Use #itsaexpo #itsa365

25 - 27 October 2022 // Nuremberg, Germany

it-sa Newsroom

How can AI make my IT more secure?

© Johannes Räbel

Stefan Strobel, CEO of cirosec, a company specialising in IT security, was addressing the issue of AI as much as a quarter of a century ago. In this interview, he tells us what makes this technology so interesting today and how it can be exploited in the IT security sector.

  • At the moment, there is a lot of hype about AI.
  • The security product has to fit the task; whether it is AI-based or not is of secondary importance.
  • AI products are particularly suitable for tracking down the unknown and for self-adaptive systems.

Mr Strobel, you were involved with artificial intelligence long before you founded cirosec. How did that come about?

In the mid-1990s, 25 years ago, I was studying at the Laboratoire d'Intelligence Artificielle at the University of Savoie in Chambery, France. Afterwards, I didn’t have anything to do with AI for a while until I got involved in the IT security field via Linux and the Internet. AI and security are now coming together and we are coming full circle.

How has artificial intelligence changed during this time, and why is AI now of general interest compared with then?

At that time in the AI environment the talk was mostly about expert systems. The neural networks that dominate the segment today were still in their infancy. Machine learning, and deep learning in particular, were not a factor back then. At that time, the mass data for training such systems was not even available. It was only the wide dissemination of the Internet combined with the trend towards digitisation that ensured the availability of the sample data that neural networks need in order to learn. In the IT security segment, for example, these would be samples of malware.

The computing capacity of the systems back then was also not so pronounced; nowadays, you just have to power up a few hundred devices bought on Amazon to easily surpass the performance of the supercomputers of that era.

Moreover, in the 1990s you needed special programming knowledge to design AI applications. Nowadays, you can get complete frameworks for various KI processes direct from cloud providers. And you don’t necessarily need to do any actual programming any more. All of this means that AI projects, which 25 years ago were considered utopian or would have been extremely expensive, can nowadays be realised with minimal cost and effort. These are also the reasons why AI was still not an option for IT security in those days.

How can AI make the IT in my company more secure?

AI can efficiently classify large volumes of data according into various categories and separate them, for example, into harmful and non-harmful data. In the past, this was attempted using a rules-based model, which was not nearly so effective. The reason is that rules-based mechanisms have a scaling problem, among others, and cannot cope with constantly increasing malware variants. Basically, however, what matters is the intended purpose, because there is currently a lot of hype about AI.

What do IT managers need to consider if they want to use AI systems?

You should not blindly believe that a solution is better just because it is based on artificial intelligence. A successful use of AI depends on the choice of suitable product, because you cannot normally choose the method, only a product. And the product has to suit the field of application. Generally, manufacturers do not give any deeper insights into the AI processes used in their products. In addition, only very few users would probably understand which AI method is being used in a product. This is also not even necessary, because a product is used to provide a certain protection. How it achieves this tends to be of secondary importance.

In which IT security areas are AI methods particularly suitable?

Certain problems that have not been easy to resolve until now can be readily tackled using AI. Take SIEM for example (Security Information and Event Management), where previously elaborate rules had to be written in order to evaluate log files. Thanks to machine learning, the systems can now derive such rules more or less autonomously. For example, you can keep your defences at a relatively current status, whereas with manual rules you are always lagging behind.

This therefore makes AI ideal for identifying unknown things or for self-adaptive systems in application areas that change a lot, in which otherwise manual changes would have to be made constantly. However, artificial intelligence is equally suitable for searching for weak points in software development, e.g. to track down typical security problems in source code. But attackers know this too and use AI tools to develop new modes of attack.

What trends do you expect in the future in artificial intelligence in the IT security field?

AI will make inroads into all sub-areas in which decisions need to be taken. When it’s a question of security, AI will in future become a standard component in corresponding products. Already, AI is in the backend of almost all endpoint products. In the manufacturer’s cloud, the agent on PCs and servers only asks whether the fragment being investigated is good or bad. If the event of targeted attacks, this approach is especially useful, as virtually all end devices work together. As a result, new malware can be discovered and repelled sooner.