditional cable TV providers will face a big competitive threat in the next decade from the Internet, IPTV and 5G wireless. Cable TV typically lands

Apple Says Sorry for Listening In on Siri 2019-08-29 12:16:13Apple has suspended audits of consumer interactions with Siri, and undertaken a review of practices and policies related to the voice assistant. Befor

Storm Erupts Over Google's Advice Against Blocking Cookies 2019-08-28 13:57:04Google's recent announcement of Privacy Sandbox -- an initiative to develop a set of open standards geared toward fundamental enhancements of privacy

Putting CX at the Center of Testing Strategies 2019-08-27 15:40:09From e-commerce to banking applications to healthcare systems -- and everything in between -- if it's digital, users expect it to work at every inter

Powerful Enterprise-Class Chromebooks May Make Windows Exit Possible 2019-08-27 06:12:37A new collaboration between Dell Technologies and Google has produced the world's first enterprise-class Chromebook. The companies have announced the

Social News Daily

Mig Vapor Scholarship 2019: Make Your Dream Come 2019-09-09 00:02:57Have you just finished your school and dreaming of pursuing further education? Or maybe you are an adult person dreaming about moving higher in educat

73-Year-Old Woman From India Gives Birth To Twin 2019-09-06 19:05:41Mangayamma Yaramati, 73, stated she and her spouse (who is 82 years old), had been unsuccessful conceiving children — and now have twin girls. &

4 Celebrities Who Were “Less Than Forthcoming” About 2019-09-05 21:46:24Beauty enhancements like plastic surgery is – and will always be – an inconvenient and sensitive topic for the stars of Hollywood. Even le

A Passenger Flies Aircraft In Absence Of Its 2019-09-05 20:09:07Ever heard of a tale where a boarding passenger was put in charge at the last second to fly the plane? Well, that’s precisely what happened to D

Seven Students Charged After Putting Sperm In Teacher’s 2019-09-04 18:17:247 teenagers have been charged for placing bodily fluids inside their instructors’ food, having intermingled some crepes with sperm. Prosecutors

Human Feces Might Cure Depression: Says Scientists 2019-09-04 10:28:54Human feces may be used to cure depression, accordant to scientists, who unintentionally discovered the kinship between depression and intestinal flor

Robot Pole Dancers Set To Debut At Nightclub 2019-09-02 13:25:53Two robot pole dancers, lidded with a CCTV camera for a head and wearing high heels, will debut at the SC-Club to commemorate its fifth anniversary. A

Unfazed Man Smokes At Bar As Armed Robbery 2019-08-30 19:11:09One chap in the US pretended as if he’d stared down the barrel of countless assault rifles during an armed robbery on Thursday (29 August). CCTV

12-Year-Old Boy Breaks Both Legs Falling From Fair 2019-08-30 07:37:4912-year-old Theo Shaw was very fortunate to escape with his life after he fell out of a ride in a park at a travelling funfair. The pre-teen was rushe

Babies Exhibit ‘Werewolf Syndrome’ After Receiving Anti-Baldness Drug 2019-08-29 16:11:3717 children developed a type of “werewolf syndrome” after they were administered medicine intended to remedy heartburn that was actually u

Newlyweds Die In Collision Only Minutes After Wedding 2019-08-27 17:48:58A young couple perished only minutes after their wedding when a pickup truck and their car clashed as they were exiting the Justice of the Peace court

A Convention For Derrieres Was A Huge Hit 2019-08-26 17:02:01Butt-Con 2019 – a convention that is centered around buttocks’ – was organized by the bidet company Tushy and went down in New York


Disclaimer and Notice:WorldProNews.com is not responsible of these news or any information published on this website.