Software and security experts at NVIDIA have a message for the operators of cybersecurity systems increasingly overwhelmed by a flood of potentially threatening data: The humans can’t handle it.
At GTC Spring 2022, Bartley Richardson, an NVIDIA senior artificial intelligence (AI) infrastructure manager, said that data is coming in so fast that most cybersecurity applications are unable to capture it all, much less analyze it to identify breaches. As a result, he said, contextualizing the streams of information “is often done by a human.”
It’s time, he said, for the machines to step in.
“While it’s good to provide tools and capabilities that accelerate the human portion,” Richardson said at the GTC 2022 session, Build AI-Enhanced, Next-Generation Cybersecurity Solutions with NVIDIA Morpheus, “offloading some of this to an AI is where we must go, reducing the cognitive load on an already strained workforce.”
Richardson highlighted how the company is pushing to apply AI to cyber use cases, a topic of interest in the Federal IT community as agencies accelerate the move to zero trust security.
To involve AI more in the fight against cyberattacks, the firm is focusing on NVIDIA Morpheus, its open-source AI cybersecurity framework. Launched last year, Morpheus became available in April to all developers, bringing a number of enhancements that NVIDIA says help make it significantly faster and more accurate than traditional cybersecurity strategies.
One of the enhancements, NVIDIA experts explained, is a new fraud-detection system designed to operate without expert human intervention. The system employs Graph Neural Networks (GNN) to automatically extract from incoming data “salient features” that indicate potential fraud.
“It’s clear that we have to do something about fraud. Current methodologies are just too slow,” Richardson said. “Graph Neural Networks are game-changing for cybersecurity.”
At the session, Richardson and his colleagues – NVIDIA senior systems software engineer Pradeep Thalasta and NVIDIA security analyst Hemakamakshi Vivekanandan – offered up a critique of the broader cybersecurity industry. They said traditional systems are frequently reliant on a manual approach and are often unable to spot breaches in time.
“Analysts often want to integrate tools and data to provide an enriched picture of what’s happening in and around the network,” Richardson said. “While this is possible today, it’s frequently done manually … deeper integrations, especially those that necessitate a decentralized approach, are difficult to engineer.”
“The way we’ve approached this as an industry in the past,” he added, “will not continue to work.”
Making matters worse, is a worldwide shortage of more than 2.7 million cybersecurity professionals, the trio said. Fewer experts on hand at government agencies and private-sector organizations makes it harder to keep up with increasingly complex data analysis and remediation of threats.
As an example, the quantity of computer-generated logs is outpacing analysis, requiring specialized engineering knowledge to keep up. “New methodologies, frameworks, platforms, and mindsets are necessary to move the industry forward,” Richardson said.
Chief among them is AI, Richardson and his colleagues said. More specifically, they urged developers to try Morpheus, which uses machine learning to identify and act on threats, such as phishing attacks and malware, that NVIDIA says were previously impossible to identify.
One Morpheus feature that the trio highlighted is digital fingerprinting, which helps fight off credential attacks, in which cyber attackers steal credentials to gain access to a system. Such attacks were the most common data type found in intentional breaches last year, and were involved in 61 percent of all breaches, according to the session.
Thalasta and Vivekanandan focused on how NVIDIA has successfully implemented digital fingerprinting internally, with the system generating information that was helpful to company security analysts.
Richardson closed by emphasizing the new general availability of Morpheus to any developer. “We’re ready to take Morpheus to the community at large,” he said.
Access the session on demand here.