Self-Supervised Learning – The Third-Wave in Cybersecurity AI

The relationship between modern cybersecurity solutions and AI has become inextricable. The reality is that even the most talented and responsive SecOps teams would be unable to manually catch every threat posed to the sprawling, hybrid networks on which today’s organizations rely. 

Forward-looking organizations know they need to bring AI security tools onboard. As they begin looking into their options, the challenge becomes deciding what security companies truly mean when they make claims about AI.

All too often, so-called AI solutions require a great deal of human input, negating much of these platforms’ promised convenience and efficiency. Today’s complex network security threats cannot be adequately addressed with outdated cybersecurity solutions. AI Advancements, especially in the field of self-supervised learning, play a central role in effective, real-time network security. 

First, Second, and Third-Wave AI

The concept of AI might bring to mind science fiction novels or movies set in the far future. In fact, rudimentary forms of AI have played a role in the development of computer technology since at least the 1940s, and historical records reaching back into the 1300s reveal humankind’s fascination with the concepts of “thinking” and “learning.” 


What is First-Wave AI?

Between the late ‘50s and mid ‘70s, early computer programmers took advantage of computer advances like onboard storage to apply machine-learning algorithms to various processes. Early applications included teaching computers how to play games like checkers and chess. 

More recent examples of first-wave AI are tax preparation software and features like recommendation engines. First-wave AI adds automation to repetitive, narrowly defined tasks, but can’t perform functions beyond these limitations. 

First-wave AI is purpose-built to solve specific problems. While it was an incredible advance in its day, first-wave AI is no match for the vulnerabilities inherent to the sprawling, distributed networks of today. 

What is Second-Wave AI?

When Amazon recommends an almost eerie product suggestion, that’s second-wave AI in action. The mega-retailer is constantly analyzing its customers’ buying patterns to arrive at spot-on recommendations. Second-wave AI relies on labeled data to come up with predictions about how we’ll behave next and which products we’ll find the most appealing. 

Second-wave AI is more sophisticated in its application versus first-wave AI, but is capable of very little reasoning capability. IBM’s Watson, for example, can provide information and even answer questions, but without context. Watson is unable to explain how it arrives at its conclusions. 

Security Information and Event Management (SIEM) cybersecurity platforms typically rely on second-wave AI. These security solutions are a benefit to organizations in that they add some level of automation to network monitoring processes. However, they require a great deal of ongoing human interaction and constant guidance. Worse, SIEM platforms rely almost solely on past behavior to determine present and future risks. 

The result is a security system prone to false-positive alarm triggers at a rate SecOps teams can rarely analyze fast enough. Recent studies reveal that security analysts are spending 25 percent of their workdays on threat hunting and batting down false positives. This time could be spent on more worthwhile pursuits, but the opportunity cost can be even higher when the time spent chasing false positives leads to missed true positives. 

Not only are the majority of SIEM platforms not up to the challenge of catching sophisticated modern threats, they are also far too dependent on historical data. Today’s networks are dynamic, constantly adjusting to both internal and external changes. SIEM platforms that lack the ability to understand the context of a given behavior are unable to respond quickly enough to be of much use in the real world. 

What is Third-Wave AI or Self-Supervised Learning?

Third-wave AI leverages generative, self-supervised machine learning to create an accurate baseline based on a normal network traffic analysis in real-time to better predict future network behavior. 

Self-supervised learning is a major leap forward from first and second-wave AI because it is context-aware. Cybersecurity is greatly enhanced by systems that can look beyond anomalous activity and labeled data sets to predict future outcomes. 

One recent example of the wide gap between second and third wave AI is the workforce response to the Coronavirus pandemic that swept across the globe in early 2020. Almost overnight, a huge percent of the world’s workforce switched from working onsite through company intranets to telecommuting from home. Third-wave AI adjusts to a “new normal” seamlessly, learning very quickly that while unexpected, this shift in how network data was accessed was not actually “anomalous.”

Self-Supervised Learning Is a Modern Cybersecurity Must

Today’s network security threats require modern solutions that go beyond the limitations of second-wave AI-enhanced cybersecurity. Malicious actors are more sophisticated than ever and have long cracked the code when it comes to infiltrating and retraining label-dependent networks to exploit vulnerabilities. Third-wave, self-supervised learning platforms change the way organizations handle event management in powerful, fundamental ways. Learn more about the MixMode third-wave self-supervised solution.

MixMode Articles You Might Like:

How the Role of the Modern Security Analyst is Changing

One Thing All Cybersecurity teams Should Have During COVID-19

The Cybersecurity Processes Most Vulnerable to Human Error

New Video: How Does MixMode’s AI Evolve Over Time With a Customer’s Environment?

New Whitepaper: How Predictive AI is Disrupting the Cybersecurity Industry

5 CISO Priorities During the COVID-19 Response

The Many Ways Your Employees Can Get Hacked While Working From Home and How to Respond

CTO Perspective: Machines Protecting Themselves – The Future of Cybersecurity

*** This is a Security Bloggers Network syndicated blog from MixMode authored by Ana Mezic. Read the original post at: