Trending / February 24, 2017

RSAC 2017: Security Leaders Discuss Reality of AI vs. Machine Learning to Fight Cyber Attacks

Last week at the RSA 2017 Conference, Gigamon hosted a CSO Panel Luncheon, where we invited security industry leaders to debate on the emerging security defenses—including what role artificial intelligence (AI) and machine-based learning might play, and in light of the democratization of malware, shortage of security expertise, and fact that adversaries are already using automated methods.

CSO Panel at RSA Conference 2017 hosted by GigamonCSO Magazine Publisher Bob Bragdon moderated the impressive lineup including:

  • Shehzad Merchant, Gigamon CTO
  • Janet Levesque, RSA CISO
  • Jack Leidecker, Digital Realty Head of Information Security & IT Compliance
  • Sean Cordero, Optiv Senior Executive Director Office of CISO
  • Justin Harvey, Accenture Security Managing Director and Global IR Leader

What’s to Know about Machine vs. Machine?

There’s been buzz galore around machine learning and machine vs. machine, which were key themes in Alphabet Executive Chairman Eric Schmidt’s Tuesday keynote address. But, as Merchant clarified, it’s important to separate the two. While machine learning enables computers to learn without explicit programming, the machine vs. machine attack paradigm is rooted in the democratization of malware, where every stage of the attack cycle—from command and control infrastructures to phishing campaigns—is available for rent. Nothing needs to be invented anymore.

Merchant further stated that, unfortunately, as the volume and diversity of attacks continues to rise, the majority of organizations continue to respond with manual methods. That’s a machine vs. human fight—and a losing proposition that raises the question, “Is there not a way to take existing processes, people, and products and level the playing field?”

And yes, there is. It’s called automation. Per Harvey, the key to surviving the drought of skilled resources is automation coupled with the ability to deliver enriched data to the available workforce so they can more easily see, detect, and respond to cyber attacks. Visibility, Levesque added, is a foundational element of cybersecurity.

In order to protect high-level assets (all the machines, applications, data, and people that run the business), incident response managers must be able to discern what’s meaningful from all the noise. Where Levesque pointed to an opportunity here for organizations to use artificial intelligence (AI) to help cull the Big Data herd, she was quick to add that the human component/emotional intelligence is still necessary to dissect and interpret that data, solve for what’s at risk, and apply the right solutions.

In other words, we’re not at a point where we can leave things completely up to machines—and, ultimately, that’s not the goal. The panel agreed, the human element is integral; its role, however, is what will shift, from looking at every incident and threat notification to focusing on taking the right action and ensuring compliance. And, as Harvey added, if we’re to see data breaches as cautionary tales, he votes for a cap on AI (especially self-healing AI) to avoid a Dune-like “Butlerian Jihad” machine takeover.

I mean, c’mon, who doesn’t dig a good ‘80s pop reference? Loved this panel.

AI and Machine Learning—Also Not One and the Same

CSO Panel Luncheon at RSA Conference 2017 hosted by GigamonSo about AI and machine learning . . . each serve a different purpose, but both still rely on the human element. In fact, the level of automation each can provide stems from and depends on human intelligence and skills. And though the panel agreed that true AI is another 20 to 30 years out, Merchant, in highlighting the fact that we no longer live in a world where perimeters are secure, suggested an immediate, short-term potential to apply both machine learning solutions to detect intrusion and AI techniques to predict and discover intent more quickly.

Again, in a nutshell, AI ain’t bad, but it’s also not quite there. If you can wait on it, wait. If you need it now, maybe consider consuming it as a service. But no matter what decision you make around AI, the panel agreed and encouraged, above all else, to work on getting basic security hygiene right. Yup, you heard it. Back to the basics of ensuring proper testing, patching, data encryption, need-to-know access, network segmentation, and full network/endpoint visibility!

Without good hygiene, any new design or security product implementation—along with all its fancy bells and whistles—will likely only end up as shelfware. And, when it comes to AI—and if you can handle another pop reference—think about the “Miracle on the Hudson.” If we’re ever forced to land a plane in a river, we still need a Sully at the controls. Automatic-pilot computers have come along way, but they can’t react to every conceivable or inconceivable occasion.

To see the panel presentation in full, please click below:

Back to top