Stay in touch

Enter your email and get the latest news and researches on cybersecurity, receive invitations to private security events and conferences.

AI and Machine Learning in Cybersecurity: a Survival Guide

Monday, August 14, 2017 By for CSO

Ask these questions to help distinguish between a promising machine learning technology and a marketing hype.


Artificial intelligence, more commonly known under AI acronym, has become a very hot topic these days. Forrester Research forecasts a 300 percent growth of AI investment this year. Toyota invests $100 million in fund for AI, UBS is trying to bring AI to its investment bank’s operations, while VCs frivolously dream of replacing all of us with AI to cut costs. Some people even feel embarrassed because they have never used or implemented AI in their office or home. Obviously, many cybersecurity vendors leverage the term in an attempt to increase sales and impress their customers. In this article, we will explore how to survive in cybersecurity AI jungles.

I could not agree more with recent Gartner’s research, “How Enterprise Software Providers Should (and Should Not) Exploit the AI Disruption.” Jim Hare, Research VP at Gartner, says “nearly every technology provider is now claiming to be an AI company,” adding that “ultra-hype of the AI label has led to a hysteria of ‘rebranding’ from companies desperate to keep up. Similar to the go-go days of the late 1990s, when every enterprise was an ‘e-business’ company, many vendors are entering the AI market by simply adding ‘AI’ to their sales and marketing materials.” Earlier this year, I met cybersecurity vendors at Black Hat Singapore and Infosecurity Europe that aggressively promoted AI in their products and services. Unfortunately, quite a few of them weren't able to explain which particular technologies they use, and how beneficial it actually is for their end customers. The best explanation was that “our mathematical algorithms are so complicated that even our engineers do not understand them.

Below are five topics to discuss with an infosec vendor flying under the AI flag:

Ask whether the vendor uses machine learning (ML) or artificial intelligence (AI)

This simple but tricky question can help keep marketing hype out of your mailbox. Quite often, speaking about AI, people tend to think of some fancy ‘human-like’ brain inside a machine as smart as we are. This kind of strong artificial intelligence would be the ultimate technology, capable of acting like a mature human brain: solving any types of generic tasks, and any complicated tasks after additional training. Practically speaking, the strong AI does not yet exist, and will highly unlikely be created within the next fifteenth years. We can probably speak about prototypes, components or sub-elements of AI, such as machine learning (ML), but that’s it. If a particular build of “AI” is restricted to cybersecurity, or especially to a specific range of tasks in cybersecurity—it has nothing to do with the strong AI.

Ask which particular technology the vendor uses for machine learning

Artificial neural networks (ANN) remain one of the most frequently used technology for machine learning, including deep learning (multi-layer ANNs). Nonetheless, others technologies can also be used for classification and clusterization of data in the process of cognitive decision-making. Ask where the data (for the ANN training) comes from and what the accuracy of the ANN output is. To impress the most annoying ones, you can go even deeper into the details by asking which ANN frameworks and libraries they use, and what they think about open source ones. If the vendor is incapable of answering these questions in a straightforward manner, you can move on to the next one without regret.

Ask how intelligent automation (IA) is beneficial to you

One of the frequent scenarios of machine learning usage is intelligent automation (IA). Different from classic automation,intelligent automation eliminates expensive and unscalable human intelligence without sacrificing the quality or reliability of the process. However, the paramount question here is what are the tangible benefits for you and your company – for example reduced costs or increased reliability. Vendor should at least be capable of naming some clear and measurable benefits compared to non-AI solutions; otherwise all AI claims are just merit-less marketing hype.

Ask about the limits of the vendor’s machine learning/intelligent automation technology

Steve Grobman, CTO at McAfee, believes that without humans, AI isn’t going to stop cyber crime. With some rare exceptions, every technology has its limits, such as minor inaccuracy or fail-rate. Any vendor’s claims of absolute perfection is a red flag. For example, at High-Tech Bridge, we enhance and complement our machine learning algorithms with human intelligence – a hybrid approach where everything that can be automated is automated, while the remaining part is handled by humans. We call this just-in-time human intelligence that, in combination with machine learning, is capable of reducing the time of manual application security testing by two times in average without affecting the quality or reliability of the testing.

Ask about maintenance costs of the machine learning technology

Cybercriminals invent new attack vectors and fraud techniques every day. Like any other technology, machine learning is not something you can install once and forget about. You need to assure continuous training with new datasets, quite frequently under the thorough supervision of expensive human experts. Make sure that the human costs required to keep a vendor’s technology up to date will not exceed the benefits that it can deliver.

Yan Borboën, partner at PwC Switzerland, MSc, CISA, CRISC, comments: “AI/ML are opening new perspectives on Cyber-defense. This can help CISO to automatize repetitive tasks and allow to tackle and analyze multiple TB of data. Those technologies will help CISO be more efficient and being able to focus on the most important risks and incidents. However, as described by Ilia, those technologies are new buzz words used by the industry to sell their technologies. CISO should really ask themselves the business case for those. At the end, AI/ML are only technologies and should be entered in a broader perspective on cyber-defense which is as always linked to people, process and technology.

First mentions of artificial intelligence go back to the early 1950s, however so far, we are still very far from the [strong] AI. Nonetheless, machine learning technologies can, and almost certainly will, revolutionize intelligent automation and solve the human intelligence shortage challenge.

The five above-mentioned questions can help you distinguish between the marketing hype and emerging technologies capable of optimizing your processes and cutting the costs.


Ilia Kolochenko Ilia Kolochenko is the CEO and Founder of High-Tech Bridge, and Chief Architect of ImmuniWeb web security platform. Ilia is a member of Forbes Technology Council, and a contributor to CSO Online, SC Magazine UK, Dark Reading and Forbes magazines.

User Comments
Add Comment