June 27, 2018
DattoCon 2018: Long Live AI; What the Heck is AI?
David Dufour is the Vice President of Cybersecurity and Engineering, Webroot. He is a leader in the computer security and threat analytics industry focused on developing new techniques for identifying and preventing threats related to ransomware, exploits, and other cyber-attacks. His experience with machine learning, contextual analytics, big data, integration automation, and forensics has led to the development of several cutting-edge solutions for mapping threat landscapes, identifying cybercriminals, and the use of predictive algorithms for pre-attack determination. Dufour also spends time speaking on topics pertaining to threat analytics, theoretical security systems design, and works to move the security industry to a more automated, predictive architecture.
Walking the aisles or dropping into sessions of DattoCon this year, there were a number of hot topics: business continuity, cryptocurrency, simplified dashboards, and easy reporting. All are great topics and key for this audience. MSPs need not only to show their value but also to streamline everything they do to make their operations more efficient.
That’s why I was so surprised that one topic was decidedly missing from the mouths of MSPs: machine learning and artificial intelligence. Arguably two of the most powerful technologies to strengthen cybersecurity postures and alleviate skills shortages, machine learning, and AI are crucial for increasing efficiency and driving value.
I’m not saying MSPs need to know all the nitty gritty details of these technologies. (Truth be told, I have enough trouble understanding our machine learning specialists sometimes. It’s like they talk in calculus.) But when I asked a few MSPs at DattoCon about machine learning models, I got a lot of blank stares, as well as a few good jokes about only knowing about supermodels.
That’s probably okay. You don’t need to know how the models and algorithms work to underscore the effectiveness of a machine learning-based solution. But MSPs should try to get the hang of the basics so they understand what’s real and what’s just marketing hype. After all, there are a lot of cybersecurity and threat intelligence vendors out there who all sound like they’re saying approximately the same things—you need to know how to tell the difference.
Real machine learning and artificial intelligence can help create new capabilities for the security stack while, at the same time, decreasing costs and reducing time to detect and remediate threats. It should help detect emerging, unexpected threat behaviors. It should also deliver value by building on the skills of human analysts (e.g., it could automate remedial tasks or simply work around the clock while your employees go home and sleep.)
How can MSPs test these real benefits for the technology against all of the buzzwords they hear?
- Ask questions about the data.
How does the vendor get data? Do they have historical data to track the behavior of a website or URL from the last 60 days, year, or 10-year period? How is the data fed into the security solution(s) they offer?
- Ask questions about updates.
How often does the vendor update their machine learning models? This should be done at least daily, if not multiple times a day.
- Ask how they handle unknown files and internet objects.
We’re not yet to the point where machines can run without human oversight. Human threat analysts need to review unknowns, edge cases, and the models’ overall behavior to continue to fine-tune the algorithms. This oversight helps avoid false positives.
- Ask how the product handles a threat that does get through.
Does it track what took place on the computer? Can it roll the computer back to a pre-infected state?
There’s no shortage of hype around AI and machine learning. Here are a few doozies I’ve heard recently.
- “Sixth-generation artificial intelligence”
There’s no such thing. There is, however, fifth-generation of machine learning and some companies, like Webroot, are testing sixth-generation capabilities as well.
- “Data sources don’t matter.”
Actually, the source of data does matter. You know not to trust just any old fly-by-night vendor of anything to give you a solid product. You have to do your research and ensure a certain level of quality and reputation. The same should hold for threat intelligence vendor and the data they use and deliver.
- “It doesn’t matter how long a company has been doing machine learning.”
How long a company has been working with machine learning and artificial intelligence is crucial. Quality models take time to tune, and historical data helps guide predictive assessments to prevent emerging and as-yet-undiscovered threats. You can’t spin up a new model and expect it to be effective in a week, or even a month. Maturity is a good thing.
This is by no means an exhaustive list, but it does provide a good start.
Unfortunately, there is no silver bullet for cybersecurity. There’s no single technology that will stop 100 percent of threats. Employees are going to click on malicious links and use recycled or easy-to-guess passwords, and cybercriminals are going to continue coming up with highly creative ways to get around defenses. After all, the threat landscape is unpredictable.
Don’t be afraid to ask questions to see how ML and AI in your security solutions can help protect customers and streamline your business. At the end of the day, MSPs are providing a real lifeline for their customers.
As David Hooper, STC Network Services, shared, “Last year, April 8, a customer was totally paperless—3 offices, 9 servers, on our cloud, 50 people. At 11:43 a.m., somebody clicked on an email in a remote office and all their files were encrypted with ransomware. By that afternoon, they were back up like nothing ever happened. We saved his business.”
I love that story. I got into cybersecurity because I liked helping people, especially in the face of the devastating losses that can happen during a cyberattack. (And I also like getting paid to break test computers.) My advice to MSPs is this: don’t shy away from asking questions about AI and machine learning. Learning about and adopting those technologies is how you’ll help your customers the same way David Hooper did—today, tomorrow, and forward.