Today, hackers are winning the game, and the long list of successful breaches is their scorecard.
Traditional endpoint security can’t keep up. Outdated perimeter defenses are being rendered ineffective. And the approaches of many security vendors are only designed to fill the holes in the boat as it sinks to the bottom. Artificial intelligence (AI) and machine learning security tools, combined with human expertise, offer a better way forward.
People who attend a military airshow are often amazed by the technologies on display, such as fighter jets with tons of airpower, attack helicopters with astonishing features, and bombers with stealth capabilities. But is the technology on display all that is needed to win a war? No. On their own, they are nothing more than metal, plastic, and glass.
What makes these aircraft so effective is the combination of the highly skilled humans that operate them and their intelligent computer systems. When a pilot is flying a fighter jet cruising at nearly Mach 2, they really don’t have direct control of the stick. A computer does, because humans often react too quickly or radically when in danger. If the pilot pulls too hard on the control stick in a plane, it could be disastrous. So the onboard computer compensates for this, and ensures that the pilot’s moves do not put the plane in danger.
There is a synergy that occurs in these aircraft. The human-computer interaction is quite apparent. As a new generation of AI and machine learning security technologies come to market, human-computer interaction will become increasingly important.
How machine learning security works
Some people believe artificial intelligence will lead to an end-of-the-world scenario as in the movie The Terminator. Others believe AI-enabled cybersecurity technology is designed to replace skilled human operators with some sort of robot, which is not the case, either.
AI and machine learning are designed to equip skilled humans with the tools they need to better protect their organizations. The whole point of machine learning is to teach a piece of technology to do the same things a human would or should do, but much faster.
Machine learning in security works by analyzing a large number of explicitly labeled good and malicious data records. We call this the training set. As a machine learning security engine builds a model, it uses the labels to create a complex relationship between the data records in the training set.
Once the engine has finished building a model, humans then interpret the results and begin to train the engine, telling it which relationship assumptions were correct and which weren’t. This process is called active learning. The engine learns by continuously incorporating human operator feedback and building new models based on that feedback. The whole point is to teach a machine to improve its performance over time, while relying on the human less and less.
Machine learning secures web applications
One of the greatest challenges of web app security is providing appropriate protection without blocking good traffic. It’s quite the balancing act for those configuring and tuning web application firewalls (WAFs) — a process that often takes months. At the same time, DevOps groups are turning out application updates at intervals that are outpacing their SecOps counterparts.
Supervised machine learning gives WAF operators the ability to work together with the WAF itself, creating a similar synergy to that between a pilot and their aircraft. With machine learning, operators can teach the WAF to get better at its job by reducing false positives and negatives. The time to tune a machine learning-enabled WAF is often measured in hours, not months, and those that embrace the technology are beginning to stay ahead of DevOps — and even ahead of hackers.
As supervised machine learning security becomes embedded in WAFs and other tools, they will also need highly skilled human operators who understand how to use them to their fullest capabilities. Organizations are already beginning to understand how to operate their AI-enabled defenses more like pilots operate their fighter jets.