The industry identified that basic fingerprinting could not maintain up with the rate of these developments, and the requirement to be everywhere, at all times, pushed the acceptance of AI technology to deal with the scale and complexity of modern business security.
Since then, the AI defence market has become crowded with vendors promising data analytics, looking for “fuzzy matches”: close matches to previously encountered threats, and eventually using machine learning to detect similar attacks. While this is an advancement over basic signatures, using AI in this manner does not hide the fact that it is still reactive. It may be capable of recognizing attacks that are very similar to previous incidents, but it is unable to prevent new attack infrastructure and techniques that the system has never seen before.
Whatever you call it, this system is still receiving the same historical attack data. It recognises that in order to succeed, there must be a “patient zero” — or first victim. Supervised machine learning is another term for “pretraining” an AI on observed data (ML). This method does have some clever applications in cybersecurity. For example, in threat investigation, supervised ML has been used to learn and mimic how a human analyst conducts investigations — asking questions, forming and revising hypotheses, and reaching conclusions — and can now carry out these investigations autonomously at speed and scale.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: