Cloud computing has made it possible to bring more AI and machine learning algorithms to bear without excessive computing costs, according to cloud security experts.
The embrace of the cloud has increased the scale and lowered the cost associated with deploying artificial intelligence or machine learning while automating the anomaly detection process and putting more valuable data in the hands of customers, according to several sales leaders and technical experts focused on cloud security.
In a non-cloud world, defending a company's environment with a true AI algorithm would have required housing the data store and machine power for that compute in-house, according to Michael Fey, president and COO of Mountain View, Calif.-based Symantec. But nowadays, Fey said all a business needs to do is write the AI algorithm and toss it over the cloud wall.
As the world embraces an encrypted future where people can't see inside traffic and privacy reigns supreme, Fey said organizations need to deliver an AI response from where the traffic stops regardless of whether that's an endpoint, mobile phone, or email. If a large algorithm started running on a customer's phone, though, Fey said they would likely become very frustrated.
"Those aren't places that are ready to run big, expensive computing algorithms," Fey said.
Fortunately, though, the algorithms can now run in the cloud, Fey said, with connections back to the endpoint delivering a strong cybersecurity posture.
Machine learning makes it possible for businesses to do really cool things with much larger data sets than they ever could have before, according to Ryan Kalember, senior vice president of cybersecurity strategy at Sunnyvale, Calif.-based Proofpoint. Specifically, he said Proofpoint can now take the threat data from all the emails and apps that company has scanned over the years and run that in the cloud.
"That's something we never, ever could have done on-prem before, because it would have been prohibitively expensive and probably not even manageable," Kalember said.
Machine learning can also help businesses understand normal patterns of log-in activity, which Kalember said is very important in the cloud since compromised credentials pose a far greater risk to users than the physical security of the public cloud platform itself. Detecting attempts at brute force attacks and figuring out where attackers are trying to target is easier with machine learning, he said.
Although AI and machine learning have been around for decades, the move to cloud allows that algorithms to be applied across large reams of data and massive data lakes, according to Rohit Gupta, group vice president of cloud security for Redwood Shores, Calif.-based Oracle.
Although these algorithms were historically siloed and applied only to specific data sets, Gupta said the cloud has made it possible to see across petabytes of data, which has resulted in far more applications for AI and machine learning. Real-world examples of how enterprises can apply this technology include anomaly detection, pattern matching, behavioral change, and sentiment analysis, Gupta said.
One emerging area around AI and machine learning that Oracle has explored is prescriptive remediation, Gupta said. Here, Gupta said the algorithm can examine an application's initial behavior to determine how it would operate after certain changes are made.
One of the primary drivers for people moving to the cloud from an applications perspective has been because they couldn't afford to infuse AI and machine learning within their own data centers, according to Dean Darwin, senior vice president of sales and channel strategy for Santa Clara, Calif.-based Palo Alto Networks.
Implementing these algorithms within a company's own infrastructure would be near impossible, Darwin said, due to the lack of available data scientists, protracted implementation time, and inability to move quickly. Amazon, Google and Microsoft have infused AI and machine learning into their clouds, Darwin said, and businesses should be infusing machine learning into their security footprint as well.
"The adversary is highly automated," Darwin said.
Conversations around AI and machine learning have focused primarily on detection in hopes of gaining a better understanding of baseline behavior and surface anomalies, according to Adam Bosnian, executive vice president of global business development for Newton, Mass.-based CyberArk. Now, Bosnian said the algorithms are being applied to larger and more varied sources of data than ever before.
A lot more data is being generated today since organizations have more assets, Bosnian said. In addition, the overall availability of data has been increased thanks to the cloud providers themselves making more data available to customers as well as the companies they work closely with, according to Bosnian.
Regardless of whether an organization's tools are running on-premise, in the private cloud, or in the public cloud, Bosnian said automation and machine-level activity are taking over, expanding far beyond post-incident response. And if companies don't secure both the automation console as well as the items created via automation, Bosnian said they're going to have a bigger security problem on their hands.
Machine learning can help reduce false positives and errant alarms associated with potential security risks, said Daniel Spurling, director, cloud and transformation for Seattle-based Slalom Consulting, No. 37 on the 2018 CRN Solution Provider 500. If the false alarms persist, Spurling said companies will often try and squelch out the alarming, which can result in them missing alerts for legitimate security risks.
If a human learns that a perceived threat isn't actually real, Spurling said the person will disregard the warning pretty quickly the next time it comes around. But historically, Spurling said automatic alerting systems weren't intelligent. Now with machine learning, Spurling said these systems can start to understand on their own what is or isn't a true security threat or risk.
After making a decision about what is or isn't a real threat, the intelligent system can then automatically decide what action should be taken, factoring in previous actions that have already been taken, Spurling said. Only if the automated actions don't resolve or mitigate the threat are things escalated to a human, which Spurling said can exponentially cut down on the amount of resources needed to deal with alerts.
AI will have a massive security impact from both a capability and threat standpoint, according to Shawn Keve, executive vice president, sales and marketing for Atlanta-based Simeio Solutions, No. 369 on the 2018 CRN Solution Provider 500. Specifically, Keve said AI should help with detecting anomalous behavior, learning from that, and then adjusting security based on what the business really needs.
AI can be used to not only look at a network, Keve said, but also to figure out whether any of the information gleaned from the network matches reports received by a threat information consortium managed by Simeio.
The machines that are being set up to run some processes using artificial intelligence also need to be controlled, Keve said, with businesses needing to determine the best way to provide access control and governance. All told, Keve said the threat landscape that businesses face has changed dramatically due to automation.
"It takes a bot to compete with a bot. You can't manually try and keep up with all of these other machines," Keve said. "Eventually, you're going to need something to counter it."