How is AI Applied to Cybersecurity?

Security can be overwhelming for enterprises struggling to implement some form of digital transformation. But a growing number of companies aim to help. Firms big and small are building on a longstanding goal to apply artificial intelligence (AI) to the problem of securing enterprise and government networks, endpoints, and clouds in an increasingly dangerous cyberspace. AI’s ability to make quick sense of massive amounts of raw information about vulnerabilities and vectors, while orchestrating responses and mitigations, makes it a seemingly ideal solution.

This trend will likely continue as enterprises find that ongoing software-defined wide-area networking (SD-WAN), the growth of 5G mobility and IoT applications, and increased focus on the network edge dwarf the capabilities of the traditional security operations center (SOC).

Is It Really AI?

Surprisingly, the term AI isn’t bandied about as much as it used to be. But marketing being what it is, AI remains susceptible to mushy claims. Sometimes what passes for AI is really sophisticated data analytics. More often, technologies dubbed AI are based on machine learning (ML) or deep learning. Often called subsets of AI, both techniques make sense of vast amounts of data, but must be set up to recognize specific information points or functions before taking action. In contrast, true AI systems, such as IBM’s Watson, actually help tag and define anomalies and incorporate them into the system.

When it comes to security, these distinctions may not be as important as the actual performance — and price — of a security product. If a company’s algorithms can trace, prevent, and automatically halt threats like external and internal phishing, ransomware, worming, and zero-day attacks, who really cares what the technology is called? And if it fits in the budget, so be it.

Inevitably, AI has its naysayers. In this camp is Carbon Black, the startup VMware acquired back in August 2019 for about $2.1 billion. In an report archived by VMware, Carbon Black blasts AI and ML as “nascent… still flawed…” and easy to bypass in cybersecurity applications.

Another wet blanket is Bromium, an endpoint security startup recently purchased by HP for an undisclosed sum. Bromium has maintained that while AI “provides ‘better mousetraps’” for enterprise assets, it’s still not sufficient to stop “polymorphic malware.” Bromium instead offers what it calls “a purpose-built Xen-based security-focused Hypervisor [called] the Bromium Microvisor” that interacts with Intel and AMD CPUs to isolate every single endpoint task generated by a user within a distinct, “single-use” virtual machine. This contains any malware or threat before it contaminates or invades a system or network. Since 2017, HP has incorporated Bromium’s products in its Sure Click browser protection software. Now it owns the whole company.

Bromium raised $75.7 million within a three-year period from its founding in 2010 to its last disclosed Series C round of $40 million in 2013. That round, oversubscribed, was led by Meritech Capital Partners, which was joined by existing investors Andreessen Horowitz, Ignition Partners, Highland Capital Partners, and Intel Capital.

Not-So-Artificial Intelligence

Some companies are seeing a benefit in coupling ML- or AI-based automated security services and software with live experts who advise and consult as needed. This is the approach taken by eSentire, a Canadian company founded in 2008 and headquartered in Waterloo, Ontario. The company’s managed detection and response (MDR) services combine machine and human intelligence — you buy software integrated with products from a range of partners, including Cisco, Carbon Black, and Palo Alto Networks, and you also can opt for access to 24-7 expertise from live bods.

Recorded Future (more on this firm in a minute) takes a similar approach, augmenting its products with services from human beings.

But eSentire hasn’t given up on AI. In October 2018, eSentire bought Versive, an AI-based security startup, for an undisclosed amount. Seattle-based Versive, which garnered $54.7 million over its six-year lifespan, has been absorbed into eSentire. For its part, eSentire raised $47 million this past March in a round led by Warburg Pincus with contributions from Georgian Partners and Edison Partners.

More Consolidation

Arguments for and against AI aside, the combination of security and AI/ML is specialized enough — and in demand enough — to put a premium on companies that really offer it. Hence, many impressive acquisitions: Microsoft, for instance, which has its own AI research lab, spent a rumored $100 million in 2017 to buy Israeli startup Hexadite, which discovers and mitigates attacks. And Canada’s BlackBerry made a $1.4 billion bid for Cylance in November 2018, subsequently drawing it into a larger in-house cybersecurity R&D lab as part of its revised, post-mobile-phone strategy.

More consolidation is likely. CRN reported last fall that JASK, a four-year-old startup based in Austin, Texas, which specializes in security information and event management (SIEM), is on the verge of being acquired by another young company, Sumo Logic of Redwood City, California, which sells data analytics for IT and cloud operations as well as for security. Sumo Logic’s services feature a long list of partnerships and integrations, including AWS, GCP, Azure, and Kubernetes.

JASK offers what it calls a “blended AI system that uses ML and more traditional AI.” Its Autonomous Security Operations Center is a SaaS platform integrated with AWS. As of 2018, JASK had garnered $39 million in funding from Kleiner Perkins, with input from Battery Ventures, Dell Technologies Capital, TenEleven Ventures and Vertical Venture Partners. In November, Sumo Logic announced it was acquiring JASK.

Still, having done well enough to grow dramatically in the short time it’s been on the planet, and with an impressive hoard of partners, JASK could help Sumo Logic beef up its security story. The acquisition might even push Sumo Logic, which claims a valuation of greater than $1 billion, onto an elite and lengthening roster of high-valuation AI security startups.

