DAVE WATERSON, CTO & Founder, SentryBay
Using AI to protect end user computing is not new. Back in 2014, I was granted a US technology patent in the use of machine learning to identify phishing web pages. The technology proved more accurate than other contemporary anti-phishing measures.
More recently, some EDR vendors have supplemented their products with limited AI functionality. However, this provides only marginal gains to a system that retains all of EDR’s downsides.
Recent advances in AI are remarkable. Many have been taken by surprise over the past year, by the power of LLMs and text generation tools such as ChatGPT. Palantir, is an example of a company which has made revolutionary progress in the intelligence community, the military, and organizational decision making.
The technology is available to build the next generation security products, powered by AI with accurate predictability functionality. This technology will create a paradigm shift in the security industry, and make most existing security solutions redundant. The technology will protect the end point, the network, and the cloud ecosystem, far more effectively than what is possible by contemporary measures.
A data lake comprising system posture and activity of both secure and compromised systems is the training tool for AI to make predictive security decisions. It can identify breaches and security incidents even long before they occur, enabling remedial action to be taken in time. Constant updates of the training data ensure that the latest threats are identified as soon as they arise in real time.
To secure the end point, for example, the data lake is populated with information pertaining to the operating system such as OS status, files, background and Windows processes and applications, stored, and in memory; internet information such as web pages visited, and the Java script on those pages; and user-related information such as keystrokes pressed, mouse movements and clicks. This information is collated for both secure and compromised systems. The data lake is employed to train the AI, which can determine security status of any particular end point and most importantly, predict risky behaviour even before it occurs. It is a simple matter to take precautionary measures to prevent breaches once one knows it is likely to happen.
Full-blown AI, rather than simple AI-enhanced EDR, is poised to revolutionise InfoSec, making most existing security products, including EDR, redundant.
Security: From reactive to proactive to predictive
Two decades ago, the security company I founded pioneered the shift from reactive to proactive security. We were one of the first to develop zero trust measures which enabled organizations to operate relatively securely. New technology now exists to take the next leap forward. A security data lake-powered AI system takes security squarely into the accurate prediction realm. Compared to contemporary products, the advance in protective power from this AI system is like a Tesla Cybertruck compared to a Model T Ford. Next generation AI-powered security is a massive paradigm shift in protection.
This change is about to revolutionize the several hundred billion dollar security industry. New security vendors will emerge which will take advantage of this new technology, and leapfrog to become industry leaders and the most valuable companies in InfoSec within the 2-4 years.
Currently, deployment is a resource-intense process for AI-leader Palantir, every time they on-board a new customer onto their AI platform. Palantir staff need to assist the new customer in data training and incorporating different data types and systems. It takes a while before the new customer enjoys the value of the new product. In contrast, AI predictive InfoSec does not require this setup – it is plug-and-play out the box from day one, because organizations across different verticals utilise similar endpoint devices, networks and cloud ecosystems. AI-powered predictive security does not need different setups and training for different organizations and industries.
There will potentially be an arms race between AI-powered protection and AI-powered adversaries. However, for the first time in InfoSec history, there is opportunity for the good guys to utilize scale of machine learning and gain the upper hand by forcing an asymmetrical playing field. Better trained LLMs and AI InfoSec will win out over poorly trained ones.
It is essential that individual data added to the security data lake must be handled safely and ethically. There are also cross-border issues with the specific data in the ML training data lake. These challenges can be overcome and compliance maintained by exporting only conglomerate summary data and not individual data. This AI technology as broadly described here, is transformative and will create an AI bonanza in InfoSec. It introduces large-scale, real-time, data-driven operations and decision making into InfoSec. Compounding occurs when more and more endpoints, networks and cloud systems are integrated in. An AI-driven security module is designed to work in heterogeneous, complex architectures that are changing over time, all the time. Security vendors that build this transformative security product will be the leaders who see massive returns in their effectiveness, opportunities, and revenue growth.