Interaction with Dr. Giovanni Vigna, Co-founder and CTO, Lastline and Professor of Computer Science, University of California at Santa Barbara

Cyberattacks are the fastest growing crime worldwide. With billions of devices connected to the internet, the cybersecurity threat landscape is getting more sophisticated than ever. Consequently, new technologies for end-to-end security have also matured over the years. The emergence of AI and machine learning is bringing new capabilities to receive more proactive visibility and control to mitigate cyber threats. We interacted with Dr. Giovanni Vigna, Co-founder and CTO of Lastline to understand how the company helps enterprises protect their networks with an intelligent AI-power network security solution, making their systems are as secure as possible.  

Kindly brief us about the company, its specialization and the services that your company offers.

Lastline provides innovative AI-powered network security that detects and defeats advanced threats entering or operating within a network. Our products protect network, email, cloud, and web infrastructures, minimizing the risk of damaging data breaches with fewer resources and at a lower cost than existing security tools.  

What is your biggest unique selling proposition (USP) that differentiates the company from competitors? What is the edge your company has over other players in the industry?

Lastline is the only technology that applies artificial intelligence (AI)  to both network traffic analysis and our deep knowledge of malicious behaviors. This combination eliminates false positives and delivers high-fidelity insights into malicious incidents that security teams need to quickly and completely remediate a network breach. It’s what we call AI Done Right™.  

How is your company helping customers deliver relevant business outcomes through adoption of the company’s technology innovations?

Lastline delivers two important aspects: visibility and protection. On the one hand, it provides visibility into threats in a way that allows companies to understand more than just the fact that their infrastructure is under attack. Using Lastline, they can understand how bad the attack is and what the implications on their infrastructure are. This is a key feature of the product as it allows for the triaging of incidents, saving the analysts’ time and allowing them to operate more efficiently. On the other hand, Lastline detection capability allows for the prevention of attacks. For example, Lastline’s sophisticate mail analysis capability is able to prevent sophisticated targeted attacks from reaching their target. In turn, this saves resources that would otherwise be dedicated to respond and remediate the attack.  

Could you highlight your company’s recent innovations in the AI/ML/Analytics space?

Lastline has brought a novel composition of anomaly detection and threat detection. The value of this combination is clear if one looks at each approach in isolation. On the one hand, by looking only at anomalies, one would incur the risk of being flooded by “anomalous-yet-benign” events (aka false positives), which are commonplace in most networks. At the same time, one would be blind to malicious events that do not generate any anomaly (many short-lived, low-traffic events fall in this category). On the other hand, by looking only at threat detection, one would miss important information around a compromised host that could provide vital information to determine the impact and scope of a breach, and help in the hunt for other hosts in the network that have similar anomalous behavior. It’s only by combining these two views that it is possible to provide the best AI-powered detection, by composing the advantages of both supervised and unsupervised ML techniques while mitigating their limitations.  

How is AI evolving today in the industry as a whole? What are the most important trends that you see emerging across the globe? How are disruptive technologies like AI/Machine Learning impacting today’s innovation?

AI is starting to permeate every aspect of our lives and the way we conduct business. However, this heavy reliance on AI-based techniques could open many services to attacks that use adversarial machine learning. The problem is that most ML techniques have been developed in fields such as computer vision, natural language processing, and genome analytics, and, in these fields, the analyzed information (images, text, and DNA sequences) does not actively fight against the learning process. However, this is exactly what happens in security. Threat actor continuously tries to modify their malware samples so that they are (mis)classified as benign, while intruders try to cover their tracks by using traffic patterns similar to those regularly observed in the target network to avoid being identified as anomalous. Therefore, applying ML to security is not a traditional AI use case. To be effective, ML techniques need to be extended so that it is possible to perform adversarial machine learning, that is, it is possible to apply machine learning to a domain that is actually fighting back. Failing to do so will make it easy for a motivated adversary to bypass ML-based products.  

What have been the most significant challenges that you have faced at the forefront of analytics?

Two of the most significant challenges are: 1) the quality of the data used as input to machine learning; and, 2) the problem of false positives in anomaly detection. The first problem is the classic “garbage-in-garbage-out” issue. Unless the data that is used for the learning process is not semantically rich and representative of the problem at hand, the results will be abysmal. At Lastline we strive to use both network analysis techniques and program analysis techniques to extract the most high-quality data so that our machine learning models are not “distracted” by non-relevant features or sensitive to evasion. The second problem is that Anomaly Detection is not a silver bullet. Even though this approach seems very promising, it is based on two important assumptions: “what is anomalous is malicious” and “what is malicious will generate an anomaly.” Unfortunately, both assumptions do not hold at all times, causing both false positives and false negatives. Handling these correctly requires the combination of multiple approaches. Anomaly detection alone will never be enough.  

Where are We Going from Here? What is the promise, the future of AI in cybersecurity?

In the near future, we will see a rise in adversarial machine learning attacks. As cybercriminals see their attacks foiled by AI-based techniques they will focus on fingerprinting those techniques and on modifying their attacks so that they go undetected. Once these AI-aware attacks are commonplace, the truly effective AI-powered techniques will emerge, while other tools that use “fragile” AI-based detection will fall by the wayside.