Virtualization Technology News and Information
Forcepoint 2019 Predictions: The Winter of AI?

Industry executives and experts share their predictions for 2019.  Read them in this 11th annual series exclusive.

Contributed by Raffael Marty, vice president of research and intelligence at Forcepoint

The Winter of AI?

In addition to the myriad of constantly evolving threats in today's landscape, organizations are hampered by an ongoing skills shortage - analysts predict a shortfall of 3.5 million cybersecurity jobs by 2021. In an attempt to fill the void, organizations have turned to the promise of big data, artificial intelligence (AI), and machine learning.

And why not? In other industries, these technologies represent enormous potential. In healthcare, AI opens the door to more accurate diagnoses and less invasive procedures. In a marketing organization, AI enables a better understanding of customer buying trends and improved decision making. In transportation, autonomous vehicles represent a big leap for consumer convenience and safety; revenue from automotive AI is expected to grow from $404 million in 2016 to $14 billion by 2025.

The buzz for cybersecurity AI is palpable. In the past two years, the promise of machine learning and AI has enthralled and attracted marketers and media, with many falling victim to feature misconceptions and muddy product differentiations. In some cases, AI start-ups are concealing just how much human intervention is involved in their product offerings. In others, the incentive to include machine learning-based products is one too compelling to ignore, if for no other reason than to check a box with an intrigued customer base.

Today, cybersecurity AI in the purest sense is nonexistent, and we predict it will not develop in 2019. While AI is about reproducing cognition, today's solutions are actually more representative of machine learning, requiring humans to upload new training datasets and expert knowledge. Despite increasing analyst efficiency, at this time, this process still requires their inputs-and high-quality inputs at that. If a machine is fed poor data, its results will be equally poor. Machines need significant user feedback to fine-tune their monitoring; without it, analysts cannot extrapolate new conclusions.

On the other hand, machine learning provides clear advantages in outlier detection, much to the benefit of security analytics and SOC operations. Unlike humans, machines can handle billions of security events in a single day, providing clarity around a system's "baseline" or "normal" activity and flagging anything unusual for human review. Analysts can then pinpoint threats sooner through correlation, pattern matching, and anomaly detection. While it may take a SOC analyst several hours to triage a single security alert, a machine can do it in seconds and continue even after business hours.

However, organizations are relying too heavily on these technologies without understanding the risks involved. Algorithms can miss attacks if training information has not been thoroughly scrubbed of anomalous data points and the bias introduced by the environment from which it was collected. In addition, certain algorithms may be too complex to understand what is driving a specific set of anomalies.

Aside from the technology, investment is another troublesome area for cybersecurity AI. Venture capitalists seeding AI firms expect a timely return on investment, but the AI bubble has many experts worried. Michael Woodridge, head of Computer Science at the University of Oxford, has expressed his concern that overhyped "charlatans and snake-oil salesmen" exaggerate AI's progress to date. Researchers at Stanford University launched the AI Index, an open, not-for-profit project meant to track activity in AI. In their 2017 report, they state that even AI experts have a hard time understanding and tracking progress across the field.

A slowdown of funding for AI research is imminent, reminiscent of the "AI Winter" of 1969, in which Congress cut funding as results lagged behind lofty expectations. But attacker tactics are not bound by investments, allowing for the continued advancement of AI as a hacker's tool to spotlight security gaps and steal valuable data.

The gold standard in hacking efficiency, weaponized AI offers attackers unparalleled insight into what, when, and where to strike. In one example, AI-created phishing tweets were found to have a substantially better conversion rate than those created by humans. Artificial attackers are formidable opponents, and we will see the arms race around AI and machine learning continue to build.


About the Author


Raffael Marty is vice president of research and intelligence at Forcepoint. He brings more than 20 years of cybersecurity industry experience across engineering, analytics, research and strategy to the company. Marty provides strategic company growth counsel and guidance and is responsible for how Forcepoint creates value across the Human Point System of products.
Prior to Forcepoint, Marty ran security analytics for Sophos, a leading endpoint and network security company, launched pixlcloud, a visual analytics platform, and Loggly, a cloud-based log management solution. Additionally, Marty held key roles at IBM Research, ArcSight and Splunk and is an expert on best practices and emerging innovative trends in the security analytics space. Marty is one of the industry's most respected authorities on security data analytics, big data, and visualization. He is the author of "Applied Security Visualization" and is a frequent speaker at global academic and industry events.
Marty holds a master's degree in computer science from ETH Zurich, Switzerland and is a student of the Japanese tradition of Zen meditation.

Published Wednesday, November 28, 2018 7:40 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2018>