AI Is Both an Opportunity and a Threat for Cybersecurity - Interview with Thierry Karsenti (Check Point)
The importance of cybersecurity worldwide needs to be properly recognized if we want our digital world to grow safer. For this, collaboration is essential among security firms, if we're to fight against cybercriminals.
During the ITBN conference that took place in Budapest, we had the chance of chatting with one of the speakers, Check Point's Thierry Karsenti, vice-president, for the Europe Engineering and New Technology Business Unit. We talked about the role of artificial intelligence in the future of cybersecurity, about the threats we face every day we spend online and what we can do to keep our data, our secrets, safe.
Without further ado, here's what Karsenti had to say.
Q: How do you believe cybersecurity will change in the next few years in terms of AI implementation and machine learning; how will our security in general change?
A: Well, I think if you look at where we are today is that organizations have understood that cybersecurity is fundamental in the digital era. You cannot do business if there is no trust and cybersecurity is here to bring the trust in the digital world, whether this is business or private life. Having said that, where we stand today is that these systems are extremely fragile because a lot of this security investment has been mainly around detection - trying to detect that an attack is going on or has occurred. Probably, where we need to be heading in the future as an industry is far more on preventing attacks, rather than detecting attacks. Part of the reason why the industry has been so focused on detection, rather than prevention, is because of the lack of confidence to understand whether it's a real attack, or it looks like an attack, but it's a regular business flow.
Artificial intelligence, and especially machine learning - deep learning -, is actually bringing fantastic opportunities for the cyber security market in the sense that you can help reduce the number of false-positives in a drastic way and be far more predictable as to whether what is happening is right or is wrong and if it's wrong, there is no reason to let it come into the organization and into the systems.
Q: We were talking about how machine learning can tell you about the threats that are happening around the world and learn from that. But what about new types of threats like WannaCry or NotPetya? How can we prevent this type of attacks with the help of Artificial Intelligence?
A: When the problems are complex, there are usually no silver-bullet answers, not a single solution. As we see, cyber threats are increasingly complex and sophisticated, so obviously what's going to be needed is a combination of multiple answers. Part of that lies in technology - such as the help of AI, and of machine learning - but there is more than that. There is also the need to look for innovation as to where you deploy security.
For instance, security that is currently running on endpoints is very obsolete. Defense mechanisms compare it to the threats appearing nowadays. When you think about it, it is very trivial for anyone, not sophisticated hackers, but truly anyone, to get a known malware, turn that with a few clicks into something unknown to the antivirus, and bypass the security systems on endpoints. There's no surprise that you then have malicious content running the machines - whether you call that bots, which have been running for years, whether you call that ransomware - but you start to see that as tools that are meant to be destructive, deleting all information, all system, all applications from an information system.
So, there is a need for more innovation, but there's also a need for deploying security on the right endpoints - I'm talking about traditional endpoints, but I'm also referring to mobile devices - tablets, smartphones, which come with very limited security nowadays. These are the number one target for hackers, because that's a fantastic playground for them, and it's easy for them to infect a user. Not only because they want to actually hack this device, but this device becomes a gateway to the network of those organizations.
Q: Do you think we will ever have AI-led cybersecurity solutions, without human input? Or is this something that we can't exactly expect AI to learn how to do.
A: I think we are still very far away from thinking that AI will bring solutions that are more advanced than the solutions that people can come up with. But you can also think of AI, not just as an opportunity, but also as a threat. Because AI could be set not only to help protect against the attacks but also be used to help the attackers defeat the protections that are in place. When one door is closed, it will automatically learn from it and try to detect another way to bridge the systems.
Whatever technology there is, it's always used in a good way, but also in not such a good way. It depends on who uses it. It can also be used by police officers, but also by criminals. These are the same guns.
Q: Do you believe collaboration between security firms like yours and others would help prevent larger scale attacks, like in the case of WannaCry? In a more recent case, there were a few hundred thousand Android devices piled up in a botnet, and they were taken down by putting together all the puzzle pieces from several security firms before Google intervened and wiped clean the apps from the infected devices.
A: The bad guys are certainly one step ahead, in the sense that they are already uniting massively - the Underground, the deep web, the hacking forums - are already in place, collaboration is there. They are aggregating multiple types of talents. Some are really good at social engineering because they speak the native language of the target, but they have maybe a deficiency in terms of expertise. So they know very much how to aggregate this expertise and how to combine these talents into something extremely powerful. When it comes to the cybersecurity world, in terms of security vendors, it's been traditionally extremely siloed, organizations themselves have been similar in their approach and very shy at sharing back information to their peers in the industry or to security vendors.
