Using Artificial Intelligence to Enhance Cybersecurity Training

Sep 12, 2017
4 minutes

Artificial intelligence (AI) made significant strides between 2014 and 2016. The world was treated to improved language translation apps, self-driving cars, smart home devices, and a slew of other AI-enhanced applications and devices. However, during the same time period, cybercriminals raised the stakes for organizations by expanding their attack methods; upgrading their skills; becoming more organized; and obtaining sources of funding for their illegal projects, such as phishing attacks, ransomware, data theft and doxware.

To combat the constant threat of attacks, cybersecurity professionals have increased their use of AI and machine learning to bolster their security and reduce the workload on a security operations center that is often understaffed. However, using machine learning to train cybersecurity analysts is an idea that is just beginning to receive serious attention.

The History of Machine Learning

Machine learning means that the system is capable of improving automatically with experience. Traditional software does not become “smarter” with repeated use; it awaits instructions from the user before executing a command. Software that is capable of machine learning, however, learns to predict the user’s future behavior based on the actions he or she performed in the past. To accomplish this task, the machine relies on data — which should not be an issue for most organizations in the era of big data.

For example, early email spam filters were basically limited to blocking certain addresses that were known to send spam. With machine learning, software can compare emails that have been verified as legitimate with verified spam to identify which elements were more common in each classification. The system learned, for example, that likely indicators of spam included hyperlinks to websites that were known to be malicious, deliberate spelling errors and malware hidden in attachments.

Machine learning is now being used for facial and image recognition and to assign labels to new data. There are thermostats that learn when to adjust temperature settings and refrigerators that can keep track of their contents. In the world of cybersecurity, machine learning can be used for situational awareness, network analytics, malware analysis, insider threat detection and secure coding.

How Machine Learning Can Expedite the Training of Cybersecurity Professionals

It is no secret that there is a serious shortage of cybersecurity talent. According to the Bureau of Labor Statistics (BLS), the demand will be very high for information security analysts through at least 2024. Job opportunities are expected to increase by 18 percent for this occupation between 2014 and 2024; the total increase for all occupations during that decade is projected to be 7 percent. For companies engaged in computer systems design and similar services, the demand for information security analysts is expected to increase by 36 percent. Overall, the BLS expects to see 97,700 slots for information security analysts in the United States by 2024.

In an effort to solve the cybersecurity talent gap, some organizations are becoming more willing to hire people who lack traditional credentials or who have not received training in every aspect of cybersecurity. The organizations then invest in training to bring the new hires up to speed as quickly as possible. Machine learning and automation can help with this task in a variety of ways. For example, an AI-enhanced program can learn the proper actions to take for a specific type of incident and notify a junior analyst of the steps to take. There are also AI-powered games that replicate real-life threats without the risks. These games help trainees learn what it is like to deal with an actual threat and to think creatively and adapt when a new challenge emerges.

These types of AI programs can also help solve another critical problem that hampers cybersecurity training. Just as there are not enough qualified individuals to fill the open jobs, there are not enough qualified instructors to provide in-depth training in all aspects of cybersecurity. Furthermore, senior analysts are typically far too busy to ensure that new hires receive proper training.

In the foreseeable future, cybersecurity will require a combination of people and machines. AI can free people to concentrate on the tasks that demand human intervention, leaving the “grunt work” to the machines. However, the cybercriminals are also making use of machine learning; staying secure against attackers means that cybersecurity professionals must ensure that their skills are always up to date. Whether training a new hire or enhancing the skills of a current employee, AI can help ensure that cybersecurity professionals have the knowledge they need to defend their domains.

This article was originally published on

Sign up for our free Community Edition

Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.