While artificial intelligence is primarily concerned with detection, a complete system must also address the response to a perceived threat. The basic framework can detect attacks and then assess responses based on known problems.
Fremont, CA : The issue of protection was one of the initial concerns for many business companies as they transitioned to the cloud over the last decade. Significant funds had been invested in corporate firewalls, and now technology firms were recommending that corporate data remain outside of that security barrier. Early concerns were resolved, and data started to flow into the Cloud. However, nothing is static, and as the increased amount of data and networking collides with the increased sophistication of threats, artificial intelligence (AI) is being used to keep things secure.
The initial reluctance of enterprise organizations to migrate to the Cloud was met by data centers enhancing hardware and networking security, while cloud software providers, including cloud hosts and application providers, improved software security beyond what was initially available in the Cloud. Most of this was done by transferring information from on-premises protection to larger cloud systems. However, since there is more scope for attacks in the Cloud, new techniques must be added. Furthermore, since most companies operate in a hybrid ecosystem, on-premises and cloud protection must work in tandem.
This opens the door for AI to provide enhanced protection. As with other computer solutions, protection is a combination of AI and non-AI techniques tailored to the problem. There is, for example, deep learning. Supervised learning is useful for detecting known attacks, while unsupervised learning is useful for detecting anomalous events in a sparse dataset. Reinforcement learning classification can also be accomplished by statistical analysis of time series data and does not always necessitate the use of AI. In some cases, this can lead to faster results.
Detection Versus Response
While artificial intelligence is primarily concerned with detection, a complete system must also address the response to a perceived threat. The basic framework can detect attacks and then assess responses based on known problems. Unknown issues have unknown solutions. Humans must be flagged to manage such suspicious transactions, after which input can be provided to strengthen the system. Those new rules can be integrated into the neural network or applied to a rules collection, depending on how complex a system is built.
The current state of the industry, both in terms of technology and human comfort levels, indicates that human supervision before responding to new attacks will continue to be the dominant method in the coming years. Advances will drive the security industry toward more machine operation, followed by human reporting, analysis, and change, but this will take time. Better explainability will be expected, as the deep learning "black box" will have to become more transparent.