Cyberdefence: AI is just the beginning
ESET brings together machine learning and human capabilities
The potential for artificial intelligence (AI) and machine learning (ML) to improve organisations’ cyberdefence capabilities is immense. However, similar to any other technology, this revolutionary technology can be used for nefarious ends.
Adversaries see the potential of ML to avoid detection and analysis and stay under the radar – illustrated by the improvements in the spam quality, analytical and protective mechanisms employed by malware authors, observed Dimitris Raekos, General Manager, ESET Middle East.
Cyberdefenders such as ESET, on the other hand, are trying to employ it for increased protection of their users and customers, improve detections and help with the processing of the ever-growing number of emerging threats.
“In general, machine learning is a very useful technology that helps improve detection capabilities as well as other aspects of modern cybersecurity solutions.
“However, it is not a silver bullet – despite what many emerging vendors in the field are trying to claim – and it needs to be a part of a much more complex approach that combines multiple protective layers,” Raekos said.
Further illustrating how ML can be a double-edged sword is the constant problem of false positives.
Automation and especially deployment of ML-based solution might lead to a higher level of false positives, warned Raekos. “The problem with this approach is that malware may break the system, but false positive almost certainly will. Frankly speaking, it would be easy to achieve 100% detection or 0% false positives, but it is mathematically impossible to have both at the same,” he adds.
ESET’s approach is aiming to keep the best possible balance between detections and false positives. “We are adding one more layer of advanced machine learning protection in our upcoming version of endpoint protection. This layer will have different aggressivity levels for our customers to select what fits best with their organisation, along with an option to quickly fix any false positives especially for those selecting the more aggressive option,” explained Raekos.
ESET is using ML-based tools to help in-house analysts map and identify new threats as well as improve the speed and accuracy of detections. “There cannot be a solution for every kind of problem and every kind of input data. Data scientists will assess the situation, study the domain, and then work iteratively and in small steps in order to finally achieve the desired outcome,” said Raekos.
It takes a combination of man and machine to complete an effective cyber defence strategy.
ESET experts advocate a multi-layered solution that combines cutting-edge technologies with human skills, expertise and oversight, said Raekos. “Technologies such as ML can help improve many areas in cybersecurity, but malware analysts, detection engineers as well as technology experts, who know the limitations of the technology and can identify and solve emerging problems are still irreplaceable,” Raekos concluded.