Overnight it seems artificial intelligence (AI) and machine learning (ML) have become indispensable ways for cybersecurity companies to keep organizations safe from an ever growing threat landscape. According to recent reports from IDC, global spending on cybersecurity reached well over $100 billion in 2019 and will surely increase even more in 2020.
The evolving use of technology in every corner of an organization — from cloud platforms to the varying technologies employees use throughout every level of an enterprise — has opened up a litany of entry points for attackers to exploit, putting a heavy strain on legacy systems.
Gartner estimated that 100% of all large organizations will have to discuss cybersecurity at some point throughout the year with their board of directors, making it a prime focus that can no longer be delegated to small IT departments to manage.
Annual spending on vulnerability management activities increased to $1.4 million in 2019, which is an increase of an average of $282,750 from 2018. But many organizations still cannot afford the kind of massive security teams needed to handle all of their security needs. This is where artificial intelligence and machine learning come into play, giving organizations a way to manage a wider array of threats and the ability to take on cybercriminals who are using these very same tools for their own activities.
There was a wave of data breaches in 2019 against companies who still use cybersecurity services relying on the standard ‘detect and response’ method, which has proven largely unsuccessful as fraudsters, hackers, and threat actors use more sophisticated technologies to infiltrate systems and access sensitive data, occasionally without the targets’ knowledge until it’s too late.
AI and ML can help augment a company’s cybersecurity by constantly monitoring for any suspicious activity and correcting the problem before it takes effect, and by keeping track of individuals’ activities to further protect them from more sophisticated threats.
Here are eight of the top cybersecurity companies focusing on using artificial intelligence and machine learning to protect enterprises.
A group of mathematicians from the University of Cambridge and government cyber intelligence experts in the US and the UK founded Darktrace in 2013. The company has used artificial intelligence with its Enterprise Immune System and Darktrace Antigena platforms, both of which leverage the power of automation to identify a diverse range of threats at its earliest stages — including cloud-based vulnerabilities, insider attacks, and state-sponsored espionage.
Former CIA executive Marcus Fowler, director of strategic threat at Darktrace, said that artificial intelligence gives security teams unparalleled visibility, and the ability to respond to threats faster than any legacy system could.
“It helps you understand your digital environment. It can know what is normal at the smallest level and detect against anomalies. At some point, something in your network pushes data to an external node that is totally unique to your digital environment. AI is able to say ‘This has never happened before, you need to look at this as a potential breach of your normal behaviour,'” he said.
“AI is able to understand something is occurring and identify responses that could occur to disrupt it in seconds providing the security team more time to actually become better informed about what’s happening,” Fowler added.
2. SAP NS2
Spun off from SAP in 2005, SAP NS2 uses data analytics and fusion technologies from SAP and applies them to cybersecurity, working with a number of US security agencies and corporations. Their AI and ML technology helps national security professionals process troves of data and protect sensitive information passing through a variety of locales.
In addition to their work with defense industry customers, SAP NS2 systems also handle the hard work of securing supply chains, which often involves dozens of companies operating in a variety of scenarios. The company also uses AI and machine learning to protect cloud platforms for a number of different customers.
“If you’re not deploying AI and machine learning, you’re probably still selling stage coaches,” said Mark Testoni CEO at SAP NS2. “We’re either users of these things or developing capabilities with them. It’s become extraordinarily important in everything from a cyberfight to the competitiveness fight.”
CrowdStrike is one of the most popular cybersecurity companies in the market, with dozens of high-profile customers. CrowdStrike’s Falcon platform uses AI to give users quicker visibility and protection across their entire organization and focuses on preventing endpoint attacks.
With Falcon, CrowdStrike is able to provide real-time protection and actionable threat intelligence as well as around-the-clock managed threat hunting.
“If you don’t have AI or ML, you won’t be a vendor anymore. This is the only way that any type of system can survive in this world. The traditional way of just knowing things is not going to work,” said David Cook, chief information security officer at Databricks.
Cook explained that Crowdstrike has a different model that identifies compromised systems, and it uses a lot of machine learning in the background for identification.
“Attackers are so sophisticated that the attack vectors change daily,” he said. “This is why these newer companies are coming up because they have this technology, and they’re leveraging it and surpassing the old way of looking at things.”
