Those significant changes in the tech industry influenced the cybersecurity industry and led to a dramatic shift in the field. Before we discuss those changes, let’s try to get a sense of how AI creates value for users and products.
AI Patterns Instead of Signatures
AI systems can learn a user’s behavioral patterns, and in the future may potentially intuit answers to email correspondence and offer a draft of an answer to the user. Currently, big tech companies are trying to develop smart search tools, like Apple, which acquired Cue in 2013 to improve the search experience with iOS products. Slack is trying to advance the search feature of its product, and obviously Google recently released a smart search engine for G-Suite customers to do a smart search across G-Suite product, including Drive, Gmail, Sites, Calendar Docs, Contacts, and more. But tech giants are not the only ones applying AI to structure and find hidden patterns in information. Something similar is happening in the cybersecurity field in the search for hackers’ attacks. This is how it works – security companies are applying smart prediction to find hacker patterns and identify tactics used to conduct attacks. Based on this, AI ‘learns’ the behavior and can predict what kind of attack there might be next time. There might not even be a hacker attack or real information on one, but smart AI has already assessed hacker patterns.
Antivirus Mode
Historically, the driver of the cybersecurity industry has been the antivirus field, which has been developing actively since the 90s. That’s why the cybersecurity unicorns in general focus on antivirus, like McAfee that was acquired by intel for $7.68B or Kaspersky Lab. Those tech giants built their business by applying the signature method of fighting against viruses. They hired countless analysts who wrote anti-malware code. And the business was dependent on hiring as many people as possible because hackers were constantly inventing different types of malware that analysts struggled to keep up with, often leaving them one step behind the hackers. But since the new growth in AI, the situation has dramatically changed. In 2011, the next generation of cybersecurity companies started to appear, like Cylance, who has been applying AI to its products. Their software prevents rather than reactively detects viruses and malware. Today, companies such as Cylance, Lookout, and Wallarm heavily compete with veterans like McAfee. Those startups achieved enormous growth in just in few years because they applied machine learning to their products, which search hackers’ hidden patterns to prevent cyber attacks.There is no need to hire thousands of analysts to write signatures. Just having three or four data scientists on a team of ten applying AI in the product which allows for the prediction of potential malware attacks. In our estimation, one data scientist can replace 100 analysts. So for a new generation of AI startups, hiring three or four data scientists (instead of 300-400 analysts) would be enough to fight malware attacks. As a result, the team can gain the same level of expertise as the tech giants. The same situation is now developing in the areas of network security, IPS/IDS and in SIEM, where AI can dynamically predict potential attacks. To become a potential billion dollar company in cybersecurity, a startup simply needs a strong team of data scientists fighting malware, particularly because known malware quickly becomes outdated. Hackers apply “packers” (repackaged malware) that can easily override commonly known signatures. Their precise ability to utilize AI to predict and analyze future attacks rather than reactively manage existing attacks explains the success of unicorn startups to combat new forms of malware. In the near future, we predict that AI will be able to effectively fight against hackers by easily detecting repacked viruses. It’s just a matter of time. That’s why, more than resources or experience, companies who actively apply AI, especially cybersecurity companies, will ultimately be successful. This article was also written by Rick Orloff, Vice President, Chief Security Officer and Chief Privacy Officer at Code42