Mark Ostpostski is Head of Engineering, U.S. East, for Check Point, a global cyber security company. With over 20 years of experience in IT security, he has helped design and support some of the largest security environments in the country. Mark actively contributes to national and local media, discussing cyber security and its effects in business and at home. He also provides thought leadership for the IT security industry.
In this stellar, highly informative interview, Check Point Head of Engineering U.S. East, Mark Ostpostski, discusses how AI is rapidly transforming enterprise endeavors. He provides frameworks for thinking about AI as it relates to cyber security, delves into how to assess the accuracy of security products, explains recent advancements in AI-powered cyber security tools, and so much more. Don’t miss this!
How is AI becoming an everyday tool within cyber security corporate world?
Sure. I would answer this question in two different ways. The first way is, from a pure cyber security perspective, AI is a critical component of providing the best threat prevention. Check Point has over 70 engines that give us the ability to have the best prevention in the industry. And almost half of those involve some type of artificial intelligence. But that’s not new. That’s something that’s been going on for many, many, many years. So that’s one aspect.
I think the area in which it’s become the most interesting, as of recently – like from December of last year and onwards – is how much generative AI, things like ChatGPT, has moved beyond that gimmick phase. Now, it’s like ‘how do we incorporate generative AI in our products? Or in our customer service model?’ Or ‘How do we take that technology and then make what we do better by leveraging this technology?’
And we’re seeing it all over the place. We’re seeing it, like I mentioned, with getting better customer success, we’re seeing it in relation to creating more accurate data so that we can deliver a better product. And that’s really industry independent.
So, that’s what I would say are the two things that I’ve noticed the most in recent years – all the way to the present day.
So, why is data such a core component of any AI technology?
I’m not a mathematician or a data scientist, but AI – from my perspective – was really born from ‘What do we do when we have so much data?’
We’re talking about hundreds of thousands, millions or billions of data points on a daily basis. So, when you start to look at why AI is important, and how math, and how algorithms and how all of the things that we’re talking about have come about, it’s because of the vast quantity of data that we have.
The amount of data that we have is really proportional with how – let’s just take internet security as an example…ten years ago, we had far fewer microphones and cameras, and IoT devices, and then you fast forward a decade and look at how much devices are connected – technological advances have occurred.
That’s why AI is so important – the only way that you can actually process that amount of data is with a better artificial intelligence or machine learning approach.
If organizations are looking at various AI-based security solutions, what kinds of engines should they looks for?
Let’s just look at cyber security from a pure preventative perspective first. When you look at the industry and hear all of the chatter, everybody is saying that they have AI in their product now, just because that’s turned into the buzz, right?
What you need to watch in order to really break it down is how they’re actually using AI to give better outcomes in the cyber security field. And that kind of goes back to the first question, right? There’s a difference between ‘I’m going to build a generative AI model that helps customers search my website to get better data’ versus ‘how does the company that I’m looking to do business with leverage AI that actually gives me better security outcomes?’
And that actually ties back into the next question that you asked, around data. So, you factor in the people, take the data, you take the math itself in the machine learning models, and you put that all together – when you make a decision around who you’re going to put your trust in to get better cyber security outcomes, they really should have all three components of that, delivering something that can prevent an attack.
And we haven’t even talked about how, after you have the AI and machine learning model start making decisions, you have to have the infrastructure that can actually block the attack itself.
So, whether it’s on your mobile device, whether it’s on your network, your cloud instance or in your code repository – Really when you think about this question, it’s really about not only having the best AI and the best data and the best people and the best map, but it’s also about ‘how can I take that verdict and actually create an outcome that makes my organization safer?’ So, I think those are critical components of any decision that anybody would make.
How do solutions providers ensure the accuracy and reliability of AI models?
This is a little bit more of a technical question. I think, when we think about artificial intelligence, if you consider how it’s matured over even just a short period of time, you kind of had basic machine learning models – let’s take the most common use-case example: Google images, for looking at images. The reason as to why you can go to Google Images and type in whatever you want to type in, and you get 1,000s of responses is because there was a model that was trained to (metaphorically) say, ‘hey, this is what a [strawberry, alien, fill-in-the-blank] looks like. These are the characteristics of it.’
So every time that the model is looking at an image, I can then predict that it is going to be what I had searched for. So, that’s kind of the classic machine learning model – You establish what’s called ‘ground truth,’ and then from there, you just use the model to perform work that’s ‘unsupervised’, and in this unsupervised way, create the recognition of particular images.
What’s happened over the years is that we’ve moved from that classic machine learning to deep learning. And then to multiple layers of deep learning, which is neural network capability, which really tries to mimic how our brains work. It makes a lot of decisions in a very quick fashion, and with very very high accuracy and precision.
If you look at the maturity of artificial intelligence in the cyber world and the evolution of leveraging this technology, it just gives us the ability to have better outcomes, because we’re looking at more things, and more layers and able to arrive at more precise outcomes.
And again, if you look at ChatGPT, to rewind a bit, think of how much data is being fed into that model to be able to give the responses that we have. That accuracy is because of how much data was put in and because of the accuracy of the actual model is itself. So, all of these things are sort of intertwined and give you that accuracy that people are looking for.
How do research teams and data scientists contribute to the continuous performance and development of AI models?