4. Vade Secure
Vade Secure is one of the world’s leading email defense companies, deploying artificial intelligence and machine learning to protect more than 600 million mailboxes in 76 countries from a variety of threats including spear phishing, ransomware, and malware.
The company got an infusion of more than $75 million in June from General Catalyst and plans to expand on its use of AI to protect inboxes across the globe.
“With the funding, we will continue to invest in our AI-based threat detection engine and build on Vade’s leadership in email security for ISPs. In addition, we have a unique opportunity to capitalize on the market disruption caused by the industry shift from on-premise hosted email to the adoption of cloud-based email platforms,” said Georges Lotigier, CEO at Vade Secure, in a statement.
5. Blue Hexagon
Founded on the belief that deep learning will fundamentally change cybersecurity, Blue Hexagon offers customers real-time network threat protection that can deliver threat detection in less than a second.
In a unique twist, Blue Hexagon uses AI to create malware based on global threat data and the dark web, all in an effort to test its own systems and push its capabilities to the limit. Blue Hexagon’s systems work in networks and in the cloud, covering a variety of threats across a multitude of different platforms.
“When threats look different, our firewalls and controls can’t keep up because they need to know what bad looks like before they can block it,” said Saumitra Das, CTO and co-founder of Blue Hexagon. “The fundamental thing that Blue Hexagon solves is using AI and ML to look at threats coming in, even if they are unknown, and be able to mark it instantly. What that gives us is the ability to deal with a million new things a day that is causing all of the breaches.”
6. Zero Networks
With its pioneering Zero Networks Access Orchestrator, the Israel-based Zero Networks created a cloud-based network security service that uses artificial intelligence to underpin a zero-trust network model.
The platform observes how users and machines normally communicate to automatically define and enforce a zero trust network model throughout an enterprise. With a patent-pending two-factor authentication mechanism, Zero Networks allows its customers to make new or rare connections and automatically updates policies so that they can always access what they need, when they need it.
The company has had a quick rise, starting in 2019, and it is already attracting major investors, securing $4.65 million in seed funding in February 2020.
“If you want to take an entire network and basically protect it with a click, that is our solution. It’s possible because our platform is automatic and proactive,” said Benny Lakunishok, Zero Networks’ CEO and co-founder. “It provides network security at scale and we have a patent on the key automation part.”
Webroot harnesses the power of AI to stop zero-day threats in real time, securing businesses across the globe with threat intelligence, and providing protection for endpoints as well as networks.
An noted that traditional anti-virus programs essentially created lists of things it knew to protect against, but as the world changed and attacks evolved, and it has become nearly impossible to categorize the volume of threats online.
While there are other phishing solutions available to detect a phishing site, many are based on the metadata or URL, leveraging the old list-based way of doing things. Other companies look for patterns in the URL to detect a phishing site. However, Webroot’s phishing solution works in real time, allowing it to open up the URL and block it from there.
The company also uses machine learning to gain more insight into specifically why certain attacks are bad, in an effort to expand its understanding of the threat landscape.
“In order to handle the volume of content that’s out there nowadays you really need some kind of automated solution to help either filter things out or automate the detection of threats. The traditional paradigm has died off,” An said. “AI makes it easier for cybercriminals to come up and generate a large number of these kinds of socially engineered tricks. On our side, we’ve had to become better about using machine learning and AI to automate sifting through this large volume of stuff. It’s an arms race. We take a more data-driven approach.”
Callsign uses AI and ML to validate a person’s identity just from a swipe on a touchscreen, number of keystrokes on the keyboard, number of locations, and other activities. The company’s trademark platform, Intelligence Driven Authentication, combines multi-factor authentication and fraud analytics powered by deep learning technology to fight against fraudulent activity, from identity fraud to SMS phishing.
The platform collects thousands of data points — including behavioral, device, locational, and telecoms — to correlate identity traits and combines this with threat analysis information to ensure that this data has not been compromised.
The data is then analyzed in real time using advanced machine learning and intelligence models to deliver a confidence score that the user is who they say they are when making a transaction. The Intelligence Engine works from the first interaction, getting richer with every subsequent interaction to build a unique identity profile for every user.
Whereas other authentication companies may use AI to detect the occurrence of fraud, Callsign creates profiles at an individual level. The idea is that everyone isn’t the same, so the company doesn’t apply general predictive models.