Glen Jones Visa At Structure Security
Machine learning and artificial intelligence can help fight against future AI threats and attacks. William Mansell

Depending on who you listen to, AI is either the future we should embrace or it’s one to fear. But for those on the front lines of security, artificial intelligence could be a way to help humans fight back against security threats, hackers and eventually maybe even other machines.

In a world where algorithms could soon be up against algorithms and machines against machines, Nicole Eagan, CEO of Darktrace, said it’s important to understand the real threats posed, the human element needed and the importance of preparing today for tomorrow’s attacks.

“The good news, so far we haven’t seen much AI machine learning. used yet by the attackers,” she said. At this point it is mostly test cases that have been found and not successful, major attacks. But with tests taking place, it means machine or AI-based attacks have to be considered as a threat.

At Structure Security 2017, Eagan said machine learning should be looked at similarly to the human immune system.

“What if we have the AI emulate the human immune system,” Eagan said. “... While we have skins that helps protect us, "when a virus gets inside, our immune systems creates a very rapid and precise response, exactly how we are using AI.

Eagan said it’s important for those companies who are able, to start using machine learning and AI now. While there isn’t a great list of companies getting owned by machines now, it’s better to get ahead of the problem instead being reactionary later on. As the machines learn your users’ needs, use cases, data, it helps your company be proactive against future threat. Just as the more you study something the more you know, the more machines/AI learns about your network and users the more it will be better prepared to deal with AI problems when the time comes.

AI can "learn normal pattern of life inside every user and device. Learn what's not normal," Eagan said. Machine distinguishing between "the benign versus interesting is very different that categorizing previously known attacks."

Glen Jones Senior Director, Visa Risk Products said at Structure Security 2017 that companies today can use automation to fight against attacks. Breach and attack simulations, using data from historical attacks plus using machines learning, can help prepare your company from dynamic and static threats.

“A lot of networks that look on paper to be ironclad fortresses of data turn out to be compromised.. why that is, they aren’t truly testing… or they are not using threat intelligence. Applying the intel you see from historical breachers and [adapt] defenses as you go along,” Jones said. “Attack simulation, breach simulation, I can think of no better way (to protect your data) than to operate like a hacker would. It’s invaluable in assessing your environment.”

Ayal Yogev, VP Product Management at SafeBreach, said you can have all the people and products available to combat threats but there are limits because it's impossible to test something every time one thing changes.

"Only way we can be proactive and not reactive is automation. Automate what penetration testers do in order to find gaps before hackers can come in and find them for us. In order to do that extremely well, is to think like a hacker,” Yogev said.

“I would be mostly interested in what is my defense strategy is in those simulations ... and being able to adapt to the current threats,” Jones said. “Just preparing for static threats, it may only carry me so far.”

Editor’s Note: Newsweek Media Group and International Business Times partnered with Structure to host Structure Security 2017.