A dominant traditional model in cybersecurity was what many experts now called a “perimeter approach” – it was all about battening down the hatches by closing off gateways and keeping unauthorized activity out of a network entirely. The firewall is an excellent example of a perimeter security tool. It gets set up facing a DMZ or “no man's land” and puts critical security controls on all incoming data. Many types of endpoint security are also examples of a perimeter approach.
|Free Download: Machine Learning and Why It Matters|
In earlier years, the perimeter approach represented the height of digital security. Systems administrators responded to hackers mainly by shutting doors, closing loopholes and applying more careful monitoring. Systems did get hacked, but in general, hackers utilized a range of evident vulnerabilities. Hacking took place over slower connections, and dealt with much less sophistication than today’s systems provide.
However, in recent years, there is the widely held consensus that acknowledges that hackers will have access to some parts of the network. Phenomena such as the cloud-computing or software-as-a-service model, the internet of things and the bring-your-own-device corporate trend have all contributed to this idea. Enterprise systems and other systems are now less able to completely block all outside traffic – so they have to adapt and move toward different models.
The way that some experts explain it is that cybersecurity professionals have been trying to build protection into systems by looking at yesterday's attacks, and not the ones that may happen in the future. A perimeter approach and other less-developed models can only stop attacks based on very rigid threat evaluations. That is often not enough to deter a modern data breach or other cyberattack.
Machine learning tools and new artificial intelligence paradigms are perfect for new network protection systems because they are able to work proactively to identify threats. Machine learning tools move beyond the constrictions of their original programming, and evolve automatically over time. Bringing this principle to cybersecurity allows systems to be on the lookout for types of suspicious behavior that may have never happened in the past.
One easy way to think about this is to consider the individual machine learning algorithms to be internal actors or “agents” working within the interior of the network. Armed with knowledge about what sensitive data is and what may constitute a threat, machine learning tools can automate a lot of the cybersecurity intelligence that aids human decision-makers in protecting systems. For instance, machine learning tools can be taught to evaluate any kind of suspicious network activity according to criteria – who logged on, when they logged on, where they logged on and what was accomplished. Rather than working to an established set of rules, machine learning and artificial intelligence tools can start to project a threat and mitigate it before it happens.
Another reason why artificial intelligence and machine learning are perfect for today's cybersecurity world is that the parties which are commonly on defense in cybersecurity, often big companies and government systems, have the resources for research and design, where the hackers and malware attackers oftentimes do not. While there have been some fledgling reports of hackers using machine learning or AI systems, for the most part, systems that provide these tools in cybersecurity are largely resistant to most of the malicious attacks that are happening around the world.