Machine learning is perhaps the hottest buzzword in cybersecurity today. The artificial intelligence technology is deployed by cybersecurity firms in an effort to keep pace with the evolution of cyberattacks, as machine learning algorithms are able to improve predictability the more it is used.
But according to Guy Caspi, CEO of cybersecurity company Deep Instinct, machine learning is no longer enough in an age of unprecedented evolution and volume of cybercrime.
G DATA researchers recently found that last year a new malware specimen surfaced every 4.6 seconds. In the first quarter of 2017, it reduced to every 4.2 seconds, meaning millions and millions of new malware surfaced every year. Data from the IT-Security Institute found 127.5 million malware samples last year, and while there is evidence that number may decline for 2017, researchers warned that these cyberattacks are becoming more sophisticated.
“We are living in this reality when, five years ago, you had only 10,000 new malware per day,” said Caspi in a recent interview with PYMNTS. “It was digestible by the big vendors. But today, it’s mission impossible.”
Considering this volume, machine learning can no longer adequately rise to the cybersecurity demands of today’s large organizations, the executive said.
That’s because with machine learning, you still need human intervention to identify what the algorithms are supposed to be looking for.
“In machine learning,” Caspi explained, “you still need pre-processing of someone who knows very well what you want to implement. For example, if you’re looking at facial recognition, you need someone able to identify, in every face, the specific features that are important to differentiate this face from any other face. This process is still done manually.”
Experts that know exactly what they want an algorithm to identify will see a good result when implementing such a tool, the executive noted. But this is time- and resource-intensive, and with attacks flooding in, time and resources are of the essence.
Dependence on human intervention is also quite inefficient, Caspi noted.
“We as humans only think in linear patterns. This is how our [brains have] been built,” he said. “In cyber, and many other domains, the most complex problems, ideas, attacks or vulnerabilities are coming from non-linear patterns.” Further, he continued, by having a human decide what these algorithms need to detect, they are unable to cover their bases when a new type of attack emerges.
Today’s cybersecurity offerings are also inefficient when it comes to what to do when a possible threat has been detected. It takes several minutes in the cyber defense process to open a file that could contain malicious malware once it’s been identified by cybersecurity software, and then the decision has to be made as to whether there is a legitimate threat or not.
“It takes a very long time to digest in corporate America, in which there are tens of thousands of employees and millions of files,” Caspi said. Machine learning-based solutions have to have a human tweak the technology to constantly stay up-to-date with what it should be searching for, sometimes based on attacks that have already happened.
Here’s where Caspi said deep learning improves upon some of these challenges: The technology allows algorithms to determine themselves what they should be looking for, meaning deep learning can be more agile as more and different malware comes onto the scene to threaten corporate security.
“You don’t need to decide in advance what you are looking for,” he said. “You don’t have limitations like this. We don’t open any file to scan every piece for information.”
The CEO highlighted the recent NotPetya attack, which he said Deep Instinct was able to block without any pre-processing, and without any prior history of the attack in its systems.
“This proves that deep learning is resilient to these new mutations of malware,” he said.
But the challenge today is that deep learning is quite complex to implement and deploy.
“The barrier to entry of deep learning versus machine learning remains extremely high,” he said. Part of that is because machine learning relies on only two or three algorithms; deep learning deploys tens of algorithms, and complex math. But the ongoing evolution of corporate cybercrime means cybersecurity companies may no longer be able to afford relying solely on machine learning.
Recent cybersecurity attacks like WannaCry led to a spike in stock prices; reports last May said companies including FireEye, Sophos and ETF saw their own surges in the immediate wake of the event. But Caspi also pointed to declines in market value in the long-term for some cybersecurity companies (FireEye, for example, missed earnings and revenue expectations in its Q4 2016 report). Caspi said this is because these businesses can no longer keep pace with the current cybersecurity climate that demands greater agility, and at the same time, greater efficiency.
Analysts picked up a merger and acquisition (M&A) boom in the cybersecurity industry last year, and it shows no signs of slowing: This month alone, Symantec revealed agreements to acquire Fireglass as well as Skycure (both of which are also based in Israel), a move Caspi said is part of the companies’ efforts to integrate cybersecurity for different platforms, including mobile and web, under a single roof.
“The whole industry is going to change,” the CEO said. “We’ve sees a lot of M&As in the last 18 months, because cybersecurity vendors realize they need one platform to address different attacks.”
Organizations don’t want to have to implement dozens of cybersecurity solutions to cover all of their bases, he added; they want a few vendors that can do it all — and that includes detection and prevention. As M&A activity continues, and as industry players shift their capabilities to meet unprecedented challenges, Caspi said Deep Instinct hopes to IPO in a few years, too, banking on its ability to deploy deep learning in this space and evolve with industry trends. The good news: Deep Instinct raised $32 million from venture capitalists earlier this month, so the company could be well on its way.
“The industry is going to change dramatically in the amount and size and the feature-richness of technology of cybersecurity companies,” he said. “It will be very interesting and challenging to see how it evolves.”