I’m not a data scientist, but when you think about Check Point’s approach to this – we’ve dedicated a lot of really smart people to our research. So, it’s not just about ‘hey, I have this great algorithm, and I have all of this data that I’m feeding into it, I’m going to get this result that I’m looking for.’
I think that we can look at Check Point Research and how that team has really elevated our ability to provide the best prevention. There’s a human element to AI development. There needs to be constant feedback, there needs to be constant evolution. There needs to be human research, right? Not just the artificial intelligence engines doing the research.
I think that when you tie that all together, it gives you better performance, it gives you better accuracy and more relevant data. Because, at the end of the day, we haven’t reached the point in our world where machines are taking over, right? So the extent to which research and data scientists are looking at the algorithm, looking at how to process the data, looking at how to enrich the data, taking more and more different areas of telemetry – these are things that are being made by very smart people, like data scientists and researchers, and that ultimately gives us the results that we’re looking for. So, the human dimension of the feedback loop is super important.
In relation to a tool like ThreatCloud AI, could you discuss any recent advancements that have further enhanced its prevention capabilities?
Yeah. So, I’ll mention again that we have that ~70 engine type of infrastructure that gives the results/coverage we’re looking for and almost half of those are AI-based. There are a lot of examples – there are 40-50 of them that we could run through, from sandboxing to better email security.
But there are probably two newer ones that we can talk about to answer this question. So the first one is DNS security. What’s interesting about DNS security is that it’s been around forever. If there weren’t DNS security, there wouldn’t be the internet, right? If you can’t translate a domain name or a name to an IP address, the internet sort of ceases to function.
DNS has always been a vector that both the attackers look to exploit, and from a security perspective, one we’re trying to provide better security for. In one of our most recent engines, in relation to DNS security, we’ve been looking at how we can use machine learning to identify attacks that are leveraging DNS tunneling.
And again, with DNS tunneling – we’re talking about something that’s tunneled, that’s encrypted, that’s encapsulated, you can’t look at it – we want to leverage machine learning to identify patterns and sequence, which become relatively obvious to the model, showing that certain DNS requests are actually malicious, not benign.
And we can do that because we have this huge amount of data to work with. And we have the telemetry that helps identify that these DNS transfers or so forth, are malicious. And then, we can obviously recognize that pattern, which just gives our customers much better DNS security. So, that’s a recent addition that we have.
And then, the other addition that I’d mentioned was our in-line phishing. So to be able to do phishing protection in a gateway, in-line, in real-time, without any client on the endpoint – you know, we’re not talking about preventing phishing from an email attachment, we’re actually talking about somebody just going to the internet, searching on the web for something, or doing a recourse of their business, or regular courses or business, and then being able to identify a phishing attempt that’s actually embedded in that web request, without having any client installed. That’s another great area of innovation that we’ve had specific to artificial intelligence recently.
Is there anything else that you would like to share with the CyberTalk.org audience?
In summary, we’ve talked a lot about artificial intelligence, obviously. If you think about it, in a very very large scope, AI has really dominated a lot of the conversations in media, as well as in the cyber world and even outside the cyber world.
It’s amazing as to how extensive the curiosity has become. I’ll get questions from relatives that I never would have thought would murmur the word artificial intelligence, and now, they’re asking ‘Mark, should I be doing this?’ or ‘Is this a tool that I should be using?’ And I think that’s what makes it most interesting. It’s become pervasive, really for everybody, in our everyday lives.
We look at things like Siri and Alexa as these things that are kind of nice to have around the house. But the fact that AI is so deeply rooted in those types of things is something that people need to consider. With the cars that we drive – my car is able to recognize traffic patterns and make turns for me – those things are possible because of strong artificial intelligence.
AI is not only going to become more and more pervasive, as the technologies get stronger and stronger, but I also think that there should be some recognition around where the limits should be. That’s in the future – that’s something that will come in later, and I think that we’ll be able to throttle that either negatively or positively as things develop.
One follow-up question: It sounds like you have some concerns around household AI, like Siri and Alexa. Could you perhaps elaborate on that?
Yeah. Let’s just use a very simple example. If you think about how powerful generative AI has become in a very short period of time, and you think about, through a pure safety perspective in the social world, having your voice, your images, your information about where you go and where you visit, all of this information is now sort of publicly out there more than it’s ever been before.
And now, we have this technology that can actually take a lot of that information and in a very short period of time, create something or predict something that perhaps we don’t want to be predicted.
So I think that from a pure safety perspective, I think those are things that as consumers, as fathers, as mothers, as grandparents, we should really think about – how much data do we want to put out there?
Because the reality is that if someone is looking to cause harm or to take advantage, the more data that they have, the more acute and severe the attack could be. I think that’s the negative side of this. And I say that because in the cyber world, we always like to consider negative outcomes because we’re always trying to prevent attacks.
It’s not to say that all of it is negative – With really good AI comes really good outcomes too, like safer driving. Or medical field advances. We might have advancements in pharmaceuticals that we may never have otherwise imagined.
So there are many positive outcomes that could come from this. But I think that sometimes we have to take a step back and think about how we can protect ourselves by avoiding distributing data and unintentionally giving threat actors or folks who want to do harm more data than we would like. That’s the concern that I have, especially when I look around at how pervasive AI has become and how much data is out there. That’s where I think that we should maybe throttle back a little bit, until we understand the guardrails that are going to be put forth, ultimately advancing our use of technologies like AI.