How AI is being utilised in the cybersecurity space

Paul Lipman, CEO at BullGuard, discusses how AI is being used within its products and how it can be a compelling selling point for resellers.

It’s a figure that is so large it’s difficult to comprehend, but 350,000 new malware programmes and suspicious applications are released every day according to the AV-Test Institute. That’s 2.45 million malware programmes a week, bombarding computers and networks the world over. In the face of this onslaught it’s understandable that we’ve reached a point in which traditional conventional malware detection is being overwhelmed.

Of course, cybersecurity companies have been ahead of this curve and for years have layered behavioural-based detection on top of traditional malign code signature detection methods. And as artificial intelligence (AI) increasingly makes headway it is increasingly being deployed in cybersecurity.

AI systems are being created and taught to detect viruses and malware. Sophisticated predictive AI models can identify even the slightest of aberrant behaviours that signals malware with significantly higher accuracy than conventional methods.

AI can also be used at an individual device or user level which is useful for large enterprises to scan a system for abnormal activity, such as unauthorised access to a database from a computer within an organisation. By constantly scanning, enough data can be collected to determine when a particular activity is questionable. If abnormal activity is detected, AI models can help determine whether or not the activity may indicate a threat or whether it is a false alarm.

At BullGuard, we have introduced predictive AI malware detection and layered it on top of conventional signature-based detection and behavioural detection that identifies code and activity irregularities that signal malware. This triple-layered approach to cybersecurity provides robust defences and can quickly recognise patterns as new malware activity begins to develop.

However, in some senses it’s ironic that end users are typically not aware that AI is being used. AI is a bit of a buzzword these days and there is a perception that if AI isn’t being used in software and systems of all types then the service is on its way to becoming redundant. In fact, it’s become such an issue that some companies will claim to be using AI when they really aren’t just to satisfy their customers. This also illustrates that many people only have the vaguest of notions of what AI is and what it does.

This can actually be an advantage for cybersecurity resellers, particularly in the under-served consumer and small office markets. These markets are often overlooked by many vendors when it comes to cybersecurity designed to meet their specific needs, for instance both consumers and small offices want the best protection possible together with ease-of-use. They don’t want complexity, and as a result, easy-to-use, advanced cybersecurity is attractive. AI malware detection layered in as predictive protection is an extremely compelling selling point to add.

Unfortunately, hackers can also make use of AI to create malware. Truly skilled hackers, more aptly described as advanced computer scientists albeit with malign intentions, who are able to exploit to AI, are a relatively small minority. However, their malware developments typically cascade down into the larger underground criminal community who adopt and use their designs.

There are signs that these advanced hackers are using AI to weaponise malware. For instance, criminals can use AI to conceal malicious code in otherwise benign applications. The code is programmed to execute at a specific time, say within six months after the applications have been installed, or when a targeted number of users have subscribed to the applications. This maximises the impact of such attacks.

This is only one example of AI used to create malware, but as you can imagine such attacks could be devastating if successful. Which is why AI has been so readily and swiftly adopted by the cybersecurity industry. Among the release of 350,000 new malware programmes each day, we are beginning to see the early signs of AI-driven malware activity. As such the success of cybersecurity protection depends on being on top of and ahead of this fast-paced malware evolution.

The PCR Awards 2020 takes place in London on 4th March. Don’t miss out on a chance to be in the room with 500+ industry peers. Book your tables and tickets now!

Like this content? Sign up for the free PCR Daily Digest email service to get the latest tech news straight to your inbox. You can also follow PCR on Twitter and Facebook.

Read the latest edition of PCR’s monthly magazine below: