To All Articles

Leveraging AI for Continuous Detection of Zero-Day Threats

Published on January 23, 2020

As the global cyber threat continues to increase, we need new ways of ensuring the safety of our data.

At an event kindly organized by ISE® in Seattle, WA, I had a great opportunity to discuss cybersecurity challenges with the leading IT professionals. I want to share some of the actionable insights from that evening and explain why they matter.

We kicked off with the problem of traditional defense systems and their inability to handle yet unknown threats. As such, enterprise security teams have to spend valuable time locating and remediating vulnerabilities. With the rise of AI and ML, we explored how these powerful approaches can be used to detect and defeat an increasing number of zero-day vulnerabilities.

But first, why does it matter?

The High Cost of Cybercrime

Research done by Cybersecurity Ventures predicts that the global annual cybercrime damages will reach $6 trillion by 2021. Since 2015, the costs have more than doubled and cyberattacks are not only increasing in size and sophistication but are also becoming more hostile and complex.

According to a RiskBased report, by the end of September 2019, there were more than five thousand breaches and 7.9 billion exposed records. At the same time, another report shows that there is a severe global cybersecurity workforce shortage. The number of available cybersecurity positions has more than tripled since 2015.

Corporations increasingly turn to third-party data breach and incident response firms and Managed Security Service Providers (MSSPs) for help with their cyber-defenses.

We simply do not have enough people to guarantee the security of our data. Every year, it is leaked and used by hackers for identity theft, bank fraud, money laundering, and more. We must find ways to keep our data protected.

Traditional vs AI defense systems

The traditional systems of defense, such as definition-based antivirus’ or traditional network monitoring tools like firewall, DMZ, and port forwarding are simply not enough. Cybersecurity teams are locked in a technology arms race with cybercriminals, and as such, we need to come with new, powerful tools to protect ourselves.

Zero-Day vulnerabilities are a perfect example of why traditional methods cannot keep us 100% safe. With zero-day vulnerabilities, it takes time to detect a breach and even more time to patch it. The problem is that a security team might not patch the vulnerabilities before an attacker successfully exploits them.

A representative of CylanceJohn Mc Laughlin, at the event told us about their approach to security. Unlike traditional security measures, their software focuses on preventing instead of detecting viruses and malware. They use AI to detect zero-day vulnerabilities by identifying suspicious behavior in the system.

By utilizing AI for uninterrupted threat detection and response, their security team has a transparent and proactive threat search. It gives them more time to work on finding a solution and preventing a breach before it occurs.

dinner attendees
Photo by Marci McCarthy (taken from LinkedIn)
The Future of Cybersecurity

According to the 2019 IDG Digital Business Study, AI is being tested or already used by 41% of companies, with another 42% actively researching it. As I have seen for myself, some companies have already successfully used AI to complement their cybersecurity efforts.

I am convinced that AI will play a critical role in the near future, but we will still need highly skilled people to perform high-level analysis and remediation activities. As the amount of data we generate continues to grow, it is paramount that we are able to control and protect it.