CTO Collective Series
Whether we realize it or not, artificial intelligence (AI) and machine learning (ML) play a part in every second of our lives. From the moment we wake, smart devices decide what time to turn on our heaters and our lights, social media uses complex algorithms to select what news to promote to us, and Google Maps navigates us through our day. Even while we sleep, AI monitors our sleeping patterns—with the proliferation of smart devices like Google Home and Apple Watches—identifying when we have had a good night’s sleep and even monitoring our health.
ML and AI in our daily lives have slowly changed how we interact with technology. We use this technology for good by helping the elderly with virtual chatbots, preventing poaching, and providing real-time translation for migrants.
The cybersecurity world has been at the forefront of this technology in the last decade, using ML/AI in various applications such as tackling huge volumes of malware, detecting spam and business email compromises, analyzing network traffic, using facial recognition, and more. It’s hard to get away from a vendor’s presentation without hearing about their ML and AI nowadays. This blog will demystify and hopefully bring some new angles to our readers in the decision-making around “ML-enabled” security solutions.
What Are ML and AI?
Let’s start with simple definitions of machine learning and AI. Machine learning involves enabling computers to learn how to do something. This requires input such as training data and knowledge, while AI is the goal of applying the knowledge learned. AI attempts to solve data-based business or technical problems, assisting users in the decision-making process or making judgment itself (if we programmed it in such a way). When it needs to, it can be used to rapidly analyze large sets of data that no human brain could possibly process and can come up with AI-assisted decisions and conclusions on an issue.
Is AI perfect? Not always. Any computer program is only as good as its writer, and any ML or AI is only as good as the information it has been fed. There are well-known examples of programmatic biases in some AI algorithms and examples where chatbots have gone rogue after being trained with the wrong data. So, while there is still work to be done, these algorithms can deliver significant benefits over even more fallible humans.
AI-Driven Malware – Myth or Reality?
Despite a large amount of hype and clickbait, there is little evidence to support the belief that criminal cyber gangs are already using AI to help generate new strains of malware, however there is evidence that AI/ML is being used in other areas to circumvent protective security measures:
- Generating deep fake videos and images to phish users and bypass security measures. This is particularly prevalent on social media sites to create fake identities.
- Solving CAPTCHAs to bypass authentication protections.
- To gather open source intelligence on organizations in order to target attackers.
AI in Defensive Security: Use Case Is King
When considering investment priorities among security solutions, evaluate the use cases you’re trying to achieve. Understand how threats are evolving and what tactics and techniques black-hats use. Then ask why you couldn’t stop these attacks with the investment you have so far. It’s pretty easy to get caught up with the AI/ML hype. But customers are starting to move cleverly to consider practical use cases, whether this is detection, forensic, hunting, or mitigation.
How Does Fortinet Use AI?
The big change in the malware industry that triggered the need for AI was heuristics and adaptive malware. We went almost overnight from a volume of malware that could be handled manually to a situation with exponential growth in the number of samples. We had to adapt and take advantage of AI and ML to support our malware analysts.
Fortinet has been in the AI business for more than a decade. At a high level, Fortinet uses AI and ML in multiple areas:
Video Overview: Use of ML & AI across the Fortinet Security Fabric platform
Find out how the Fortinet Security Fabric platform delivers broad, integrated, and automated protection across an organization’s entire digital attack surface to deliver consistent security across all networks, endpoints, and clouds. Explore how Fortinet is revolutionizing security operations with self-learning AI.