Micki Boland is a global cyber security warrior and evangelist with Check Point Technologies’ Office of the CTO. Micki has over 20 years in ICT, cyber security, emerging technology and innovation.  Micki’s focus is helping customers, system integrators, and service providers reduce risk through the adoption of emerging cyber security technologies. Micki is an ISC2 CISSP and holds a Master of Science in Technology Commercialization from the University of Texas at Austin, and an MBA with a global security concentration from East Carolina University.

In this two part interview series, Micki Boland will discuss Artificial Intelligence (AI) and Machine Learning (ML) as it pertains to cyber security  and modern business challenges. From analyses of AI/ML in malware defense to IoT applications, this interview provides premium expert insights.

In the modern threat landscape, what are the ideal use cases for AI/ML-based cyber security?

First, perhaps a brief level set is appropriate because we hear buzz about AI everywhere and it is a very exciting area of interest! Researchers describe artificial intelligence as the broadest term used to classify machines that mimic human intelligence. AI is used to predict, automate, and optimize tasks that humans have historically done, such as speech and facial recognition, decision making, and translation.

Machine learning in a nutshell: Machine learning is a branch of artificial intelligence. Machine learning focuses on applications that learn from experience and improve decision making or predictive accuracy over time. Data science and data scientists are at the heart of ML. Data scientists build and train algorithms to provide a sequence of statistical processing steps and to find patterns and features in massive amounts of data. Patterns and features that are discovered are then used to make new types of data-driven decisions. The better the algorithm, the more accurate the decisions and predictions will become as the algorithm processes an increased volume of data.

Machine Learning is truly a reality today and the availability of big data and data lakes and data analytics, advancements in data science, and data science tools have propelled ML into mainstream.  Today, we are in the realm of Deep Learning (DL), a subset of ML, with its own subset Artificial Neural Networks (ANN). ANN is absolutely fascinating and its goal is biologically based AI!  Indeed, IEEE indicates ANN is the most popular AI method in use today.

For the purposes of our discussion relating to cyber security and AI, we will primarily focus on machine learning and deep learning in AI.  Here are four real-world cyber security focused use cases for ML/DL that have huge implications for the cyber security industry when it comes to both defenders (now) and attackers (later on). In this space, AI is providing revolutionary innovation!

• Improved detection and prevention, including detection of first-seen, zero days attacks.
• Anomaly detection and threat intelligence context aware threat detection and threat mitigation.
• Malware family identification and attribution (Malware DNA), including first seen malware variants.
• Documents and images classification.

How can AI/ML help pick up slack when it comes to cyber security?

Great question! ML for anomaly detection, threat intelligence, and identifying malware variants is increasing speed and agility for blue teams (defenders) and SOC analysts in rapidly identifying threats and malware, and proactively mitigating and containing these malicious elements. The absolute scale and scope of threats and malware place enormous burdens on security analysts and practitioners and ML can help with context aware detection and elimination. ML for Malware DNA and malware family classifications provides rapid malware identification using both code analysis and behavior analysis. Quick case in point: Security analysts, students, and cyber security researchers used to use Interactive Disassembly (IDA) tools like IDAPro (Hex-Rays) to unpack and reverse engineer malware. While this reverse engineering of malware is useful for researchers (and fun, it still taught in digital forensics programs), it is not typically practical for real-time malware identification and rapid mitigation in the enterprise. It is really cool that we can use AI for Malware DNA . In a similar way, we use AI in healthcare for genetic sequencing. We give the AI algorithms access to the same information an expert would use should he be assigned to make a decision on the matter (IDA information, intelligence information, customer context, file content and context), and “mirror” the expert’s reasoning inside the machine.

Can AI/ML close gaps when it comes to protecting IoT devices?

Several industry sectors have widely adopted IoT technology and this wide adoption is fueling data sciences and AI specifically around prediction and automation. IoT provides enormous amounts of transactional data making IoT an excellent target area for using ML. IDC indicates the highest growth in IoT is in building automation. The industry sectors that have embraced IoT include transportation, utilities, industrial, and healthcare. With rapid growth of IoT, there is a big gap in protecting IoT devices, gateways and networks. An area where ML can help close the cyber security gap for IoT is through anomaly detection in edge devices. AI/ML excels where a lot of data is available, even if it is not entirely correctly labeled. An example can be Google photos, which knows how to classify your newest photos based on all of the photos that other people tagged.

What are some of the pitfalls or drawbacks of AI/ML?

This is a great question, as there are indeed limits and constraints around AI. Probably the number one shortcoming of AI is its lack of abstract reasoning and real world common sense!  Other shortcomings include the first involved time in preparing the data to model, this first step involves raw data transforming to higher quality data. The algorithms require huge data sets to learn, they are brittle, meaning they often fail when a scenario is slightly different than that of the training set; they can be rigid as they cannot adapt after initial training and it is sometimes challenging to interpret their decisions (opaque).  AI requires significant investment in data science and data scientists and time to glean and prepare data sets although there are data science platforms to help with this. Lastly, and likely the most important drawback to AI is the ethical component of using AI for decision making. Technology ethics leaders warn of bias in AI: data set bias, algorithm bias and that ML decisions inherently lack contextual awareness.

Did you find this interview insightful and informative? Stay tuned for part two next week!