Alphabet, Google’s parent company, has jumped into the cybersecurity battle with both feet. But instead of deploying vast teams of cybersecurity professionals, they’re eschewing fallible humans for their digital counterparts: bots.
Its name is Chronicle, and here’s how it works: It analyzes your data and then uses artificial intelligence (AI) to automatically pinpoint and mitigate threats. As a result, you end up with a more powerful defense against hackers, while also saving your IT team time and energy through automation.
In short, Chronicle is intended to be a digital “immune system” that organizations can use to automatically hunt down threats and rid the business “body” of cyber disease.
Growing Role of Machine Learning in Cybersecurity
The marriage between machine learning (ML) and cybersecurity comes as no surprise, and, in many ways, they make ideal bed buddies.
Cybersecurity depends, in part, on digital attacks that compromise your IT infrastructure. Machine learning is able to recognize and learn patterns based on historical and incoming data. This makes it an ideal solution for cyber defense, especially because many attacks hinge on a hacker introducing anomalous code into a system—code that’s virtually guaranteed to violate a pattern of safe behavior that an ML system had analyzed.
In fact, ML and cybersecurity have already started working together as partners. For example, next-generation firewalls (NGFWs) incorporate machine learning systems to strengthen their threat detection and mitigation abilities.
The approach is relatively simple: A traditional firewall can’t recognize the digital signature of some threats, especially those that haven't already been launched, studied, and logged into a threat intelligence system—also known as zero-day threats.
But a machine learning-based system can identify what a safe ecosystem looks like and how safe data packets behave, establishing acceptable patterns. When a threat enters the equation, its behavior throws up a red flag, and the system can then mitigate it instantly.
How Will Machine Learning Affect Cybersecurity?
Even though NGFWs already take advantage of machine learning, we're just beginning to tap ML's potential. Because machine learning can recognize patterns and take action based on data, there are numerous ways it continues to be effective in cyber defense.
As a simple example, consider what happens in an organization during a breach:
- Someone recognizes hacker activity within the system—either due to an alert from a monitoring system, a malfunction, or because data is missing, encrypted, or corrupted
- Then the IT team jumps into action, identifying the potentially affected systems, shutting down machines, stopping unnecessary servers, and scanning to see which area the attack has already started impacting
- At some point in the process, the team takes action to safeguard the most critical data, such as customer payment information or proprietary info used in the organization’s operations
- All of this can be done with machine learning. An ML system can:
- Recognize an attack and immediately and automatically secure areas of the network containing sensitive data
- Determine ahead of time which systems are the most business-critical
- Decide how to keep the company up and running while simultaneously addressing the attack, if possible
- Automatically reach out to people who have been impacted through email or other means of digital communication
IT teams can segment the infrastructure necessary to facilitate these interactions from the rest of the network, making it less likely to be impacted by the kinds of attacks the ML system would be warning users about.
Cybersecurity, at its most basic level, is all about patterns and what to do when they get violated. And this is right in the middle of machine learning’s bag.
How Machine Learning Can Defend Organizations by Analyzing Large Datasets
Machine learning has the ability to instantly understand what good and bad data look like and then take the appropriate action. It can do this in ways that would otherwise be impossible.
The data in your network is similar to a detailed, 2,000-page book. Imagine somebody gave you a digital copy of Homer’s The Iliad. But deep inside, there was a small typo, an extra space between two words. Even if you read the entire book carefully, you may not be able to pinpoint the error. And if you knew it was there—even if you knew what to look for—it may take you weeks to find it.
Machine learning could find the extra space in less than a second, fix it, and produce a new, flawless copy of Homer’s timeless epic. It does this by comparing a sound copy to the one suspected of having an anomaly.
An organization’s network consists of numerous “Iliads” of data and processes. ML can read these like a book, recognize that something’s off, and fix any malicious “typos” it discovers.
As mentioned above, if you have a next-generation firewall where you work, there’s a good chance you’ve already had ML come to your rescue countless times. Unfortunately, despite the machine learning benefits in cybersecurity, ML can also be your opponent.
How Is Machine Learning Used in Cyber Attacks?
As is the case with most technologies, machine learning can also be used for evil. And the abuse has already begun.
If a hacker has to manually guess the right password to gain access to a user’s account, it could take them weeks or longer, and in many cases, they would never succeed. But armed with machine learning, hackers can automate the password-guessing process.
Machine learning algorithms can generate thousands of passwords that relate to a specific user. For example, if an account has been successfully hacked, and the account holder uses their name and a set of numbers after it as their password, this information can be fed to the machine learning algorithm.
People sometimes simply change the numbers at the ends of their passwords or add punctuation marks or other characters to make them unique from one account to another.
A machine learning algorithm can easily perform the guesswork to harvest these kinds of passwords.
Malware That Can Avoid Detection
Cybersecurity researchers have recently developed malware that can automatically change itself to avoid being detected by a security system.
The technique hinges on a machine learning algorithm making key changes to the malware to camouflage it, essentially concealing it from mitigation technologies. Cyber attackers use this same technique to incorporate ML in cyber attack strategies.
ML-Powered Phishing Attacks
Phishing attacks, which involve tricking people into providing sensitive information, have been common for decades, but machine learning has taken them to a whole new level.
For example, researchers have been able to automate the generation of social media phishing attacks. They use machine learning to scrape a Twitter user's profile and then generate tweets from bot accounts. The ML can compose the tweets in a quarter of the time it would take a human user, and their click-through rates range between 30%-66%.
Machine Learning Use Cases for Cybersecurity
Recently, cybersecurity company Ordr began a project that involves using machine learning systems to study the existing digital architecture of an organization.
It can then use this data to establish how the system is supposed to function and the kinds of data that should be moving through it. Ordr’s solution then leverages this information to achieve full visibility into not only the system itself but also cyber attacks as they enter the environment.
Specifically, Ordr’s technology was driven by the WannaCry ransomware attack, which involved the encryption of many thousands of computers over the course of a few hours, ultimately forcing companies to decide between paying settlements or losing critical data and systems.
Ordr's monitoring solution can help prevent the kinds of hacking activity that have forced companies to pay huge cyber attack settlements.
The war in Ukraine has given rise to a different cyber threat that could also be prevented using machine learning. Germany has issued a warning to banks due to recent attacks on companies in the financial sector.
Hackers have been orchestrating distributed denial-of-service (DDoS) attacks, sending many false requests to flood servers with data and crippling systems in the process. By analyzing the patterns of web requests, ML could identify DDoS attacks before they’re able to cause a system outage.
Leveraging Machine Learning to Defend Organizations
Whether it’s Alphabet’s Chronicle, next-generation firewalls, or observability systems, ML is already playing a big role in cybersecurity.
As security engineers, researchers, and programmers continue to embrace machine learning’s potential, organizations can reduce human error and bolster cyber safety significantly.