Christian Wiens is Director of Marketing at MixMode. He has 10+ years of experience as a cybersecurity professional. He has his BA from The University of California, Berkeley and resides in Austin, TX.
You’ve undoubtedly read about “self-supervised” learning or “unsupervised AI” cybersecurity. As their descriptions imply, these security platforms offer a degree of autonomous AI oversight.
Still, what does this mean, exactly? Is there a meaningful difference between supervised and unsupervised AI?
The answer is a resounding, “yes.” Let’s dig in.
AI Evolves: What Are First-, Second- and Third-Wave AI?
AI technology experts have made advances in the field over the past few decades that have dramatically increased its potential as a network security solution. The U.S. Defense Advanced Research Projects Agency (DARPA) outlines three eras of AI:
- First-wave, rules-based AI enabled “reasoning over narrowly defined problems” with a reduced level of certainty, like early computer chess matches or tax prep software.
- Second-wave, or machine-learning AI, is based on “training statistical models on big data,” with minimal capacity for reasoning.
- Third-wave, or unsupervised-learning AI, is context-aware. Machines with third-wave AI “adapt to changing situations.”
Today, many security platforms utilize second-wave AI, even while making claims that frame their capabilities as third-wave solutions. The good news is that it’s relatively simple to evaluate these claims as you seek a more robust cybersecurity solution.
Machine Learning vs. Unsupervised Learning
Machine learning AI relies on classifying massive datasets with informative tags or labels. Network security engineers create a training algorithm to define data regions and create text-based descriptions of these regions.
The algorithm builds the central source of truth or network baseline, which is used to analyze future network behavior. Network activity that differs from the baseline triggers the machine learning security platform to flag it for review.
Importantly, this baseline information is only as current as the last manual update and is only as accurate as the labels applied to network data.
Another critical limitation of supervised machine learning is its inability to analyze network behavior with context. For the security platform to understand why a new network behavior is acceptable, the underlying baseline source of truth must be current.
Situations like the recent shift to telecommuting in response to COVID-19 restrictions can effectively break machine-learning security platforms. These systems churn out hundreds of “anomalous” behavior alerts because the baseline expectation is that the network is usually accessed onsite. A sudden influx of remote connections won’t match baseline expectations unless the baseline is adjusted.
What is self-supervised learning?
Modern, third-wave, self-supervised AI technology is every bit as sophisticated and futuristic as it might sound, but at a high level, the concept is straightforward.
Self-supervised AI learns organically in the same way people learn. During early development, humans don’t need to be taught every step involved with walking, talking, or eating. The same can be said of unsupervised AI. We can equip this technology with the seeds it needs to become a living, ever-evolving part of a given organization’s network.
Real unsupervised AI spots security issues sooner and predicts future behavior more accurately than older first- and second-wave solutions. Self-supervised AI technology draws on an understanding of the fundamental nature of the network where it lives, an understanding that isn’t possible with supervised-AI.
Self-supervised learning takes into account an evolving network baseline. Essentially, it is smart enough to quickly adapt baseline expectations to changing situations like the shift to telecommuting due to COVID-19. This is a crucial distinction for two reasons:
1. SecOps teams can respond to genuine threats quicker because they don’t need to wade through a massive list of false-positive alarms.
2. The system doesn’t need constant babysitting.
The result is a security solution that is more accurate, more responsive, and less demanding on security resources, including skilled labor.
Evaluating Cybersecurity AI Promises
The network security market is flooded with companies promoting ultra-modern, AI-enhanced platforms. At first glance, it might appear that hands-off security solutions are the norm at this point. Take a closer look, and it will become clear that “AI” has multiple meanings throughout the security market.
The general perception many people have about AI is that the primary feature of this technology is its ability to handle tasks free from human intervention. In reality, network security products integrated with so-called AI often require a great deal of oversight and input. Most security firms have not evolved to the point where they can offer authentic self-supervised learning AI.
MixMode can empower your organization to apply modern security solutions to modern security threats. Learn more and set up a demo today.
MixMode Articles You Might Like:
Guide: The Next Generation SOC Tool Stack – The Convergence of SIEM, NDR and NTA
Redefining the Definition of “Baseline” in Cybersecurity
MixMode CTO Responds to Self-Supervised AI Hopes
Why Training Matters – And How Adversarial AI Takes Advantage of It
Encryption = Privacy ≠ Security
Self-Supervised Learning – The Third-Wave in Cybersecurity AI
How the Role of the Modern Security Analyst is Changing
One Thing All Cybersecurity teams Should Have During COVID-19