Securing your digital assets is a clear need for any business and individual, whether you are looking to protect your personal photos, company’s intellectual property, customers’ sensitive data or any other aspect that can harm your reputation or business continuity. This need will continue to grow massively over the next few years as the amount of generated and aggregated data is exploding (IDC predicts that by 2020, the volume of digital data will reach 44 Zettabytes, 1,000,000,000,000 GB = 1ZB).
The greatest challenge, in all disciplines of Cybersecurity, is to be able to recognize new threats efficiently without relying on any signatures or easy to bypass heuristics, which rely on known, previously-seen malicious activities. Supporting this trend, although billions of dollars are spent on cybersecurity (the latest estimate by Garter, worldwide information security spending will reach $81.6 billion in 2016), we keep seeing the growing number of reported cyber-attacks and the higher magnitude of breaches every day, for example the recently published high-magnitude cyber-breaches — Yahoo 500M accounts data breach is among the biggest in the history, Dropbox confirmed 68M accounts details leaked.
There are many Cybersecurity frontiers where harnessing the predictive power of AI might bring the upper hand to security vendors and to us all, individuals and businesses. The following summarizes the key arenas of AI startups cyber defense innovation.
Detecting & Blocking Hacked IoT Devices
Cisco forecasts that the number of connected devices worldwide will rise from 15 billion today to 50 billion by 2020. Intel is even more bullish, claiming that over 200 billion devices will be connected by then.
A high percentage of these billions of connected devices do not have basic security measures or the capability to have one due to limited hardware and software resources. A vivid demonstration of the power of hacked IoT devices was seen by the recent massive denial of service attack issued against KerbsOnSecurity. Even more frightening is that the source code for the Mirai malware, which was used for initiating the attack, was soon after released to the public and can now be used against any business or individual. The IoT security problem has a much higher magnitude than business continuity and may imply real life threatening events as in a similar pace, medical devices and transportation vehicles will be hyper-connected and reachable to hackers (Telefonica estimates that by 2020, 90% of cars will be online). IoT security is one of the most prominent arenas for AI technologies. Light-weight AI-based prediction models, which can reside and operate autonomously even on low computing power devices, can enable detection and blocking of suspicious activity in real-time on the device or at the network level. Several interesting startups implement AI technologies for the IoT security challenge, among them are CyberX, PFP Cybersecurity and Dojo-Labs.
Preventing Execution of Malicious Software & Files
File-based attacks remain one of the leading cyber-attack vectors. The most common file types used for file-based cyber-attacks are executables (.exe), Acrobat reader (.pdf) and MS Office files. A tiny change in a single line of code can generate a new malicious file with the same malicious intent but with a different signature and small changes in its behavior trick legacy signature-based Antivirus, as well as more advanced heuristic-based advanced Endpoint Detection and Response (EDR) solutions and even sandboxing solutions which usually deployed at the network level. There are a few startups that tackle this problem by harnessing AI. They leverage the immense capability to look over millions of features per suspicious file and detect even the slightest code mutations. The leaders in implementing file-based AI security are Cylance, Deep Instinct and Invincea.
Improving Security Operating Centers’ (SOC) Operational Efficiency
One of the key problems of security teams is the alerts fatigue due to the overflow of security alerts they receive on a daily basis. The average North American enterprises handle 10,000 security alerts per day! In many cases, this allows a malicious indicator to go below the radar despite being flagged as suspicious. There is a need for automatic classification of events by running advanced correlations between multiple sources of information, integrating internal log and monitoring systems and external threat intelligence services. This cyber defense frontier is super-hot as it is a problem of the largest enterprises which operate their own SOC. Some startups which approach this by using AI technologies are Siemplify, Phantom, Jask, StatusToday and CyberLytic
Quantifying Cyber Risks
Quantifying organizations’ cyber risks is a challenging task mainly due to the lack of historic data and the vast number of variables which are needed to be taken into account. Today organizations (and 3rd parties which want to assess these organizations, such as cyber insurers) which are interested in quantifying their cyber risks are going through tedious cyber risk assessment process, which is mainly based on self-filled questionnaires measuring qualitative measures of compliance with available Cybersecurity standards, organization’s governance and risk culture. This approach is insufficient for a genuine representation of an organization’s cyber risk posture. AI technologies’ capabilities of processing millions of data points and generating predictions can be the winning path for organizations and cyber insurers for the most accurate cyber risks estimation. A few startups are approaching this task, among them are BitSight, Security Scorecard and myDRO.
Network Traffic Anomaly Detection
The challenge of detecting abnormal traffic which may indicate a malicious activity is immense as each organization has its unique traffic behavior. Finding correlations across protocols, without relying on intrusive deep packets inspection, requires analyzing thousands of correlations between the endless meta data that is instructed out of the organization’s internal and external network traffic. A few startups are using AI technologies to tackle this challenge, among them are Vectra Networks, DarkTrace and BluVector.
Avoiding Spear-Phishing Attacks
A Spear-Phishing attack is usually based on an email message with a malicious content within in, it can be a link which redirects to malicious code execution or download. It is the most successful path into organizations. According to SANS Institute, 95% of successful cyber-attacks on enterprises are the result of a successful spear phishing. Predicting whether an email is a phishing attempt is a complex task due to the many variables and variations of these kind of emails. A few startups are approaching this by offering integrated solutions which combine employees phishing awareness training, built-in reporting capabilities and AI based prediction. Among them are PhishMe, Agari and Area1 Security.
Authorized Data Access Management
Data Leak Prevention (DLP) solutions have become a common practice for handling files access authorization management. The greatest hurdle for using these solutions is the need to classify each and every file which is a rigorous inefficient practice. Harnessing the AI capability to automatically classify information might bring a new generation DLPs for much higher adoption rate within big organizations and be relevant now to smaller ones which lack the resources for managing it today. A few startups are introducing new generation DLP by using AI technologies, among them are harvest.ai and Neokami.
Automating Secure Coding Processes
Every day new security vulnerabilities are exposed. What are these vulnerabilities? They are just programmers’ code-errors or niche scenarios which were neglected while developing the operating system or application. The time window between exposing the vulnerability by attackers, recognizing it is a problem by the security community until a patch is released by the relevant vendor and distributed to the end users can take months! There is an obvious need for automatic secure code review technologies which can scan a code before its released at the lowest level and predict the probable security vulnerabilities across programming languages, platforms and operating systems. There are a few startups which are committed to solve this problem, among them are Checkmarx and QuantifiedCode
Malicious Mobile Applications Detection
According to Ericsson, smartphones crossed 2.5 billion devices worldwide and are expected to reach 6 billion by 2020. This hyper-growth in mobility is not skipping the business arena. According to the Ponemon Institute, nearly 85% of people use the same device for work and personal use, while a clear Bring Your Own Device (BYOD) security policy does not exist nor clearly defined mobile access limitations.
Looking into the top 100 iOS and Android Apps, Araxan research reveals that 56% of top iOS apps and 100% of top Android apps were hacked in the past. Taking into account that the 2 leading app stores, Google Play and Apple App Store, both crossed the 2 million available apps on their stores, emphasize the need for highly accurate automatic classification of mobile applications. This classification method must be sensitive to the slightest obfuscation techniques, differentiating between malicious and benign applications. It can be delivered by using the cutting edge classification capability of advanced AI technologies. Few companies lead the spear head in this arena, among them Deep Instinct, Lookout Mobile Security and Checkpoint (Lacoon Mobile Security).