You’ve seen that movie, the one where humans fabricate robots that are so human-like they end up taking over the world. What was once the plot line for every other sci-fi film is now leaking into the reality of our everyday lives.
The future of artificial intelligence isn’t so distant with voice-powered personal assistants like Siri and Alexa, and autonomously-powered self-driving vehicles already on the market. But these technologies still have a way to go and some would argue that these advancements aren’t true artificial intelligence because they lack the ability to learn. A pure artificial intelligence can improve on past iterations, becoming more intelligent and aware, creating pathways to enhance its capabilities and knowledge. In the movies, that’s when the machines really take over. Artificial intelligence within the endpoint and network security context is still limited because it depends on benign and malicious content to “train” on. With new attack vectors, if the security solution didn’t have a chance to learn it then it is still vulnerable and on a par with legacy AV and network IPS where new threats remain undetected.
With our current technology, we tend to think more in terms of pseudo-artificial intelligence. Meaning, when a machine mimics cognitive functions that humans consider human. That includes learning, reasoning, and problem solving, which we also define as “machine learning.”
Marketing Hype or Security Gold?
In the last few years, there has been a lot of buzz around artificial intelligence and machine learning. RSA conferences featuring companies claiming to use artificial intelligence raised a lot of interest, and provided participants with the opportunity to break through the marketing hype and really dig into the innovations that will one day advance the future of artificial intelligence in security.
As it turns out, many products marketed as using artificial intelligence are just well-established technology like machines that can recognize and identify hostile traffic. Spam filters, anyone?
As a result, Cybersecurity professionals are starting to see through the smoke and in a survey, 87% said “it will be more than three years before they really feel comfortable trusting AI to carry out any significant cybersecurity decisions.”
Future of Artificial Intelligence in Security Still Bright
While confidence behind the technology has room for improvement, the future of artificial intelligence is limitless. We are already witnessing machine learning quantify risk, detecting network attacks and traffic anomalies, and pinpointing malicious applications. But with an onslaught of threats like non-malware and fileless attacks, plus a lack of security manpower, we need the technology to evolve – and fast. In North America alone, the infosec community is overloaded with roughly 10,000 security alerts per day.
Technological boons will help this perfect storm by offsetting the lack of experience among security workers. With the growing availability of big data and heavy-lifting graphic-processing units, we’re likely to see a renaissance period for artificial intelligence beginning this year.
The evolution won’t come easily or cheaply though. Artificial intelligence solutions require a great deal of backend infrastructure. And the massive computation power necessary for daily training and updating models is still quite expensive.
Machine vs. Machine
Cybercrime rings aren’t run by robots yet, but we can assume that as we are leveraging artificial intelligence, so are they. Using the same underlying technology, malicious actors can develop cleaner, more convincing attacks, which could even trick the keenest security professional.
While artificial intelligence is here to help improve detection, it is not a one-stop-shop. We will continue to need system-wide monitoring and a behavioral approach while current endpoint solutions with artificial intelligence are still static and blind to in-process threats.
SentinelOne takes the possibility of a machine vs. machine security scenario seriously. Our approach combines AI and machine learning in several detection layers, added with a visibility and monitoring capability that allows an unprecedented view into an endpoint’s activities.
Endpoints are the point of entry into your environment, your data, your credentials, and potentially your entire business. A compromised endpoint provides everything an attacker needs to gain a foothold on your network, steal data, and potentially hold it to ransom. Unless you secure your critical endpoints (including servers, laptops, and desktops), you may be leaving the front door wide open for attackers.
Attackers have figured out how to bypass traditional antivirus software with fileless attacks designed to hide within sanctioned applications and even within the OS itself.
According to the SentinelOne H1 2018 Enterprise Risk Index Report, fileless-based attacks rose by 94%. So, even if you’re vigilant about installing patches and pushing out antivirus updates, your organization is likely still at risk. Keep reading to understand how attackers have adapted their tactics to evade traditional antivirus, how these increasingly common attacks work and how to quickly evolve your threat detection strategy.