Artificial Intelligence (AI) rests on the verge of transforming both business and society. Financial firm UBS forecasts that next year, the AI market will be worth $12.5 billion due to huge improvements and broader adoption of the technology. And BCG Henderson Institute found that though most leaders have not yet seen significant impact from their AI initiatives, they firmly expect to within the next five years.
The Institute notes that enterprises that have implemented AI projects foresee substantial effects on IT, operations and manufacturing, supply chain management and customer-facing activities. Within the IT environment, AI is of particular interest; it will be very important as organizations struggle to secure their expanding edge environments with the number of network edges continuing to grow.
How AI Is Evolving
IT is looking to AI for a variety of solutions, chief among them is developing a security-focused AI with an adaptive immune system for the network, similar to the one in the human body. In the body, white blood cells come to the rescue when a problem is detected, acting autonomously to fight infection. In the network, AI can be similarly leveraged to identify threats and initiate and coordinate a response.
The first generation of AI was designed to use machine learning models to learn and correlate everything it could about a specific job and then determine a specific course of action. Leveraging an artificial neural network and a central database, machine learning systems sift through mountains of data to provide analysis and use machine learning strategies to determine a proper course of action, all at network speeds.
As AI moves into its second iteration or generation, it will use its increasingly sophisticated ability to detect patterns to significantly enhance things like access control by distributing learning nodes across an environment. Today, we can check things like a fingerprint or iris pattern. But with second-generation AI, we’ll be able to identify individuals using a more complex bio-footprint that could include things like typing patterns, heartbeat rhythms and similar elements that are much more difficult to spoof. This is possible because, rather than relying on a single, centralized system, regional machine learning nodes can collect and process local data over time. This allows the system to identify more unique characteristics that can then be shared back to the central AI brain.
The use of these regional machine learning nodes could also be leveraged to spot even the most subtle deviations in normal network traffic to identify malicious actors and malware. This will involve sophisticated machine learning, and examples of this are already emerging in research and development labs. Machine learning can be used to develop regionalized models based on the unique characteristics of each environment. Consequently, cybercriminals’ ability to remain undetected will be further inhibited.
Things will become even more compelling as AI moves into its third generation. Instead of relying on a central, monolithic processing center, AI will interconnect its regional learner nodes, which are machine learning models themselves, so that locally collected data can be shared, correlated and analyzed in a more distributed manner. Differences in regionalized machine learning data can then be centralized and accounted for. Information sharing will then play a pivotal role in ensuring that protections and controls match local requirements within a single system. This can also be extended to support real-time information sharing between organizations with similar interests, such as those operating within a specific region or industry.
A Combined System of Intelligence
Organizations will continue to use traditional kinds of threat intelligence taken from external feeds or derived from internal traffic and data analysis. Now, though, they will also be able to reference the flood of relevant information coming from new edge computing devices and environments and funnel them to local learning nodes. Tracking and correlating this real-time information is similar to how a central nervous system sends signals to the brain while allowing autonomous local responses to an event. Likewise, an AI system will not only be able to generate a complete, centralized view of the threat landscape but also refine how local systems can respond to local events.
For example, white blood cells automatically react to an infection, and clotting systems respond to a cut without requiring the brain to initiate those responses. Similarly, AI systems will be able to see, correlate, track and prepare for threats as they move through cyberspace by sharing information across the network, while local nodes will still be able to respond to events using continually updated response models.
A New Era in Cybersecurity
As AI evolves, organizations have the opportunity to evolve their cybersecurity, as well.
Machine learning and AI systems’ ability to take over many of the menial and detail-oriented tasks previously assigned to human resources will take a significant bite out of the growing cybersecurity skills gap. By shifting responsibilities to autonomous self-learning processes that function similarly to human autoimmune systems – by hunting for, detecting and responding to security events – valuable cybersecurity professionals will be able to focus their unique skillsets on higher-order planning and strategy. This transition will be critical as organizations move to adopt advanced security-driven network strategies designed for today's continually evolving networks.
This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security Magazine. Subscribe here.