Speaking of which…

Billion-Dollar Babies

The growing popularity of AI-based security has not only led to big-money M&A, it also has boosted the valuations of new firms to “unicorn” highs. Following is a partial list of AI-based security startups sporting funding high enough to push their valuations close to or over the billion-dollar mark:

Darktrace of Cambridge, U.K., and San Francisco, U.S., raised $50 million in the fall of 2018, bringing its reputed valuation to over $1.65 billion — or more. The round was led by Vitruvian Partners and supported by existing investors KKR and 1011 Ventures. Darktrace claims that its AI allows it to predict threats instead of merely reacting to existing ones. The software tracks normal behavior in a cloud, a network, an IoT environment, or an industrial control system, and discovers any abnormal patterns. According to its literature, the company’s base product, the Enterprise Immune System, “[is modeled] on the human immune system … and can spot the subtle signals of an advanced attack — without relying on rules, signatures, or prior assumptions.”

Darktrace has had its problems. A former board member, Mike Lynch, and a former executive, Stephen Chamberlain, were accused in 2018 of malfeasance relative to the purchase of Lynch’s company Autonomy by Hewlett-Packard in 2011. But Darktrace seems to have cleansed its executive suite and board of disreputable people, although chief channel management officer Gary Szukalski was questioned in court in London late in 2019 about goings-on back in the day.

Recorded Future, headquartered near Boston, U.S., was acquired by former investor Insight Partners at a valuation of $780 million back in May 2019. The startup specializes in sifting large amounts data on threats and then analyzing it with machine learning and the human services of a raft of experts in order to help enterprises identify as-yet-unknown threats and react “ten times faster” than traditional security wares to any alerts.

Shape Security was thought to be the next AI-based security IPO before F5 Networks recently announced its intent to acquire it for $1 billion. Specializing in fraud detection for online systems like banks and chain restaurants, Shape claimed a $1 billion valuation after raising $51 million in Series F funding in September 2019. The round was led by C5 Capital and included returning investors Kleiner Perkins, HPE Growth, Norwest Ventures Partners, Focus Ventures, JetBlue Technology Ventures, Top Tier Capital Partners, and EPIC Ventures. F5 says it will use Shape's security to improve its application protection services.

Vectra, headquartered in San Jose, Calif., this past June scored $100 million in a Series E investment round led by venture firm TCV and backed by earlier investors Khosla Ventures and Accel. Vectra, which applies AI to network threat detection and response, used some of its new money to open a Middle East regional headquarters in Dubai. The company also has an Asia-Pac regional headquarters in Sydney, Australia. (Note: Australian government agencies are pushing AI as a key element of an increasingly urgent move to strengthen Aussie federal cybersecurity.) Vectra’s AI-driven platform, Cognito, is integrated with Amazon AWS and with Microsoft Azure.

CrowdStrike’s Cautionary Tale

At least one high-valuation firm in this space is proving that M&A may be a safer bet for AI-based security startups than the towers of Wall Street (or Bay Street, or the London City). Since its IPO in June 2019, CrowdStrike (CRWD), which makes a cloud-based endpoint security suite (and which got drawn into the Trump impeachment maelstrom following its reporting of the alleged hacking of Democratic National Committee servers during the 2016 election) has been riding a stock-trading roller coaster. When a couple of analysts suggested selling in mid-October, down went the stock; a week later, it was up again on another pundit’s recommendation to buy.

And the wild ride continues: CrowdStrike shares fell early in January 2020 on news of a big-block share sale; then, seemingly within hours, the stock gained momentum on news that CrowdStrike is ready to help forestall cyber attacks in the wake of the Iran crisis.

Still, CrowdStrike is making money — total quarterly revenue reported in September 2019 was $108.1 million, up 94 percent year-over-year. It is clear there’s enthusiasm for CrowdStrike’s products and services — despite the rough ride.

Maybe Not AI, But Still Big Bucks

The many combinations and permutations of technology represented by the startups and amalgamations in the AI/ML security space make it clear that the companies so far mentioned don’t fit neatly into a single category. So it’s no surprise to see them competing against firms that don’t claim AI, but seem to have the same goals — i.e., endpoint security monitoring and mitigation. Following are just two of many companies that intend to go head-to-artificially intelligent-head with AI/ML firms:

PerimeterX doesn’t call itself AI-based, but it’s made it onto recent AI studies and lists. Last month, the company capped its Series C round with an additional $14 million, bringing its total investment to $91.5 million. Scale Venture Partners led the round, with input from Deutsche Telekom Capital Partners (DTCP) and Salesforce Ventures. Other contributors include Adam Street Partners, Canaan Partners, Vertex Ventures and Data Collective (DCVC). PerimeterX offers a range of solutions, including a bot-based threat mitigator and SaaS security management.

Tanium doesn’t call its products AI or even machine learning (though it’s included on at least one listing of AI-powered security startups), but the twelve-year-old company’s endpoint security system is growing in popularity among enterprise and government customers. This week, integrator Leidos, which has a firm grip on U.S. government contracts, announced the addition of Tanium to its partnership list, along with robotic process automation vendor Automation Anywhere. In October 2018, Tanium scored $200 million in funding on a pre-money valuation of $6.5 billion from Wellington Management, Baillie Gifford & Company, and Adage Capital Management LP. This is surely one to watch.

An Increasingly Competitive Market

Integrating security within the shape-shifting digital environment has been a focal point for enterprises for awhile. And given the pace of cyberthreats, the interest in applying AI to the problem makes sense. Still, some solutions are bound to be more profitable than others, whether the rewards come from M&A or the public markets.

So, while the momentum behind combining AI and security hints at a bright future for those companies offering good solutions, it also presages increased competition. Enterprises will benefit from this as firms shoulder one another to offload the scanning, calculating, and algorithmic heavy lifting required to stay safe.