The Machines are Learning

A Look at the Evolution of Cyber Security

A few weeks back I attended the RSA conference in San Francisco’s Moscone Center, and was proud to support many of our portfolio companies, including HyTrust, Mocana, Blue Cedar Networks, and Opaq Networks. The annual event, which began in 1991 as a symposium for cryptographers, has since mushroomed into a global platform for the cyber security industry. This year’s conference theme was the power of opportunity and it was a fitting motif for the event. Given changes in the the global threat matrix we as civilians, enterprises and governments face, and the evolving nature of cyber security, opportunities abound for smart new companies.

Cyber security has become a massively important industry as companies and organizations around the world continue to leverage the cloud to advance their bottom line. Beyond traditional security firms like McAfeeSophos, and Symantec, next-generation endpoint security companies are focusing attention on machine learning algorithms. The continuing importance of the cloud in conjunction with machine learning applications, which are increasingly leveraging artificial intelligence, are expected to transform the security industry over the next two decades. Beyond outmoded anti-virus signatures, file reputation lists, and behavioral heuristics, applications built on top of artificial intelligence (AI) are now projected to reshape the nature of the cyber security.

Speaking at the RSA conference, security expert Bruce Schneier called for the creation of a new government agency focused on the internet-of-things (IoT) regulation. In Schneier’s view, “the risks are too great, and the stakes too high” to ignore the challenges ahead. Cyber attacks have become dependent on machines and automation techniques to streamline their operations and so must cyber security systems. The massive global infrastructure encapsulated by ‘IoT’ is measured in the tens of billions of nodes. And these devices don’t speak ‘IT’ (information technology) they speak an entirely different language called ‘OT’ (operational technology). This means that almost all of the cyber security solutions that the industry provides are non-compatible and that an entirely new crop of ‘OT’ compatible solutions, such as Mocana, are needed. With the increasing importance of cloud computing and IoT, AI will become critical to managing the transition to “smart” security.

While previous RSA conferences have largely focused on debates over encryption, this year’s conference was dominated by mounting anxiety over government cybersecurity and state-sponsored attacks. The recent theft of data from the US Office of Personnel Management and high-profile breaches across the Department of Homeland Security and the Federal Bureau of Investigation, have amplified concerns about state sponsored cyber crime. This is all the more interesting to observers because the Trump Administration is set to release its policies on cyber security in the coming weeks. The new administration’s position on cyber security remains in question given the suspected role of the Russian government in the 2016 presidential election.

A recent leak of the administration’s plans call for a review of U.S. cyber capabilities and vulnerabilities. But rumors suggest that the President’s cybersecurity efforts will simply expand on previous administrations. Unfortunately, even as the Trump administration has promised to restore industrial era manufacturing jobs, AI technologies are now quickly moving to remake whole industries. Experts suggest that the heyday of manufacturing jobs in the United States is now long past. Indeed, according to a recent study by the University of Oxford, 47 percent of jobs in the United States could be automated by AI over the next two decades.

Just as AI is being deployed to automate everything from office productivity tools to factory robotics, the technology is moving to enable the automation of a wide range of security functions are currently overseen by human beings. In fact, last year, the Obama administration raised concerns about the impact of AI in a presidential report entitled “Preparing for the Future of Artificial Intelligence”. As the report concludes, automating expert work that is currently performed by human beings— whether partially or entirely—will likely enable strong security across a broad range of systems and applications at a much lower cost.

IBM, for example, has begun offering Watson for cyber security. Tightly integrated with QRadar, the system is designed to emulate the behavior of threat analysts by supplementing internal security alerts and events with exhaustive searches of threat intelligence and social media. Beyond an initial focus on large government intelligence and law enforcement agencies, IBM is expanding its’ offering to existing customers.

The value of AI and, especially machine learning to cyber security, is the technology’s capacity to apply existing data to consistently improve its functions and strategies over time. As AI “learns” and understands routine user behavior, it can more easily identify new variations in order to detect and identify threats. Leveraging algorithms to learn from data is a key tool for uncovering cyber threats and Sway Ventures is particularly interested in long-term investments in AI powered cyber security companies to combat the threats of the future.

Although it may have been sufficient to focus on network and endpoint protection in the past, now with the proliferation of cloud-based applications, mobile devices, and IoT, cyber security platforms will increasingly be expected to manage a much broader “attack surface”. For this reason, Sway Ventures is acutely interested in supporting the next generation of cyber security firms.

In a conversation with Tom Barsi of Carbon Black, he sees the situation this way.  “Traditional AV (antivirus) was built to stop legacy malware. Today’s non-malware attacks are stealthier than traditional malware and often go undetected for significant lengths of time, posing a much greater risk to government and businesses. A modern approach is required and a new set of next-generation antivirus (NGAV) players has emerged. These NGAV players deliver an advanced endpoint protection platform that combines detection, response and machine learning-based prevention. The result is a much more effective approach to detecting and stopping advanced threats.”

Notwithstanding the fact that billions of dollars are spent on cyber security every year, the number of reported cyber attacks and the magnitude of breaches continue to rise as well. The hard reality is that cyber security is a moving target. Any system— no matter how advanced— can be exploited.  As new generations of hackers continue to probe weaknesses in even the most advanced AI, new investments in cutting edge machine learning technologies will be critically important to the broad evolution of the industry. We are excited about this evolving space and Sway Ventures expects to be a major player in the global security market.