Machine Learning and Artificial Intelligence (AI) are often over-used terms in a modern cyber-security context, but that doesn’t mean they aren’t useful for helping organizations and vendors to improve.
Among the many vendors that have embraced AI is McAfee, which is integrating different capabilities across its portfolio. Beyond the buzzword hype, AI has real value, as well as real potential for both defenders as well as adversaries, according to McAfee SVP and CTO Steve Grobman. In a video interview with eWEEK, Grobman provides insight into the current state of AI for cyber-security and how it is being used today.
“One of the things I talked about in my keynote at RSA Conference is being able to use artificial intelligence to generate targeted content for a specific user,” Grobman told eWEEK. “It provides a bad actor with the effective of spear phishing but given that it’s driven through AI based automation, it can scale to the levels of traditional phishing attacks.”
While attackers can potentially use AI to scale up new kinds of attacks, AI is already being used by cyber-security vendors to advance defensive capabilities. Grobman said that AI can be used for multiple purposes by vendors, including improved threat detection. He added that AI based automation is helpful to assist enteprises with the cyber-security talent shortage.
AI relies on data from which it can be trained and learn how to handle different types of situation. In Grobman’s view, the way that data is sent to an AI system isn’t as critical as the quality of the data itself.
“We do need to be careful about where data comes from,” Grobman said.
So for example, if an adversary is able to inject poisoned data into a training dataset, it can end up making an AI system less effective. Going a step further, Grobman said it’s important for organizations to not assume that the data that was used to train an AI model is necessarily fully representative of all the data that is seen in the real world.
There are different types of Machine Learning AI models, with two of the principal types being supervised and un-supervised models. Grobman said that in order to understand what types of threats are similar to each other, using an un-supervised model is a good choice. For doing classification exercises, using a supervised model, is a better approach.
“Instead of thinking about what is the best form of artificial intelligence, you really need to understand what is the specific problem that you’re trying to solve,” he said.
Machine Learning and Endpoint Security
AI isn’t just an abstract concept at McAfee, it’s also part of the company’s product direction. Grobman said for endpoint security for example, McAfee’s strategy involves both traditional approaches for cyber-security as well as integrating machine learning capabilities. He explained that McAfee has added multiple layers of AI for endpoint security including structural machine learning to understand what a given piece of code is, and behavioral machine learning to look at what things do.
Overall, Grobman emphasized that cyber-security is a constantly evolving landscape and organizations should never bet their future on a single product or technology to solve all their issues.
“Companies need to think about security at scale and look for suppliers that have the ability to setup a pipeline of technologies, versus banking on one silver bullet,” he said.
Watch the full video interview with Steve Grobman above.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.