How A.I. Could Be Our Most Intelligent Defense

Cylance CEO and President Stuart McClure on CBS News

If you'll be attending the RSA Conference in February and are looking to learn some hacking tips and tricks, Cylance CEO and President Stuart McClure will be presenting on February 15th at 1:30 PM on Hacking Exposed NextGen. Stuart will demonstrate some live exploits and real-life hacking on everyday technology, and will also show you how to prevent them using simple countermeasures. We urge you to join Stuart for this amazing presentation at the Marriott Marquis in Yerba Buena 5. Reserve your seat today!

In the meantime, get ready for RSA by watching Stuart’s recent CBS News interview, during which he discusses why "who did the hacking" is a less important question than how to stop it: 

VIDEO: Stuart McClure Talks to CBS News About the Future of Cybersecurity

TRANSCRIPT:

How Cylance Applies AI To Cybersecurity

STUART: "Our approach is really quite different than anything else you’ll find out there. We take a purely mathematical approach. We believe that you can actually identify attacks long before they ever start, and truly prevent them.

This is done through what we call AI prediction. We’ve trained computers over millions and millions of files and attacks, to learn exactly what makes them up - the DNA of these attacks. By understanding the DNA mathematically, now we can prevent and protect against future attacks. So it looks like we’re predicting attacks, when really, we’ve just learned through AI machine learning what the DNA of these attacks is.

We see ourselves today as applying artificial intelligence to cybersecurity in a truly preventative and predictive way. We see the company expanding far beyond cybersecurity. The techniques that we are using are very applicable to other areas and fields of study. Anything that you want to try and classify effectively. 

For example, another application might be healthcare, or diagnostics - for example an MRI scan. Being able to detect early forms of cancer or disease. Anything that’s data driven. That’s the beauty of machine-learning algorithms. They take large amounts of data that you and I would fall asleep trying to process, and they never forget what they process. And they can learn from that to make decisions going forward."

On Why Signature-Based Solutions Are Obsolete

STUART: "The old approach is signature-based, and what that means is that you have to actually see somebody get attacked first before you can protect everyone else. So, a human being usually has to be in the mix, and human beings are very difficult to scale. Especially in our business. So being able to hire enough security analysts to take all of the attacks that happen every day and write signatures for them is an untenable prospect for a business to scale.

What we do with artificial intelligence is to use machines for what they’re really good at, and then we use humans for what they’re really good at. Now, the human element is this: if the attack bypasses the artificial intelligence (which is very rare), it’s a very complex attack – it’s something that we truly haven’t seen before. And it’s the humans that need to go in there and understand what happened, how it was bypassed, and what new features or characteristics we have to train the machines on.

It’s the same thing in the real world. If you apply AI to those things that machines do really well and humans don’t, and you move the human talent into that which they do really well – which is creative (work) and handling very difficult topics - then you’re going to be successful."

On Attribution in Cyberspace

STUART: "Attribution in cyberspace is almost 100% fruitless. It’s so easy for me as a security professional or for a hacker to make any attack look like it’s coming from anybody. It’s just too simple to be anonymous online. 

So the jump to the “Who?” really does us a disservice. What we need to think about is the “How.” How did these individuals get in? How was it so easy? Why was it so easy? And address it at that level. Because 99% of attacks out there that happen are the everyday “Ankle-Biter” attacks. They’re nothing new, we’ve seen them a hundred or a thousand times.

So why, if they are so simple, were they not prevented? That’s the bigger question, and that’s what I’d love people to focus on."

On Denial Of Service Attacks

In this segment, Stuart discusses a recent series of cyberattacks that disrupted Twitter, PayPal, Spotify, and many other sites. The attack was on an Internet infrastructure company called Dyn. It is currently being investigated by the FBI.

STUART: "A denial of service attack is one of three core 'hacks' that work every day around the world. They are actually the smallest portion of attacks, but when they hit, they’re really dramatic. They can drop services, drop websites. They can impact everything from patient care to oil and gas pipelines.

In this case, the attack occurred because attackers were able to get into embedded systems like video cameras and printers, using very simple techniques. They used default usernames and passwords predominantly. By getting access to those devices, they were able to point millions upon millions of those devices to a set of particular DNS names. And because Dyn was the particular DNS at the time, by giving Dyn so many requests for so many of these domain names, it would literally drop the service.

It’s an inevitable problem for us in cyberspace to know what is legitimate verses non-legitimate traffic. It’s actually quite challenging. And this is also where I think AI would be a perfect application. Of the three types of attacks, execution is the largest one – getting something to execute in the remote target’s memory. Second is identity and authentication base. Things like using usernames and passwords to bypass authentication. Third is denial of service. All three can use AI to solve their core problems."

On Predicting the Future of Cyberattacks

STUART: "We’ll see bigger attacks (in the future), there’s no doubt about it. It’s just too easy. We’ll also see bigger attacks around ransomware, which seems to be very popular because it is so easy. I do predict some large ransomware attacks on mobile, for the first time ever, because it is so simple to get those kinds of attacks to work. So between denial of service, ransomware attacks, and embedded systems attacks, we’ll definitely start to see more of these kinds of things to come."