Data center operators are starting to deploy artificial intelligence and machine learning technology to improve cybersecurity, and few are even building their own security AI systems.
The new technology can help spot suspicious user behaviors and identify zero-day attacks while processing more data at a much faster rate than what humans can do, and many security vendors are already building machine learning into their products.
"I don't think it's hype," said Dinesh Nirmal, VP of analytics development at IBM. "There is definitely a lot of work going on."
Machine learning is particularly good at spotting anomalies in large data sets.
"If you are managing a large data center with hundreds of millions of transactions happening, for a human being to detect at that level is going to be really hard," he said.
This isn't the same as manually turning security alerts.
This is analogous to how credit card companies spot suspicious behavior, he said. A company could set up an alert to automatically flag all purchases that are, say, more than 30 miles away from a customer's home.
But that means if a customer regularly travels to different locations, all those transactions will come up as fraudulent. This is where machine learning comes in, where the system learns about individual customers' behaviors and looks for deviations from those behaviors, doing it for millions of customers at once.
"The same rules are being applied in cybersecurity," Nirmal said.
A machine learning platform can learn to differentiate between good software and malware, between legitimate traffic and fraudulent traffic, between normal employee behaviors and suspicious ones, and continue to learn as behavior patterns change over time.
Enterprises can buy off-the-shelf systems for intrusion detection, network security, and access control. But some large companies are building their own systems, which today are still in early stages.
The next challenge for AI isn't to just classify events based on what has been seen before but to predict what's coming next.
"That is a challenge that still needs to be solved," Nirmal said. "We are nowhere near” having solved it.
But a lot of people are working on the problem, he added. "I would say, over the next two to five years we will see significant improvement in the security of data centers, if not earlier."
Will AI Replace Human Security Experts?
AI won't make the infosec profession disappear, experts say, but it will make individual security staffers much more powerful
Today, many of them are tied up with time-consuming routine tasks.
"AI can offload the repetitive, tedious work," said Chris Morales, head of security analytics at Vectra Networks.
And, in the short terms at least, there are limits as to what automated systems can do.
"It would not be wise to rely completely on machine learning in any scenario, as there is still too many variables that could go unnoticed without human oversight," said Joe Partlow, CTO at ReliaQuest.
Some people -- even some technology experts -- believe that they can feed all their data into an AI system, and the system would spit out an answer.
That's a mistake, said Madhan Kanagavel, founder and CEO at CodeLathe Technologies, the company behind the FileCloud enteprise file sharing platform.
It takes expertise to figure out where machine learning will do the most good.
"Applying the right model and training data on the right application is critical to get meaningful results," he said.
Filecloud uses machine learning to detect potential ransomware attacks.
"For example, if there is an abnormal spike in the number of files getting encrypted, the system stops synchronization of files and sends an alert to the admin," he said.