If it feels as though your online existence is under constant threat from hackers and cyber thieves, you’re not imagining it. According to AV-TEST, an independent IT security institute, every day over 390,000 malicious programs are released into the wild with the aim of infiltrating computer networks, stealing trade secrets and personal data.
So how is it that Amir Husain, founder of SparkCognition, is hopeful when so many of us feel so helpless? He believes network security software is entering a new, more powerful age, one that’s enabled by artificial intelligence and IBM Watson. We caught up with Husain to discuss what his new model for network security entails.
Warner: SparkCognition is causing quite a stir in the online security world. Can you talk a bit about your mission?
Husain: We’re solving problems with the industrial Internet and with cyber security. For the former, we work with large manufacturers and energy companies that need a better way of getting a handle on machine prognostics that can predict when systems will fail. For cyber security, we apply our algorithms to a massive body of information, what we call a cognitive security depository. It’s a very large collection of honey pot systems that are constantly under attack. They capture an enormous amount of threat data, often even unknown threats – what’s referred to as “zero-day exploits.” Our algorithms are constantly watching for and identifying new threats. We spotted Shellshock – a Unix Bash shell vulnerability that attracted a lot of media attention a few months ago – before it even had a name. Our software doesn’t just identify the threat. It immediately researches all the known threat information available
to recommend a fix.
Warner:How does it do that?
Husain: A crucial component is Watson. We’ve trained Watson up on a massive amount of security content, from the Common Vulnerabilities and Exposures, or CVE, threat database to articles on network security, plus deployment guides and how-to manuals, all sorts of content that makes Watson really smart on security. When we detect a threat, we can query Watson to help us break down the playing field and devise a response. If it’s a brute force attack, for example, we can pose a question to Watson saying, ‘I’m seeing these top 10 usernames. What applications are they associated with?’ And Watson responds with all pertinent applications. A human security technician can interact verbally, using Watson’s question-and-answer capabilities, or type in a question like, ‘How do I block a remote login for a particular system?’ Watson will not just give a set of search engine links. It will tell you, ‘Here’s what you need to do. You need to go to this config file, change this line and restart this service.’ The old paradigm for security, which is signature-based, is defined by software that identifies what’s good and what’s bad and it’s up to us to make sense of it. That can be seriously flawed. That old paradigm will land us in a world of hurt.
Warner: What’s the alternative?
Husain: The only hope for security is the emergence of software-based decisioning, software-based pattern detection, software-based intelligence that can deal with all of the known threats and identify new ones before they do damage. And that’s our model, applying artificial intelligence to improve online security. It is the only hope. It’s either that or we all move back to typewriters.
Warner: Forget typewriters. The Internet of Things is transforming the planet, turning all our devices and networks into smart, connected systems. What role will AI play in protecting and managing those systems?
Husain: The Internet of Things is another game-changer. How will we secure a world with billions of connected devices? Putting a human in the loop to watch over this is impractical. So what then? The answer lies in big data and artificial intelligence. Artificial intelligence is about giving systems the ability to make sense of all the data – even in the absence of perfect information. This third wave of AI, as I call it, represents a fundamental shift in the software community, which has now been enriched with this massive sea of data. Almost every software category will be reinvented. We’re trying to reinvent security.