Within tax automation is a popular and very important topic, but with our brains still outperforming Artificial Intelligence (AI) techniques, humans are indispensable. Especially with respect to pattern recognition and contextual reasoning, human are superior in keeping false positive rates of automated techniques to a minimum. The area of security heavily relies on this type of recognition and reasoning. We therefore still have a job to do.

Everyone nowadays is talking about the role of AI (or deep learning). Especially within the field of security, people are talking about how this technology will eventually solve all our problems. The truth is that we are not there yet and as long as AI cannot fully simulate the human brain we are invaluable for the detection and understanding of threats.

“The truth is that we are not there yet and as long as AI cannot fully simulate the human brain we are invaluable for the detection and understanding of threats.”

Recently, the purchase requisition system in one of the world largest chemical companies was completely shut down by what appeared to be a “cyber threat”. Clients could not visit the company’s portal anymore to order new parts. It seemed that they where blocked by the company from the inside. The board of the company gathered from all over the world to figure out what has happened in their system. They asked the software engineers whether their systems were updated recently. It turned out that their software was not changed and all test scenarios passed. At the end of the day one of the board members (accidentally) bumped into one of the security engineers who said:  “we didn’t do anything special, we only recently patched one of our security policies. The security system said that there was an increased risk in the environment, so we decided to block all corresponding IP addresses”. The result was a full day of commercial inactivity causing hundreds of thousands of euros in damage.

It is stories like these that cause us to wonder; who is doing the actual decision-making here, the human or the system? Over the years we have started to rely so heavily on automated techniques to protect our environments that we forget to think for ourselves. The mentality of; “The more sophisticated the security system I install, the more likely I will be safe.” is the exact reason why targeted attacks have grown in the last decade. Security is not just an add-on that you install on a system. It requires you to become aware what is truly happening in your environment.

AI is very powerful and has shown many impressive applications in various fields such as computer vision, text translation, and even beating the world champion in the game GO. This raises the question of course why we don’t fully apply these techniques yet to security? Short answer, because we cannot trust what we cannot control.

A nice example was provided by Goodfellow et al.  who where testing the reliability of a black box AI technique in computer vision by adding a random noise image to the source data. Although we would expect such techniques to be resilient against such small “hacks”, it turned out that this model was now almost certain that the panda in the picture is actually a gibbon. So, suppose such a system is behind the decision making of your security platform, would you still trust it?

“Security is not just an add-on that you install on a system. It requires you to become aware what is truly happening in your environment.”

The field of visual analytics focuses on the combination of algorithmic design and human interaction to get the best of both worlds: the speed of algorithms to analyse large amounts of data and the reasoning capability of the human to understand their results. Rather than fully relying on automated techniques and figuring out afterwards why systems have been generating alarms in the first place, visual analytics lets the human perform an initial analysis after which automated techniques can assist in finding similar areas of interest.

So, don’t fully rely on AI alone to scan a network for threats. Security starts with understanding.

‍