Artificial Intelligence in Cybersecurity

Friday 26/03/2021 - 5:41

Artificial intelligence (AI) is rapidly permeating the enterprise security ecosystem, bringing a wide range of advanced capabilities to what is quickly becoming a key aspect of a successful digital business model.

AI brings a number of powerful tools to these particular applications, but perhaps none greater than its ability to sift through extreme amounts of data looking for patterns that indicate either a potential or actual security breach. As well, AI is finding its way into areas like ID and access management, and protecting assets that are increasingly being provisioned outside the traditional firewall: in the cloud and the internet of things (IoT) edge.

Not All AI is Created Equal

Still, enterprise executives should be wary of lumping all forms of artificial intelligence into one broad category. The fact is there are many different flavors of AI, each of which brings unique capabilities to cybersecurity.

Machine learning (ML), for instance, has shown itself to be highly effective in areas like threat detection, attack mitigation and mobile device security. Fintech News’ Chandni Naidu notes that this is due to ML’s ability to adapt and change to evolving circumstances without the need for human intervention.

What’s more, she says, as data environments become more complex, ML can more easily assume the many rote, mundane aspects of security, leaving human experts to concentrate on the more intuitive, strategic aspects of the job. This can be particularly effective when thwarting DDoS attacks, which try to bring down systems by bombarding them with requests from perhaps thousands of computers. Before Amazon reported sustaining a 2.3 terabits per second (Tbps) DDoS attack in Feb 2020, the largest attack on record was reported by GitHub in 2018 when more than 1.35 Tbps hit the service over a period of 18 minutes.

AI is also emerging as a crucial asset in the development of cybersecurity software. Under the new DevOps model of development, AI can be used to assess vulnerabilities and update code at a rapid pace. This allows organizations to push out new layers of protection and new patches to existing vulnerabilities as fast as new threats arise. (Read also: Machine Learning Vs. Cybercrime: 4 Ways ML is Fighting Back.)

This can be particularly effective in areas like anti-virus software, says AI systems developer USM Systems. Traditional software must be patched and upgraded on a regular basis as new viruses enter the chain. The problem is that by the time the patch appears, the new virus may have already affected critical systems. Antivirus requires that the Signatures are updated on a regular schedule, this can be multiple times per day, so as to keep up with available vendor amendments to known and new viruses. The AV engine also requires updating, however, this is more often than not monthly or periodically throughout the year.

Under an AI-driven development paradigm, however, once a system has been baselined and the AI engine knows what is normal and what to expect, advanced anomaly detection tools are able to monitor program behavior for unusual activity. This then triggers a rapid analytics process followed by removal and mitigation. And all of this takes place even if the malware does not exhibit any of the tell-tale digital signatures of past attacks. Unfortunately for the average home user, this can sometimes be annoying. For example, oftentimes applications such as MS Outlook may be seen as an anomaly depending on the operation. This requires some interaction from the enduser (for example, whitelisting the application.)

Another area that AI is helping end users is within the email platform arena. There are now AI-based secure email systems, either on-premise or Cloud-based that will assist when composing emails. These ensure that you are sending to the correct recipient and prevent misdirected emails and data breaches. In addition this will automatically stop you from sending confidential files to external recipients or even advise on the appropriate classification and encryption level to use. This process will also prevent you from responding to an email with a potentially dangerous link in it, like responding to a Phishing email – with AI working tirelessly rather than relying on users to always make the right choice.

Fighting AI with AI

But perhaps the most effective use of AI as a defensive cyber tool is to pit it against AI-backed offenses – essentially fighting fire with fire. A key problem is AI-driven bots that crawl around networks and other infrastructure looking for vulnerabilities. As Mark Greenwood, head of data science at Netacea, told Information Age recently, these tiny entities made up of automated code are now the majority of Internet traffic and can do anything from steal account credentials to interrupt critical data exchange. This is why multifactor authentication is a must.

In this regard, AI is merely the latest round in the ongoing cyberwars. As new technologies are introduced into the channel, they are adopted by both the white hats and black hats to gain the upper hand. (Read also: Cybersecurity: How New Advances Bring New Threats – and Vice Versa.)

Some of the other helpful areas of AI usage in business focus on end user behaviour analytics and insider threat. The program learns which files are accessed on a regular basis and in which departments. An example of this could be the AI spotting a user from IT or Marketing attempting to access an HR file and report the event. For employees that have handed in their notice but still working, a watch can be created to identify if files are being accessed, moved, or exported.

Conclusion

The fundamental problem remains, however: the black hats can score tremendous victories in data theft, process disruption and sowing outright fear in the general population on a pretty regular, albeit temporary, basis, but the white hats face multiple and varied obstacles in tracking them down, exposing their networks and bringing them to justice.

Until something comes along that disrupts that reality, expect AI to be both a help and a hindrance to data and infrastructure security.

(Techopedia)

94 total views, 2 views today