You know it and we know it. We cannot train our way out of the widening cybersecurity skills gap (expected to reach 3.5 million by 2021). We’ve discussed at length why traditional, passive learning models in training classroom settings are ineffective (not to mention boring), but at Circadence®, we are optimists and innovators, dedicated to finding a solution—and for now, in the industry’s current state of affairs, we’ve found what works. It lies in leveraging artificial intelligence (AI) and machine learning.
Types of AI
AI is a broad field so for the sake of simplifying, there are two types of AI that we distinguish: Narrow and General. Narrow AI refers to AI that is used for a specific function like self-driving cars. General AI tends to be a feared concept (e.g. robots taking over the world). For this post, we are focusing on Narrow AI and how it informs the cybersecurity space.
Within Narrow AI, we are focusing on two sub-sets of the field: Natural Language Processing (NLP) and machine learning. Together, they can provide automated and augmented relief to weary cybersecurity workers who are stretched beyond their limits.
NLP is present in our cybersecurity training platform Project Ares®. The in-game advisor Athena uses NLP to communicate with trainees in “chat-bot” format to answer questions and provide hints to players. The data that comes from those conversations with Athena (in addition to how a user progresses through exercises) is processed by machine learning, the technique where data is used to learn about a user’s actions, so it can generate a response.
This becomes particularly valuable when machine learning has lots of data to process in order to create different pathways to solving a problem. It’s kind of like the “two heads are better than one” motto, but machine learning needs lots of “heads” (aka, data) to generate the best solution for the problem at hand. Uber uses machine learning to understand the various routes drivers are taking to transport people from point A to point B. It then takes all those routes together and finds the most efficient route, so current and future Uber drivers can better serve their passengers.
How AI can work for cybersecurity pros
Now, one can imagine how these two sub-fields of AI can be of value in the cybersecurity industry. With attacks getting more advanced by the minute and the frequency of attacks occurring at alarming rates (an average of 200,000 malware attacks per day per company), the more information we can equip machine learning and NLP with, the better it can function for us. Particularly when it comes to understanding how to defeat sophisticated cyberattacks and the appropriate steps to take for risk mitigation.
The more cybersecurity professionals engage with the Project Ares platform and its content, the better information data scientists have to draw conclusions on the best ways to solve the missions (and remember, the missions and battle rooms are developed from real-world threats and methods of attack, emulated on real networks). The more efficiently we solve missions, the closer we are to defeating incoming threats quicker, and the more we contribute to protecting enterprises from cyberattacks and closing the skills gap.
AI: Augmenting the cyber workforce
One of the exciting outcomes of AI is in its ability to augment the cyber workforce. Since there has been a staffing shortage, AI can be used to bridge the gap by scoring or ranking individuals and teams based on mission performance. The data that is collected and used to generate pathways for attack strategies and mission completion, can also inform the score or skill level a person is at. This can augment evaluation and assessment protocols, helping CISOs better evaluate the capabilities of their teams and identify areas for improvement.
AI can also augment cyber team task performance. For example, if an enterprise company wanted to create its own custom missions/exercises within Project Ares for its teams to train on (so they are not engaging with the same redundant exercises), designers/engineers can use AI to collect existing performance data from similar missions to create variability in another mission. Instead of the mission designer spending time creating different pathways in the mission, AI can use the data it already has to inform what and how those variabilities are developed, saving time and resources.
All about the data
The relationship between AI and cybersecurity comes down to how it is used within the solution and the quantity and quality of data it has available to work with. With our solutions, we leverage NLP and machine learning to automate administrative tasks currently performed by professionals and augment where staffing falls short. In the case of Project Ares, AI helps guide and teach trainees during game play, giving them new threat vectors, scenarios and tasks based on past performance and behavior. In other words, the ecosystem feeds threat data to improve training, augmenting cyber actions to ensure trainees are learning best practices to combat evolving threats.
What we’ve learned from the power of AI is that when it has a large corpus of data to work from, it is the most productive way to ensure systems take the best actions for the player’s learning advantage—and players, too, make informed decisions that help them defeat emerging threats.