The Digital Battlefield
Cybersecurity once meant protecting against small-scale hackers trying to get a quick payday. However, recent hacks have halted airport operations, exposed classified government documents, and even affected the democratic process. In 2016 and 2017, an entire region of the Ukraine—homes, schools, and hospitals—was dangerously left without power in the dead of winter due to persistent cyber attacks on the region’s utility companies. Cyber innovation isn’t just about protecting individuals—it has assumed a vital role in securing critical infrastructure.
Mike Hamilton, the newly appointed CEO of cybersecurity company Ziften, sees AI as pivotal to the development of systems equipped to meet the complex threats of a new cyber landscape.
“It is… literally armies of nation-states trying to get intellectual property, trying to affect public opinion,” Hamilton explains. “It’s really taken the cybersecurity space to a completely new plane.”
Warfare by Other Means
Recent political events have demonstrated the capacity for both state and non-state actors to destabilize centuries-old political establishments. Well-executed attacks have the power to influence international politics and inflict complete operational shutdown of targets. Russian state-sponsored cyber activity allegedly influenced the 2016 American presidential election. Concentrated hacking efforts to access information, halt operational functioning, or, in some instances, both, have also targeted U.S. universities, hospitals, airports, and conglomerates like Sony and Disney. Next to today’s highly organized, often state-sponsored cyber-missions, once-worrisome email scams are small potatoes.
Newly complex attacks have fittingly led to major transitions in the cybersecurity industry, particularly for companies like Ziften, which focus on endpoint security.
Endpoint security fights cyber attacks by protecting infiltration-prone devices such as desktops, laptops, servers, and cloud infrastructures. The field has historically been split into two sectors: endpoint protection and endpoint detection and response.
Endpoint protection, which includes technologies like anti-virus and anti-malware software, serves as a first line of preventative defense against attacks. It primarily functions by looking out for known or familiar attack signatures.
Endpoint detection and response monitors and analyzes data and network events on an ongoing basis to spot potential suspicious activity and real-time breaches. It also includes post-attack forensic analysis and response development.
Despite the historical separation of protection and detection, the division between the two is swiftly evaporating. With the complexity of contemporary attacks, companies increasingly require the entire array of tools combined into one comprehensive, high-functioning system. Ziften illustrates how security-conscious companies are stepping up to fill this need.
“Working with 30 different tools is just so difficult, given all the different alerts that are popping up. They’re trying to hunt down alerts and figure out what’s going on,” Hamilton said. “Something that we’re heavily focused on is simplifying the endpoint. It’s bringing a single agent to deliver both the advanced [anti-virus] protection as well as post-breach forensic components.”
The AI Element
For Hamilton, artificial intelligence takes center stage as this simplifying agent.
“Machines are typically black and white,” Hamilton said. “Humans have a little bit of gray when it comes to cognitive ability. Using technology to bridge black-and-white machines into that gray area is a fascinating development.”
So what exactly does that gray-area operation look like? Equipped with machine learning technology, a security system can actually improve its own code. Engineers, who would otherwise have to program software to be on alert for known threat signatures, can instead expose it to millions of cyber-threats as a learning process. The software discerns their underlying makeup and identifying details, increasing its ability to protect against never-before-seen threats.
“Attackers are continuously changing their tactics. You have to look deeper into the connections of what’s happening, what they’re actually doing once they’re inside, or when they’re trying to get inside,” Hamilton said. “The key is, as those specific behaviors change, to be able to identify that they’ve changed, that the intention is in fact malicious, and then be able to stop it as it’s happening—rather than after you’ve already had personal emails published on the internet.”
Machine learning provides a direction for the future of cybersecurity, but it is unfortunately not a one-stop solution. As it happens, AI enables advancements in both cybersecurity and cyber attacks. Algorithms, for example, have been developed with the ability to write code to burrow past anti-virus scans. AI can also be used to quickly sweep the internet for personal information, perform mass phishing attempts, or spread fake video clips to influence public sentiment.
The ongoing pressure to develop better technologies will undoubtedly spark rapid innovation in the field, potentially instigating global shifts that have so far only been imagined by sci-fi narratives.
Though the technology has the capacity to both help and hurt, Hamilton is focused on a future in which AI is an uplifting agent. Hamilton’s hope for an AI-enabled future? “To stop evildoers from stealing people’s IP or from shutting down a hospital so that someone couldn’t get their treatments,” he said. “To know that we’ve made the world a little bit of a better place.”