Security teams are skeptical of AI. Attack prevention products could change that.

If new technology for AI-driven attack prediction and prevention lives up to its promise, it could enable major improvements for cyber defense. Darktrace just released new products that will test the theory.

Cybersecurity AI

While many security professionals have grown numb to the claims of what AI and ML could do thanks to years of hype, attack prevention is a new use for machine intelligence in cyber defense.

Photo: Darktrace

With products for AI-powered attack prevention moving into commercialization, the next wave of artificial intelligence and machine learning for security is starting to take shape.

If the technology lives up to its promise, it could enable major gains on cyber defense and help repair the poor image that AI/ML has among many cybersecurity professionals, experts told Protocol.

On Tuesday, Darktrace unveiled its first products for AI-driven cyberattack prevention. The company said that its new Prevent product family will be generally available on Aug. 1, joining its existing portfolio of attack detection and response offerings.

By using AI to model and emulate potential attacks, "you've just created a 'digital bad guy'" to help inform cyber defense efforts, said Mark Driver, a research vice president at Gartner.

For defenders, the problem right now is that the volume and velocity of attacks coming in are simply overwhelming, Driver said. "The only way to deal with this is to start removing those attack vectors proactively."

And AI/ML is the most scalable way to do so. We're still two or three years from AI-powered attack prevention becoming a "should-have" for businesses, but "it's going to be absolutely huge” over the longer term, Driver said.

While many security professionals have grown numb to the claims of what AI and ML could do thanks to years of hype, attack prevention is a new use for machine intelligence in cyber defense.

With this approach, "you are using AI to be a bit of a crystal ball," said Nicole Eagan, chief strategy officer and AI officer at Darktrace, who previously served as CEO of the company from 2014 to 2020. "It's very different than using AI [for] reacting to something that's happening."

Darktrace, which was founded in 2013, has a track record for spotting where AI/ML could be applied in cybersecurity. The company was early to the idea that the technologies could be used for improved detection of cyberattacks by sifting through reams of data. Today, AI/ML is ubiquitous in detection tools.

After detection, Darktrace expanded into using its self-learning AI for responding to malicious activities once they've been detected.

Now, the company is looking to enable cybersecurity teams to get out ahead of the threats. Darktrace unveiled two new products that will make up its Prevent product family — an attack surface management product for locking down external assets and an "end-to-end" product that can be used to harden all of a customer's environments, both internal and external, against cyberattacks.

At the core of the Darktrace Prevent technology is the application of AI/ML to what's known as "attack path modeling." The idea is to use AI to map out all of the paths that an attacker might take to find the most valuable or sensitive data in an organization's IT systems.

The technology can then prioritize which paths the organization should focus its energies on blocking. It can also feed that information back into the Darktrace detection and response engine to pay especially careful attention to those critical pathways, according to the company.

"By hardening the environment, it's a deterrent. That makes it harder for an attacker to get in, and more expensive," said Justin Fier, vice president of tactical risk and response at Darktrace. "That means there's a good chance they might just go on to the next target, because there's lower-hanging fruit there."

Attack emulation

Crucially, rather than just simulating attacks, Darktrace's technology is capable of emulating real-world attacks using a customer's actual data and IT systems, according to the company. That's important because the only way to really know if existing countermeasures would catch an attack is to run a test with the organization's actual people, Eagan said.

"The AI will actually insert itself in a [Microsoft] Teams or email conversation you're having with a relevant party. And it will get the tone right. You cannot discern that it's an attack," she said. "It uses the self-learning AI to create an extremely effective attack on a person so we can test the countermeasures."

Initial customers that've been using the Darktrace Prevent product include the City of Las Vegas, which said in a news release that along with monitoring of cyber risk, the technology also enables continuous penetration testing. A number of customers have cited the ability to do pen testing on a continual basis — rather than just the occasional penetration tests that can be run by staff — as a key use case for the Prevent technology, Eagan said.

Another vendor that's been at the forefront of deploying AI for cyber defense is Deep Instinct, which has stood out with its focus on preventative security.

The solution that you're buying should block the next attack.

With a deep-learning algorithm that aims to mimic how a human brain thinks, Deep Instinct claims its technology can predict attacks before they happen — even for types of attacks that haven't been seen before, according to the company.

"We are not relying on any human analysis in order to train the machine on what the next attack is going to look like," said Nadav Maman, co-founder and CTO of Deep Instinct. "The solution that you're buying should block the next attack."