We definitely see a shift. I think people understand that the only way to deal with current threats that are global threats and are happening almost in real time in terms of propagation is that we need to unify our forces, our intelligence, and protections. We still have a ways to go and to improve, but it's already happening. In private sector, there are increasing numbers of security alliances, which the security vendors are promoting and Check Point is definitely promoting multiple alliances to combine the strength from many other sources.
I think there is a need for more collaboration and there is a need for turning this collaboration into something that is like a platform that facilitates it so that it can be automated and turned into real time. When there is a Petra attack happening, it's not about meeting next week and sharing; you need to have platforms, tools in place, processes in place so that instantly you can collaborate and be very fast at deciding what you want to be doing.[caption id="attachment_4777" align="alignnone" width="5000"] ITBN 2017[/caption] Q: During your ITBN presentation, you talked about the exponential growth of both detecting systems and the data that is stored. How will exponential growth affect the threat themselves and the way we fight them?
A: Exponential technology is benefiting both sides. It's benefiting the bad guys - IoT is a fantastic playground for creating distributed attacks, whether they're distributed denial of service, as we've seen, where they managed to shut down major ISPs. This allows that once they orchestrate that to create very powerful weaponized attacks. But, at the same time, it can also be used by the good guys in trying to be more agile and to learn faster about what's going on. This is where machine learning and artificial intelligence is coming into the picture, and where cloud is coming into the picture, because it allows all data processing - whether intelligence or regular data - to be done in a very fast way, but also very smart way. If this were done on the device, either it would be impossible, or very slow and the user experience would be dramatically impacted.
I think what we're going to see is that it's going to impact both the good and the bad stuff.
Q: Since you mentioned IoT, do you think there need to be guidelines in place in regards to making these devices safer, more secure?
A: There is definitely a need for the IoT industry to mature. Whether it will mature by itself, or we will fasten that and regulate it, there's a need for more maturity. A lot of IoTs have zero security by design and not only that, but they have zero ability to, at some point, include some security notion. A lot of these devices don't even have any mechanisms to update themselves, which is kind of insane. Even though you need there's a problem, you have no chance of dealing with it.
There is a need for security by design, but also one to take into account that IoT won't be by design secure enough to be where you want it to be and you need to have an architecture that's IoT-ready by design, meaning that you need to rethink how you're going to deploy security so that it takes into account IoT devices which won't have enough security embedding to them, but that you need to be running at some point, somewhere.
Q: What can the average Internet user do to protect himself online, and his or her cyber secrets?
A: There are multiple things that I call security hygiene, that we need to include in our day-to-day life and into our culture. One is that we need to be ready for an attack, and for the worst attack. This means that we need to have backups. If we have no backups of our data, whether on our mobile devices, our tablets, on PCs, or in the cloud, we're going to be one of the victims of the upcoming disaster of ransomware or destructive malware that will make us no longer have access to that data. One - get ready for an attack, therefore have a backup ready, which needs to be offline. If they're connected in real time, they can also be infected and you haven't solved your issues. These backups need to be updated on a regular basis.
Second - whatever system you're running, make sure you're running the latest version. Not that you will have no security issues, but you will reduce the number of attacks significantly. All the known vulnerabilities won't be able to be exploited if you're running the latest version. Make sure that whenever there is an update, whether it's a Windows update, iOS, Android or whatever - don't delay it. Any updates, whether operating system or app, make sure you have the latest version. That's at no cost and it's truly effective.
Thirdly - don't rely on "good-enough-security". There is no good enough security. You need, at some point, get yourself into a security solution. The same way you have a lock at your house and locks and keys, it's also your responsibility to have some technology to deal with these security risks. Call it an antivirus, call it a firewall; if you want to simplify it call it a security suite, but you need to have a solution.
Q: You mentioned offline backups - do you think we'll need to, in a way, turn back towards offline storing of our data, rather than pushing it to the cloud?
A: I think the cloud, in the idea of doing backup online transparently in real time, carries a lot of risks. It carries the benefit of not losing data for the past two weeks because the last backup was two weeks ago. In an ideal world you want to do both, where you have real-time backup, but also offline backups so in the worst situation, you actually have ways to recover. But just because you have backup in the cloud, it doesn't mean you have to leave it on all the time. You can choose to disconnect it, and connect it only during the backup processes time, which would reduce the risk of attack.