As we witness a growing number of cyber-attacks and data breaches, the demand for advanced cybersecurity solutions is becoming critical. Artificial intelligence (AI) has emerged as a powerful contender to help solve pressing cybersecurity problems. Let’s explore the benefits, challenges, and potential risks of AI in cybersecurity using a Q&A composed of questions I hear often.
Q1. Are we in an AI revolution?
A1. Innovations in AI have propelled us into an AI revolution, leading to significant advancements in natural language processing, computer vision, and decision-making capabilities. AI systems are becoming more general and human-competitive in a wide range of tasks. For example, the recent breakthroughs of large language models (LLM) and generative AI, such as ChatGPT and GPT-4, can do an amazing job writing an article, creating code, and drawings, and even passing a bar exam. It is becoming clear that these advances will have a profound impact on our society, including the potential to revolutionize the world of cybersecurity.
Q2. What are the benefits of using AI to solve cybersecurity problems?
A2. Cybersecurity, in many instances, resembles the task of searching for needles in haystacks. With the implementation of AI, the process can become more efficient and scalable, as AI excels at identifying patterns and conducting data analysis on a large scale. AI offers various advantages in addressing cybersecurity challenges, including:
- Detection of unknown, zero-day threats and anomalous behavior patterns, complementing heuristic and signature-based approaches
- Automatic classification and discovery of sensitive data and enterprise digital assets
- Simplification of complex policy configurations and management tasks, reducing the workload for cybersecurity professionals
- Identification of truly suspicious users and devices by efficiently analyzing large volumes of alerts and logs
- Providing additional intelligence around security incidents and recommending effective ways to respond.
These benefits collectively lead to a more proactive and efficient approach to maintaining security and reducing cyber-attack risks. With the help of AI-powered tools, security professionals will become much more productive in identifying bad actors and conducting threat investigations.
Q3. How is AI being used at Netskope?
A3. At Netskope, we have been using the latest AI and machine learning (ML) technology to power the Netskope Intelligent Security Service Edge (SSE) security platform. We have a team of dedicated ML scientists, security researchers, and product engineers who have track records of solving security and fraud problems in different domains. Leveraging our expertise in AI/ML and security, we are developing large-scale AI solutions for SSE. For example,
- By applying deep learning-based natural language processing and computer vision techniques, we are able to detect sensitive and personal data in our customers’ network traffic, such as financial and legal documents, source code, and images of passports and credit cards, which helps our customers comply with privacy regulations and protect their digital assets.
- Through the use of embedded user and entity behavior analytics (UEBA), we have trained models to discern normal behavior patterns versus those that originate from malicious insiders, compromised accounts, data exfiltration attacks, and ransomware attacks.
- AI is used to power multiple malware detection engines in the inline fast scan, as well as static and dynamic analysis-based deep scan of Netskope’s threat protection system, improving its malware detection efficacy for various file types.
- We have trained language models to classify URLs and web content, enabling Netskope’s customers to enforce their web security policy and perform effective web traffic filtering of sensitive or harmful information.
- Similar to generative pre-training of large language models, such as GPT models, we use a large number of web pages to train the HTML encoder and then use it to build the phishing classifier. The phishing classifier enables us to detect and block phishing web pages in the web traffic that goes through the Netskope SSE platform in real-time.
Over the past three years, Netskope has been granted 15 U.S. patents for our innovative application of AI in addressing cybersecurity challenges. Unlike the general-purpose AI, our AI models are specifically designed to solve security problems, while prioritizing efficiency and accuracy. They are optimized for real-time processing, allowing for fast and accurate results, all while maintaining a small memory footprint.
Q4. What are the challenges and risks of using AI?
A4. Cybersecurity has its own challenges when it comes to the adoption of AI and machine learning technology.
- False positives and negatives. AI may sometimes incorrectly classify threats or anomalous behavior, leading to either false alarms or missed threats. The costs of false positives and false negatives can be significant, presenting considerable challenges for AI models. General-purpose AI, without customized training and tuning, may not meet the required accuracy standards. Netskope takes a multi-layered approach that incorporates AI, heuristic, and signature-based components. This is to ensure that the Netskope SSE platform satisfies the high accuracy requirements that are necessary for effective data security and threat protection.
- Privacy concerns. AI systems need access to large amounts of data to train and improve their algorithms, which raises questions around data privacy and protection. In addition, the use of AI in cybersecurity often involves the processing of sensitive and personal information, which must be handled with care to ensure compliance with data privacy regulations. The recent incident involving Samsung workers accidentally leaking trade secrets via ChatGPT serves as a reminder of the importance of data privacy in the context of AI cybersecurity. At Netskope, we take these concerns seriously and prioritize the responsible use of data in all of our AI applications. We don’t use customers’ data for AI training unless they give us explicit permission.
- Explainability and interpretability. In cybersecurity, it is crucial to understand how AI makes its decisions to ensure that the outcomes produced are reliable and consi