Using AI/ML to achieve a more proactive stance in security is "where we need to see more of an industry shift," said Lisa O'Connor, managing director for Accenture Security and head of security R&D at Accenture Labs.

Researchers at Accenture Labs, for instance, have been exploring how virtual replicas known as "digital twins" can be used to reveal potential attack paths. AI/ML can be used to interrogate the digital twin model that's been created; for instance, a security team might ask the model to reveal the next likely path to be used by an attacker, or the fastest path to the most critical data in the IT system, O'Connor said.

"From a defensive perspective, it's about, where do I cut off access to have the least business impact?" she said.

Accenture's cyber digital twins technology is ready to pilot now with customers, according to the company. Ultimately, using AI/ML for preventative cyber defense "could be transformative," O'Connor said. "I absolutely think it's coming."

AI exhaustion

It can't be ignored, though, that any new wave of AI/ML for security will have to confront the weariness that many cybersecurity teams have with artificial intelligence.

"For the majority of security professionals, they are sick of hearing it," said Allie Mellen, senior analyst at Forrester.

Even though there are some strong use cases for AI/ML in security, any new advances in the area will face "quite a bit of skepticism and questions on whether it's actually going to be able to add value," Mellen said.

Could this emerging wave of preventative AI/ML for security make any difference in the perception? Mellen said it will depend on how the security tool makers describe what their technology can do, and whether they deliver on their promises.

"I think some vendors are able to communicate what machine learning is doing for them in a way that's trustworthy," she said. Typically, that involves sharing some of the technical details and explaining what's actually happening.

"Without that transparency and clarity, it can be very difficult for practitioners to trust whether or not machine learning is actually being used, or whether it's being used in a fruitful way," Mellen said.

Gartner's Driver agreed that AI/ML for security has suffered from being overhyped and promoted as a silver bullet. (Of course, that’s not something unique to the cybersecurity market, he noted.)

But if security teams do want to be able to move to a more preventative stance, there's no way to do that effectively without using these technologies, Driver said. While a lot of the modeling for attacks is out there today, it can often take weeks to pull together manually, he said.

"The AI is going to give it to us much, much faster, and much more surgically accurate," Driver said.

And it's likely that, in time, security teams will begin to see that it's "many times more valuable" to deal with events before they happen, rather than after, he said. Driver expects that AI-powered security tools for cyberattack prevention will become a "must-have" for businesses within three to five years.

With so many cybersecurity professionals "burnt out and tired of firefighting," the arrival of such tools could make a tangible difference for security teams, Eagan said.

And maybe, they could even help improve the image of AI/ML in the cybersecurity community.

"I do think it has the promise of shifting the way we look at cybersecurity," Eagan said, "and hopefully making it a lot less stressful for the security teams who've been living in the trenches."

Note: Protocol is owned by Axel Springer, in which KKR has a large minority stake; KKR has invested in Darktrace.


Google TV will gain fitness tracker support, wireless audio features

A closer integration with fitness trackers is part of the company’s goal to make TVs a key pillar of the Android ecosystem.

Making TVs more capable comes with increasing hardware and software requirements, leading Google to advise its partners to build more-capable devices.

Photo: Google

Google wants TV viewers to get off the couch: The company is working on plans to closely integrate its Android TV platform with fitness trackers, which will allow developers to build interactive workout services for the living room.

Google representatives shared those plans at a closed-door partner event last month, where they painted them as part of the company’s “Better Together” efforts to build an ecosystem of closely integrated Android devices. As part of those efforts, Google is also looking to improve the way Android TV and Google TV devices work with third-party audio hardware. (Google launched Android TV as an Android-based smart TV platform in 2014; in 2020, it introduced Google TV as a more content-centric smart TV experience based on Android TV.)

Keep Reading Show less
Janko Roettgers

Janko Roettgers (@jank0) is a senior reporter at Protocol, reporting on the shifting power dynamics between tech, media, and entertainment, including the impact of new technologies. Previously, Janko was Variety's first-ever technology writer in San Francisco, where he covered big tech and emerging technologies. He has reported for Gigaom, Frankfurter Rundschau, Berliner Zeitung, and ORF, among others. He has written three books on consumer cord-cutting and online music and co-edited an anthology on internet subcultures. He lives with his family in Oakland.

Sponsored Content

How Global ecommerce benefits American workers and the U.S. economy

New research shows Alibaba’s ecommerce platforms positively impact U.S. employment.

