Can machine learning solve the cyber security threat?
With cyber security attacks growing in frequency and impact as more and more of our infrastructure is digitalized, how will we be able to secure our digital assets when there is also a growing shortage of skilled cyber security professionals? Darktrace seeks address the issue as the first company to take an unsuperviced machine learning approach to product development in cyber security by developing a defence system modelled after the human body’s immune system.
Imagine the consequences if tomorrow 10% of the UK’s power supply were to disappear in an instance. That could happen if Drax Power Station, the largest power supplier in the UK, was hacked in an attack that paralyzed the station’s IT system. Drax is facing a common challenge in any digitalized organization today: The number of cyber attacks is increasing while there is a shortage of skilled cyber security experts capable of stopping such attacks. Drax found their solution in cyber security vendor Darktrace that seeks to address their issue through unsupervised machine learning.
As our society is digitized we are achieving magnificent benefits both in terms of productivity and convenience, but investments in digitalization have not been matched by investment in cyber security. Estimated spend on IT of 3.7T in 2018 dwarfs the estimated 114B spent on cyber security1. It is estimated that cyber security attacks will cost $400 billion each year as a consequence of several billion breached data sets with an average time of ~100 days to discover covered attacks2. Increasing threat of cyber security attacks is expected to drive demand for cyber security professionals 12x faster than the total job market, leading to an estimated expected shortage of 1.5m cyber security professionals by 20203.
The increasing skills gap and growing threat level is why using machine learning is so important to the Darktrace product development. The company’s Cyber AI platform is built on unsupervised machine learning, performing billions of probability-based calculations to teach itself what network traffic in an organization’s IT infrastructure is normal and what traffic should be flagged as a threat5. The company compares their technology to the human immune system, able to identify a virus and start fighting back in real time without having previous experience. In the short term, the Darktrace management team believes their technology can be used by any organization to flag potential threats in real time without much human interaction. In the medium term, the management team envisions that cyber criminals will increasingly deploy machine learning in their attack strategies. Darktrace therefore believes using machine learning is the only way to defend against these types of cyber attacks in the future, as humans will simply not be able to keep up with the pace of machines5.
While the Darktrace approach to cyber security defense has shown early promise and been highly successful against recent ransomware attacks such as WannaCry, the approach using machine learning does have it’s drawbacks. The largest issue Darktrace faces is to educate users. Customers that have not implemented the technology correctly have reported that it produces too many false negatives, leading IT teams to ignore the generated threat alerts. Other customers might be unable to attract the required skills to analyze threat information generated by the technology6. Meanwhile, Darktrace senior management seem set on not providing much help to their customers, proclaiming that they are “not a consulting firm” and only provides limited support services to customers6.
In order to better address the cyber security threat and skills gap in the near term, I recommend the Darktrace management team focus on building a services organization to support customers with implementation and provide “expertise as service” on a subscription basis. These services could be built faster if Darktrace partner with IT services organizations to provide external parties that can handle first and second line support to customers as the cyber security services industry shifts to rely more heavily on outsourced service providers7. In medium term, I would recommend the management team address the user friendliness of the product they are selling. If Darktrace is able to simplify the user interface and installation of the product it would greatly increase the value proposition of the product to customers struggling to attract skilled cyber security professionals.
Cyber security will likely be one of the most challenging issues of our time, but with a growing skills gap how can the challenge be solved? Darktrace and their approach using unsupervised machine learning in cyber security product development is likely a large step in the right direction, helping organizations leverage their IT employees and resources more efficiently through automated identification cyber security threats. However, the Darktrace technology will need to support from human judgment in the short-term and will only bridge the skills gap in the medium term if it can be translated into a user friendly platform. If Darktrace can do both of these effectively in the short and medium term, their approach to cyber security might be what enables us to protect our infrastructure from an ever-increasing sophistication from cyber criminals employing machine learning in their attacks. However, if we increasingly rely on unsupervised machine learning to protect our infrastructure, can we live with increasingly not understanding how cyber security technology works to protects us from cyber attacks? (799 words)
Sources
1Gartner Global IT spend, Gartner, Inc., accessed November 2018.
2 McKinsey, “Digital and Risk: A new Posture for Cyber Security in a Networked World, March 2018, https://www.mckinsey.com/de/~/media/mckinsey/locations/europe%20and%20middle%20east/deutschland/publikationen/2018%20compendium/a%20new%20posture%20for%20cybersecurity%20in%20a%20networked%20world/kompendium_03_cyberrisk-2.ashx, accessed November 2018.
3 Rebecca Vogel, “Closing the cyber security skills gap” Salus Journal, volume 4 issue 2, (2016): 3, via Google Scholar, accessed November 2018.
4 Cathrine Clifford, “How billion dollar start-up Darktrace is fighting cybercrime with AI” CNBC, Augsut 7, 2018, [https://www.cnbc.com/2018/08/07/billion-dollar-start-up-darktrace-is-fighting-cybercrime-with-ai.html], accessed November 2018.
5 Darktrace, “Technology” https://www.darktrace.com/en/technology/#machine-learning, accessed November 2018.
6 Ally Ram, “Inside Darktrace, the UK’s $1.65bn cyber security start-up” Financial Times, October 9, 2018, [https://www.ft.com/content/2fa5bade-cb09-11e8-9fe5-24ad351828ab, accessed November 2018.
7 Guide for Managed Detection and Response Services, Gartner, Inc., accessed November 2018.
Excellent topic to write about and cybersecurity attacks will be one of the biggest (if not the biggest) threats to our national security going forward. Should either our energy grid or financial services infrastructure be taken out by a cyber attack, the damage would be unimaginable. Our energy grid faces thousands of attempted attacks every month – and Symantec recently discovered that the networks of more than 20 energy companies had been compromised by hackers. In 2015, a quarter of a million people were left without power in the Ukraine after a successful cyber attack on the energy grid.
The cybersecurity industry will become increasingly reliant on machine learning and AI to detect threats to the system. You raised a very interesting point about false positives – one way to ensure a company’s focus on investigating these flags is to assign a probability of the flag being a serious threat (i.e., similar to Watson’s confidence in having the correct Jeopardy answer). This will ensure that the IT team will be spending time investigating the threats with the highest likelihood of being a true compromise in the system. As Darktrace continues to refine its machine learning and cybersecurity product, these ability to assign probability and identify actual threats will only continue to improve and provide a powerful defense against cyber attacks.
Interesting article! The topic of cybersecurity is especially important as we continue to move toward an increasingly digital and connected world. Every new application of technology (connected devices in cars, smart devices in our homes etc) is a new potential point of entry for data breaches and other forms of cyberattacks.
Ultimately, I think the reliance on machine learning to deal with the cybersecurity issue is inevitable. Even though I anticipate the cybersecurity skill gap will narrow over time, unsupervised machine learning algorithms will be needed to deal with the dynamic and evolving nature of cyberattacks and the massive volume of data that need to be analyzed to predict/detect potential threats.