How machine learning can help prevent cyber attacks
In May of 2017, a nasty cyber attack hit more than 200,000 computers in 150 countries over the course of just a few days. Dubbed “WannaCry,” it exploited a vulnerability that was first discovered by the National Security Agency (NSA) and later stolen and disseminated online.
It worked like this: After successfully breaching a computer, WannaCry encrypted that computer's files and rendered them unreadable. In order to recover their imprisoned material, targets of the attack were told they needed to purchase special decryption software. Guess who sold that software? That's right, the attackers.
Machine Learning in Cybersecurity
The so-called “ransomware” siege affected individuals as well as large organizations, including the U.K.'s National Health Service, Russian banks, Chinese schools, Spanish telecom giant Telefonica and the U.S.-based delivery service FedEx. By some estimates, total losses approached $4 billion.
Other types of cyber invasions, such as “cryptojacking,” are more insidious and less damaging, but still costly. Cryptojacking is a technique where cyber-criminals disseminate malware on multiple computers or servers. The hack seizes control of a machine's processing power to mine cryptocurrency — a process that voraciously consumes both computing power and electricity — and then sends that crypto back to the perpetrators.
Even high-profile companies with strong cybersecurity protocols aren't immune, as evidenced by this 2018 scare at Tesla that was remedied thanks to a vigilant third-party team of cybersecurity experts.
Malicious hacks v. machine learning
But in 2018 alone, there were 10.5 billion malware attacks. That's too much volume for humans to handle. Fortunately, machine learning is picking up some slack.
A subset of artificial intelligence, machine learning uses algorithms born of previous datasets and statistical analysis to make assumptions about a computer's behavior. The computer can then adjust its actions — and even perform functions for which it hasn’t been explicitly programmed.
And it's been a boon to cybersecurity.
With its ability to sort through millions of files and identify potentially hazardous ones, machine learning is increasingly being used to uncover threats and automatically squash them before they can wreak havoc.
Software from Microsoft reportedly did just that in early 2018. According to the company, cybercrooks used trojan malware in an attempt “to install malicious cryptocurrency miners on hundreds of thousands of computers.”
The attack was stopped Microsoft's Windows Defender, a software that employs multiple layers of machine learning to identify and block perceived threats. The crypto-miners were shut down almost as soon as they started digging. There are other examples of Microsoft's software catching these attacks early.
The massive French insurance and financial services company AXA IT relies on the cybersecurity firm Darktrace to deal with online threats. And Darktrace relies in part on machine learning to drive its cybersecurity products.
The company's Enterprise Immune System automatically learns how normal network users behave so it can spot potentially dangerous anomalies. Other software then contains in-progress threats.
“We’re not being attacked by human beings anymore,” Yorck Reuber, CTO of AXA IT North Europe, told Darktrace. “Computers are attacking us, software is attacking us. The only way forward is using artificial intelligence.”
In addition to early threat identification, machine learning is used to scan for network vulnerabilities and automate responses. And in the cybersecurity realm — where a reported one-third of all chief information security officers are totally reliant on AI and unethical hackers are always on the prowl for new ways to exploit security vulnerabilities — that's proving to be a huge plus.
Check out these companies that use machine learning to bolster their cybersecurity systems and keep malware at bay.
Location: Redmond, Washington
How it's using machine learning: Microsoft uses its own cybersecurity platform, Windows Defender Advanced Threat Protection (ATP), for preventative protection, breach detection, automated investigation and response. Windows Defender ATP IS built into Windows 10 devices, automatically updates and employs cloud AI and multiple levels of machine learning algorithms to spot threats.
Location: Mountain View, California
How it's using machine learning: Chronicle is a cybersecurity company that sprang from Google's parent company Alphabet. Its first product, Backstory, has been described as “designed for a world where companies generate massive amounts of security telemetry and struggle to hire enough trained analysts to make sense of it.” Backstory analyzes large amounts of security data (such as internal network activity, known bad domains and suspected malware) and uses machine learning to condense it into more easily digestible insights.
Location: San Francisco, California
How it's using machine learning: Splunk software has a variety of applications, including IT operations, analytics and cybersecurity. It's designed to identify a client’s current digital weak points, automate breach investigations and respond to malware attacks. Products like Splunk Enterprise Security and Splunk User Behavior Analytics use machine learning to detect threats so they can be quickly eliminated.
Location: Cambridge, Massachusetts
How it's using machine learning: Sqrrl’s founders are ex-National Security Agency employees who came together to create a cybersecurity company after crafting the open-source database software Accumulo. Sqrrl has designed a cyber-threat hunting platform that searches through networks to find code that can evade security measures in place. The product uses machine learning to turn data points into a behavior map, which acts as a visual representation of a computer network and shows where threats could be coming in. In January 2018, Amazon acquired Sqrrl for its Amazon Web Services cloud business.
Location: Waterloo, Ontario, Canada
How it's using machine learning: BlackBerry, whose web-connected smartphones were once ubiquitous in certain circles, has pivoted and now sells software and services to big companies. Among the company's specialties are cybersecurity solutions that employ AI and machine learning to prevent cybersecurity threats and automate clients’ threat response capabilities. In November 2018, BlackBerry acquired AI cybersecurity firm Cylance for $1.4 billion.
Location: Cupertino, California
How it's using machine learning: Demisto's security platform specializes in security orchestration, automation and response — SOAR for those in the know — to help larger companies and enterprises coordinate security threat response efforts. In addition to providing a visual dashboard where users can monitor all security alerts, Demisto uses machine learning to prioritize those alerts.
Is machine learning enough to stop cybercrime?
Machine learning does some things really well, such as quickly scanning large amounts of data and analyzing it using statistics. Cybersecurity systems generate reams of data, so it's no wonder the technology is such a useful tool.
“We have more and more data available, and the data is generally telling a story,” Raffael Marty, chief research and intelligence officer at cybersecurity firm Forcepoint, tells Built In. “If you understand how to analyze the data, you should be able to come up with the deviations from the norm.”
And those deviations sometimes reveal threats. Thanks to that important function, the use of machine learning is surging in multiple sectors. It's employed for tasks that require image recognition and speech recognition. It has even defeated the world's top Go player at his own game.
But while it has improved cybersecurity, Marty says, humans are still crucial.
“There's this promise that you can just look at past data to predict the future—forgetting that domain expertise is really important in this equation,” he says. “There are groups of people who think you can learn everything from the data, but that's simply not true.”
Over-reliance on AI in cybersecurity can create a false sense of safety, Marty adds. That's why, in addition to judiciously applied algorithms, his firm employs cybersecurity experts, data scientists and psychologists. As with all current artificial intelligence, machine learning supplements and enhances human efforts, rather than replacing them.
“AI is going to become more prevalent in security. It's maturing,” CrowdStrike Founder and CEO George Kurtz said in late 2018. “AI is a feature, not a company. It's going to play a role in solving a specific problem. But not every problem can be solved with AI.
“It's going to be a tool in the toolkit.”
Images are via Shutterstock, company websites and social media.