The U.S. business community and Chinese consumers are a powerful combination when it comes to American job creation. In addition to more jobs, the economic connection also delivers enhanced wages and a growing GDP contribution on U.S. soil, according to a recent study produced by NDP Analytics.

Alibaba — a leading global ecommerce company — is a particularly powerful engine in helping American businesses of every size sell goods to more than 1 billion consumers on its digital marketplaces in China. In 2020, U.S. companies completed more than $54 billion of sales to consumers in China through Alibaba’s online platforms.

Keep Reading Show less
James Daly
James Daly has a deep knowledge of creating brand voice identity, including understanding various audiences and targeting messaging accordingly. He enjoys commissioning, editing, writing, and business development, particularly in launching new ventures and building passionate audiences. Daly has led teams large and small to multiple awards and quantifiable success through a strategy built on teamwork, passion, fact-checking, intelligence, analytics, and audience growth while meeting budget goals and production deadlines in fast-paced environments. Daly is the Editorial Director of 2030 Media and a contributor at Wired.

What the fate of 9 small tokens means for the crypto industry

The SEC says nine tokens in the Coinbase insider trading case are securities, but they are similar to many other tokens that are already trading on exchanges.

While a number of pieces of crypto legislation have been introduced in Congress, the SEC’s moves in court could become precedent until any legislation is passed or broader executive actions are made.

Illustration: Christopher T. Fong/Protocol

When the SEC accused a former Coinbase employee of insider trading last month, it specifically named nine cryptocurrencies as securities, potentially opening the door to regulation for the rest of the industry.

If a judge agrees with the SEC’s argument, many other similar tokens could be deemed securities — and the companies that trade them could be forced to be regulated as securities exchanges. When Ripple was sued by the SEC in late 2020, for example, Coinbase chose to suspend trading the token rather than risk drawing scrutiny from federal regulators. In this case, however, Coinbase says the nine tokens – seven of which trade on Coinbase — aren’t securities.

Keep Reading Show less
Tomio Geron

Tomio Geron ( @tomiogeron) is a San Francisco-based reporter covering fintech. He was previously a reporter and editor at The Wall Street Journal, covering venture capital and startups. Before that, he worked as a staff writer at Forbes, covering social media and venture capital, and also edited the Midas List of top tech investors. He has also worked at newspapers covering crime, courts, health and other topics. He can be reached at tgeron@protocol.com or tgeron@protonmail.com.


Werner Vogels: Enterprises are more daring than you might think

The longtime chief technology officer talked with Protocol about the AWS customers that first flocked to serverless, how AI and ML are making life easier for developers and his “primitives, not frameworks” stance.

"We knew that if cloud would really be effective, development would change radically."

Photo: Amazon

When AWS unveiled Lambda in 2014, Werner Vogels thought the serverless compute service would be the domain of young, more tech-savvy businesses.

But it was enterprises that flocked to serverless first, Amazon’s longtime chief technology officer told Protocol in an interview last week.

Keep Reading Show less
Donna Goodison

Donna Goodison (@dgoodison) is Protocol's senior reporter focusing on enterprise infrastructure technology, from the 'Big 3' cloud computing providers to data centers. She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. Based in Massachusetts, she also has worked as a Boston Globe freelancer, business reporter at the Boston Business Journal and real estate reporter at Banker & Tradesman after toiling at weekly newspapers.


Dark money is trying to kill the Inflation Reduction Act from the left

A new campaign is using social media to target voters in progressive districts to ask their representatives to vote against the Inflation Reduction Act. But it appears to be linked to GOP operatives.

United for Clean Power's campaign is a symptom of how quickly and easily social media allows interest groups to reach a targeted audience.

Photo: Anna Moneymaker/Getty Images

The social media feeds of progressive voters have been bombarded by a series of ads this past week telling them to urge their Democratic representatives to vote against the Inflation Reduction Act.

The ads aren’t from the Sunrise Movement or other progressive climate stalwarts, though. Instead, they’re being pushed by United for Clean Power, a murky dark money operation that appears to have connections with Republican operatives.

Keep Reading Show less
Lisa Martine Jenkins

Lisa Martine Jenkins is a senior reporter at Protocol covering climate. Lisa previously wrote for Morning Consult, Chemical Watch and the Associated Press. Lisa is currently based in Brooklyn, and is originally from the Bay Area. Find her on Twitter ( @l_m_j_) or reach out via email (ljenkins@protocol.com).

Latest Stories