Is the future of cyber security machines versus machines? As hackers increasingly use automation and machine learning to launch cyber attacks at scale, cyber security defenders, too, are turning to artificial intelligence to detect hacks -- and, in some cases, kill them dead automatically. But the use of AI for cyber defence is still nascent, according to many experts, and must be deployed with care. Some argue there is a tendency for the cyber security industry to exaggerate AI's potential and successes, and use it as a buzzword. "Having a fully automated system in the cyber security domain would mean essentially trusting the computer with decisions. "There are critical things that would be hugely costly if done incorrectly," he says. "It's a question of'how accurate is this thing relative to the human?' And, in the cyber security domain, it's just simply'not very'." So how far along are we? Already, cyber security companies are using AI to help detect potential attacks by flagging suspicious behaviour. Justin Fier, vice-president of tactical risk and response at Darktrace, says the UK-based company uses "various forms of machine learning to go into your digital estate and, quite simply, establish a sense of self, establish what is specific to an organisation". He adds: "The minute something deviates -- big or small -- we can actually alert you to that." Darktrace also has automated responses to known threats such as ransomware strains. "Now, the median time to detect and remediate ransomware is 45 minutes.

Security leaders are increasingly turning to AI and ML-based defenses against cyberattacks as pessimism grows over the efficacy of human-based cybersecurity defense efforts. A recent survey from MIT Technology Review Insights, sponsored by Darktrace, found more than half of business leaders think security strategies based on human-led responses to fast-moving attacks are failing; nearly all have begun to bolster their defenses in preparation for AI-enabled attacks. "Cyber AI autonomously stops threats in their tracks and surfaces relevant information in a digestible narrative, augmenting human teams and giving them time to focus on strategic tasks that matter," said Darktrace's director of threat hunting, Max Heinemeyer. "All that organizations can do to prepare is simply embrace self-learning AI as a force multiplier." He noted that AI-powered cybersecurity platforms can integrate with other tools in a security toolbox, ingest new forms of telemetry from existing investments for further enrichment, share detections and incidents with workflow tools and even orchestrate response actions across the rest of the digital estate, for example, by integrating with preventative tools.

Artificial intelligence (AI) has become all the rage in cybersecurity circles, but a recently discovered universal bypass of a machine-learning (ML) algorithm in BlackBerry's Cylance cybersecurity suite offers some valuable lessons for organizations mulling AI security solutions. The bypass was discovered by researchers at Skylight, a firm founded by Israeli government security veterans Adi Ashkenazy and Shahar Zini. After a careful analysis of Cylance's antivirus product, the researchers discovered a bias toward a particular game. They leveraged that knowledge to craft a universal method for bypassing the software by simply appending a selected list of strings to any malicious file. The method was 100% successful for the top 10 malware programs for the month of May--and 90% effective for a larger universe of 384 malicious applications, the researchers said.