The relationship between modern cybersecurity solutions and AI has become inextricable. The unfortunate reality is that even the most talented and responsive SecOps teams are unable to manually catch every threat posed to the sprawling, hybrid networks on which today’s organizations rely.
Forward-looking organizations know they need to bring AI and machine learning based security tools onboard. As they begin looking into their options, the challenge becomes deciding if security companies can truly back up the claims they are making about their artificial intelligence and if their solutions are actually providing value.
All too often, so-called AI solutions require a great deal of human input, negating much of these platforms’ promised convenience and efficiency. Today’s complex network security threats cannot be adequately addressed with outdated cybersecurity solutions.
Fortunately, recent AI Advancements and the advent of self-supervised learning based solutions will play a central role in effective, real-time network security and help security teams measurable increase overall productivity.
Another way to refer to self-supervised AI, a term coined by Turing Award winners Yoshua Bengio and Yann LeCun, would be to refer to the technology as "Third-Wave" AI which is a term originally used by DARPA, and to understand why "self-supervised AI" is such a big deal for cybersecurity, we must first understand the different types or "waves" of AI and what solutions based on older machine learning models are actually providing.
First, Second, and Third-Wave AI
The concept of AI might bring to mind science fiction novels or movies set in the far future. In fact, rudimentary forms of AI have played a role in the development of computer technology since at least the 1940s, and historical records reaching back into the 1300s reveal humankind’s fascination with the concepts of “thinking” and “learning.”
What is First-Wave AI?
Between the late ‘50s and mid ‘70s, early computer programmers took advantage of computer advances like onboard storage to apply machine-learning algorithms to various processes. Early applications included teaching computers how to play games like checkers and chess.
More recent examples of first-wave AI are tax preparation software and features like recommendation engines. First-wave AI adds automation to repetitive, narrowly defined tasks, but can’t perform functions beyond these limitations.
First-wave AI is purpose-built to solve specific problems. While it was an incredible advance in its day, first-wave AI is no match for the vulnerabilities inherent to the sprawling, distributed networks of today.
What is Second-Wave AI?
When Amazon recommends an almost eerie product suggestion, that’s second-wave AI in action. The mega-retailer is constantly analyzing its customers’ buying patterns to arrive at spot-on recommendations. Second-wave AI relies on labeled data to come up with predictions about how we’ll behave next and which products we’ll find the most appealing.
Second-wave AI is more sophisticated in its application versus first-wave AI, but is capable of very little reasoning capability. IBM’s Watson, for example, can provide information and even answer questions, but without context. Watson is unable to explain how it arrives at its conclusions.
Unfortunately, almost all of the current cybersecurity solutions used in enterprises around the world today utilize second-wave AI. For example, Security Information and Event Management (SIEM) cybersecurity platforms typically rely on second-wave AI. These security solutions are a benefit to organizations in that they add some level of automation to network monitoring processes. However, they require a great deal of ongoing human interaction and constant guidance. Worse, SIEM platforms rely almost solely on past behavior to determine present and future risks.
The result is a security system prone to false-positive alarm triggers at a rate SecOps teams can rarely analyze fast enough. Recent studies reveal that security analysts are spending 25 percent of their workdays on threat hunting and batting down false positives. This time could be spent on more worthwhile pursuits, but the opportunity cost can be even higher when the time spent chasing false positives leads to missed true positives.
Not only are the majority of SIEM platforms not up to the challenge of catching sophisticated modern threats, they are also far too dependent on historical data. Today’s networks are dynamic, constantly adjusting to both internal and external changes. SIEM platforms that lack the ability to understand the context of a given behavior are unable to respond quickly enough to be of much use in the real world.
What is Third-Wave AI or Self-Supervised Learning?
Third-wave AI or self-supervised AI allows a system to learn completely on it's own, without the need for human input and evolves over time with the system it is monitoring. In cybersecurity, one example of third-wave AI is MixMode which leverages generative, self-supervised learning to create an accurate baseline based of normal network traffic and behavior in real-time to better predict future network behavior.
Self-supervised learning is a major leap forward from first and second-wave AI because it is context-aware. Cybersecurity is greatly enhanced by systems that can look beyond anomalous activity and labeled data sets to predict future outcomes.
One recent example of the wide gap between second and third wave AI is the workforce response to the Coronavirus pandemic that swept across the globe in early 2020. Almost overnight, a huge percent of the world’s workforce switched from working onsite through company intranets to telecommuting from home. Third-wave AI adjusts to a “new normal” seamlessly, learning very quickly that while unexpected, this shift in how network data was accessed was not actually “anomalous.”
Self-Supervised Learning Is a Modern Cybersecurity Must
Today’s network security threats require modern solutions that go beyond the limitations of second-wave AI-enhanced cybersecurity. Malicious actors are more sophisticated than ever and have long cracked the code when it comes to infiltrating and retraining label-dependent networks to exploit vulnerabilities. Third-wave, self-supervised learning platforms change the way organizations handle event management in powerful, fundamental ways. Learn more about the MixMode third-wave self-supervised solution.