Securing your digital assets is a clear need for any business and individual, whether you are looking to protect your personal photos, company’s intellectual property, customers’ sensitive data or any other aspect that can harm your reputation or business continuity. This need will continue to grow massively over the next few years as the amount of generated and aggregated data is exploding ( predicts that by 2020, the volume of digital data will reach 44 Zettabytes, 1,000,000,000,000 GB = 1ZB). IDC The greatest challenge, in all disciplines of , is to be able to recognize new threats efficiently without relying on any signatures or easy to bypass heuristics, which rely on known, previously-seen malicious activities. Supporting this trend, although billions of dollars are spent on cybersecurity (the latest estimate by , worldwide information spending will reach $81.6 billion in 2016), we keep seeing the growing number of reported cyber-attacks and the higher magnitude of breaches every day, for example the recently published high-magnitude cyber-breaches — 500M accounts data breach is among the biggest in the history, confirmed 68M accounts details leaked. Cybersecurity Garter security Yahoo Dropbox There are many Cybersecurity frontiers where harnessing the predictive power of AI might bring the upper hand to security vendors and to us all, individuals and businesses. The following summarizes the key arenas of AI startups cyber defense innovation. Detecting & Blocking Hacked IoT Devices Cisco forecasts that the number of connected devices worldwide will rise from . Intel is even more bullish, claiming that devices will be connected by then. 15 billion today to 50 billion by 2020 over 200 billion IoT devices will cross 50 billion by 2020 (Image source: www. ) enterpriseirregulars.com A high percentage of these billions of connected devices do not have basic security measures or the capability to have one due to limited hardware and software resources. A vivid demonstration of the power of hacked IoT devices was seen by the recent massive denial of service attack issued against . Even more frightening is that the source code for the malware, which was used for initiating the attack, was soon after released to the public and can now be used against any business or individual. The IoT security problem has a much higher magnitude than business continuity and may imply real life threatening events as in a similar pace, medical devices and transportation vehicles will be hyper-connected and reachable to hackers (Telefonica estimates that by 2020, will be online). IoT security is one of the most prominent arenas for AI technologies. Light-weight AI-based prediction models, which can reside and operate autonomously even on low computing power devices, can enable detection and blocking of suspicious activity in real-time on the device or at the network level. Several interesting startups implement AI technologies for the IoT security challenge, among them are , and . KerbsOnSecurity Mirai 90% of cars CyberX PFP Cybersecurity Dojo-Labs Preventing Execution of Malicious Software & Files File-based attacks remain one of the leading cyber-attack vectors. The most common file types used for file-based cyber-attacks are executables (.exe), Acrobat reader (.pdf) and MS Office files. A tiny change in a single line of code can generate a new malicious file with the same malicious intent but with a different signature and small changes in its behavior trick legacy signature-based Antivirus, as well as more advanced heuristic-based advanced Endpoint Detection and Response (EDR) solutions and even sandboxing solutions which usually deployed at the network level. There are a few startups that tackle this problem by harnessing AI. They leverage the immense capability to look over millions of features per suspicious file and detect even the slightest code mutations. The leaders in implementing file-based AI security are , and . Cylance Deep Instinct Invincea Improving Security Operating Centers’ (SOC) Operational Efficiency One of the key problems of security teams is the alerts fatigue due to the overflow of security alerts they receive on a daily basis. The average North American enterprises handle security alerts per day! In many cases, this allows a malicious indicator to go below the radar despite being flagged as suspicious. There is a need for automatic classification of events by running advanced correlations between multiple sources of information, integrating internal log and monitoring systems and external threat intelligence services. This cyber defense frontier is super-hot as it is a problem of the largest enterprises which operate their own SOC. Some startups which approach this by using AI technologies are , , , and 10,000 Siemplify Phantom Jask StatusToday CyberLytic Quantifying Cyber Risks Quantifying organizations’ cyber risks is a challenging task mainly due to the lack of historic data and the vast number of variables which are needed to be taken into account. Today organizations (and 3rd parties which want to assess these organizations, such as cyber insurers) which are interested in quantifying their cyber risks are going through tedious cyber risk assessment process, which is mainly based on self-filled questionnaires measuring qualitative measures of compliance with available Cybersecurity standards, organization’s governance and risk culture. This approach is insufficient for a genuine representation of an organization’s cyber risk posture. AI technologies’ capabilities of processing millions of data points and generating predictions can be the winning path for organizations and cyber insurers for the most accurate cyber risks estimation. A few startups are approaching this task, among them are , and . BitSight Security Scorecard myDRO Network Traffic Anomaly Detection The challenge of detecting abnormal traffic which may indicate a malicious activity is immense as each organization has its unique traffic behavior. Finding correlations across protocols, without relying on intrusive deep packets inspection, requires analyzing thousands of correlations between the endless meta data that is instructed out of the organization’s internal and external network traffic. A few startups are using AI technologies to tackle this challenge, among them are , and . Vectra Networks DarkTrace BluVector Avoiding Spear-Phishing Attacks A Spear-Phishing attack is usually based on an email message with a malicious content within in, it can be a link which redirects to malicious code execution or download. It is the most successful path into organizations. According to SANS Institute, of successful cyber-attacks on enterprises are the result of a successful spear phishing. Predicting whether an email is a phishing attempt is a complex task due to the many variables and variations of these kind of emails. A few startups are approaching this by offering integrated solutions which combine employees phishing awareness training, built-in reporting capabilities and AI based prediction. Among them are , and . 95% PhishMe Agari Area1 Security Authorized Data Access Management Data Leak Prevention (DLP) solutions have become a common practice for handling files access authorization management. The greatest hurdle for using these solutions is the need to classify each and every file which is a rigorous inefficient practice. Harnessing the AI capability to automatically classify information might bring a new generation DLPs for much higher adoption rate within big organizations and be relevant now to smaller ones which lack the resources for managing it today. A few startups are introducing new generation DLP by using AI technologies, among them are and . harvest.ai Neokami Automating Secure Coding Processes Every day new security vulnerabilities are exposed. What are these vulnerabilities? They are just programmers’ code-errors or niche scenarios which were neglected while developing the operating system or application. The time window between exposing the vulnerability by attackers, recognizing it is a problem by the security community until a patch is released by the relevant vendor and distributed to the end users can take months! There is an obvious need for automatic secure code review technologies which can scan a code before its released at the lowest level and predict the probable security vulnerabilities across programming languages, platforms and operating systems. There are a few startups which are committed to solve this problem, among them are and Checkmarx QuantifiedCode Malicious Mobile Applications Detection According to Ericsson, smartphones crossed 2.5 billion devices worldwide and are expected to reach by 2020. This hyper-growth in mobility is not skipping the business arena. According to the , nearly 85% of people use the same device for work and personal use, while a clear Bring Your Own Device (BYOD) security policy does not exist nor clearly defined mobile access limitations. 6 billion Ponemon Institute Mobile use takes the lead in 2016 (Image Source: ) www.mobiloitte.com Looking into the top 100 iOS and Android Apps, reveals that 56% of top iOS apps and 100% of top were in the past. Taking into account that the 2 leading app stores, Google Play and Apple App Store, both crossed the available apps on their stores, emphasize the need for highly accurate automatic classification of mobile applications. This classification method must be sensitive to the slightest obfuscation techniques, differentiating between malicious and benign applications. It can be delivered by using the cutting edge classification capability of advanced AI technologies. Few companies lead the spear head in this arena, among them , and (Lacoon Mobile Security). Araxan research Android apps hacked 2 million Deep Instinct Lookout Mobile Security Checkpoint
