How AI-based machine learning will affect IT security

Rabih Itani, Regional Business Development Manager – Security, Middle East and Turkey at Aruba, an HPe company discusses how machine learning enables AI to detect patterns in all sorts of data sources and create behaviours based on recognized patterns, thereby improving security operations.

Artificial Intelligence (AI) has been a hot topic of discussion in many industries for a while now, with healthcare, retail and hospitality, to name but a few, starting to speculate on the massive opportunities its development could bring to how their business is run, and how customers interact with those businesses. Many articles are already predicting the demise of human workers as a result of AI making inroads into our lives because we are on the verge of true artificial intelligence. But when it comes to the biggest challenges facing business, these technologies are yet to have their big breakthrough.

This may all change as we progress into this information age, and for me, the first proof point will be IT security. Having grown into one of our biggest international threats of 2018 with attacks spanning the globe and affecting every country including Middle East ones, a new defence is being developed that will allow companies to tackle the latest threats as soon as they appear on the network.

This new defence is based on machine learning, a key component of a security framework that can move as quickly as those who are looking to breach the network. Machine learning is a fundamental part of an AI system. Machine learning enables AI to detect patterns in all sorts of data sources and create behaviours based on recognized patterns.

How does machine learning improve security?

IT teams today are faced with a moving security target. From the devices used by employees to do work, to the locations, we work in and the people, we send data to, our activities change day by day. It is important to understand, keep up with and protect against these moving goalposts.

As is clear nowadays, security is number one on the agenda for CIOs around the world, as they move to protect their organisations against the malevolent attackers who are looking to breach the network and, typically, steal personal data. This can be a tall order for most IT staff that cannot predict the subtle changes that might take place within their network day to day. These could include hundreds of new devices signing up to the network, from employee-owned mobile phones to older temperate sensors, newly connected as part of an IoT strategy.

The scale of the challenge is often just too vast when asking human IT teams to manage the data being shared by incoming and existing devices, which can easily reach into the thousands for a large enterprise. This is where machine learning comes into its own.

Using machine learning for UEBA (user entity and behavioural analytics), IT managers can create standard profiles for each device on the network. Sales managers get access to Salesforce anytime anywhere, finance teams get access to Financial Information Systems using specific devices at specific locations, and so on. The profile of each user becomes quickly personalised, and as soon as a user or entity behaves in a way that strays outside of their profile, the machine sees it, and raises the risk score of that user or entity and may accordingly send an alert, which in many cases will require the user/entity to re-authenticate. In the case of a malevolent attack, the intruder will be isolated from the rest of the network, to limit any potential damage that might have occurred.

Machines are capable of analysing millions of individual packets of data plus thousands of system logs and possibly business context data (such as HR records), making a truly individual approach to security possible, which is more than can be said for the ability of a human IT team. With the machine doing the brunt of the monitoring work within the network, the human agent need not intervene until an entity risk score gets above threshold. This automatic monitoring offers IT staff exceptional time savings, which means they can get on with tackling other IT issues throughout the organisation.

Security’s positive impact on the workforce

With AI based machine learning introduced in the workplace, security teams stand to benefit greatly. The technology isn’t here to replace the human element in security operations; it will augment the human’s intelligence, allowing staff to make better decisions based on the quality of the actions being proposed and the forensics data being furnished. Permissions, for instance, won’t be automated by artificial intelligence; it will flag the request to a human agent, who can use the information gathered, and knowledge of the actor, to make an informed decision.

These developments could ultimately change the range of jobs on offer within IT security. Security staff will move from being the operational proponent within the network, to making the decisions that could determine the security of the network. On the other hand, the Security Manager might become the Policy Manager, determining the various policies and credentials necessary to access business networks.

Whilst the approaches of human workers might change during the course of the roll-out of this technology throughout enterprises, their work will be no less important. They will still need to build security into the core of the network, regardless of the technology already in place.

As the world moves into a state of ‘data as commodity’, the network is still the most important infrastructure to maintain and keep safe as it is the first line of defence. It’s time to start thinking about these developments as they become more prevalent because human IT staff need all the help they can get when combatting increasingly intelligent threats.