Artificial Intelligence in Cybersecurity
The most popular security applications for AI involve protecting the network, endpoints and the data itself.
Artificial intelligence (AI) is rapidly permeating the enterprise security ecosystem, bringing a wide range of advanced capabilities to what is quickly becoming a key aspect of a successful digital business model.
But while it might be tempting to just throw AI at the digital wall to see where it sticks, wiser business leaders are taking the time to ascertain where it can be used most effectively and how it must blend with normal operations so as not to hamper overall performance.
According to Statista, the most popular security applications for AI involve protecting the network, endpoints and the data itself. Upwards of 75 percent of IT executives surveyed in 2019 report networking as the top area of concern, followed by 71 percent for data security and 68 percent for endpoints.
AI brings a number of powerful tools to these particular applications, but perhaps none greater than its ability to sift through extreme amounts of data looking for patterns that indicate either a potential or actual security breach. As well, AI is finding its way into areas like ID and access management, and protecting assets that are increasingly being provisioned outside the traditional firewall: in the cloud and the internet of things (IoT) edge. (Read also: Simple Ways to Improve IoT Security.)
Not All AI is Created Equal
Still, enterprise executives should be wary of lumping all forms of artificial intelligence into one broad category. The fact is there are many different flavors of AI, each of which brings unique capabilities to cybersecurity.
Machine learning (ML), for instance, has shown itself to be highly effective in areas like threat detection, attack mitigation and mobile device security. Fintech News’ Chandni Naidu notes that this is due to ML’s ability to adapt and change to evolving circumstances without the need for human intervention.
What’s more, she says, as data environments become more complex, ML can more easily assume the many rote, mundane aspects of security, leaving human experts to concentrate on the more intuitive, strategic aspects of the job. This can be particularly effective when thwarting DDoS attacks, which try to bring down systems by bombarding them with requests from perhaps thousands of computers. Before Amazon reported sustaining a 2.3 terabits per second (Tbps) DDoS attack in Feb 2020, the largest attack on record was reported by GitHub in 2018 when more than 1.35 Tbps hit the service over a period of 18 minutes.
AI is also emerging as a crucial asset in the development of cybersecurity software. Under the new DevOps model of development, AI can be used to assess vulnerabilities and update code at a rapid pace. This allows organizations to push out new layers of protection and new patches to existing vulnerabilities as fast as new threats arise. (Read also: Machine Learning Vs. Cybercrime: 4 Ways ML is Fighting Back.)
This can be particularly effective in areas like anti-virus software, says AI systems developer USM Systems. Traditional software must be patched and upgraded on a regular basis as new viruses enter the chain. The problem is that by the time the patch appears, the new virus may have already affected critical systems. Antivirus requires that the Signatures are updated on a regular schedule, this can be multiple times per day, so as to keep up with available vendor amendments to known and new viruses. The AV engine also requires updating, however, this is more often than not monthly or periodically throughout the year.
Under an AI-driven development paradigm, however, once a system has been baselined and the AI engine knows what is normal and what to expect, advanced anomaly detection tools are able to monitor program behavior for unusual activity. This then triggers a rapid analytics process followed by removal and mitigation. And all of this takes place even if the malware does not exhibit any of the tell-tale digital signatures of past attacks. Unfortunately for the average home user, this can sometimes be annoying. For example, oftentimes applications such as MS Outlook may be seen as an anomaly depending on the operation. This requires some interaction from the enduser (for example, whitelisting the application.)
Another area that AI is helping end users is within the email platform arena. There are now AI-based secure email systems, either on-premise or Cloud-based that will assist when composing emails. These ensure that you are sending to the correct recipient and prevent misdirected emails and data breaches. In addition this will automatically stop you from sending confidential files to external recipients or even advise on the appropriate classification and encryption level to use. This process will also prevent you from responding to an email with a potentially dangerous link in it, like responding to a Phishing email – with AI working tirelessly rather than relying on users to always make the right choice.
Fighting AI with AI
But perhaps the most effective use of AI as a defensive cyber tool is to pit it against AI-backed offenses – essentially fighting fire with fire. A key problem is AI-driven bots that crawl around networks and other infrastructure looking for vulnerabilities. As Mark Greenwood, head of data science at Netacea, told Information Age recently, these tiny entities made up of automated code are now the majority of Internet traffic and can do anything from steal account credentials to interrupt critical data exchange. This is why multifactor authentication is a must.
“ . . .businesses can’t fight automated threats with human responses alone,” he told IA. “They must employ AI and machine learning if they’re serious about tackling the ‘bot problem’. Why? Because to truly differentiate between good bots (such as search engine scrapers), bad bots and humans, businesses must use AI and machine learning to build a comprehensive understanding of their website traffic.”
In this regard, AI is merely the latest round in the ongoing cyberwars. As new technologies are introduced into the channel, they are adopted by both the white hats and black hats to gain the upper hand. (Read also: Cybersecurity: How New Advances Bring New Threats - and Vice Versa.)
Some of the other helpful areas of AI usage in business focus on end user behaviour analytics and insider threat. The program learns which files are accessed on a regular basis and in which departments. An example of this could be the AI spotting a user from IT or Marketing attempting to access an HR file and report the event. For employees that have handed in their notice but still working, a watch can be created to identify if files are being accessed, moved, or exported.
The fundamental problem remains, however: the black hats can score tremendous victories in data theft, process disruption and sowing outright fear in the general population on a pretty regular, albeit temporary, basis, but the white hats face multiple and varied obstacles in tracking them down, exposing their networks and bringing them to justice.
Until something comes along that disrupts that reality, expect AI to be both a help and a hindrance to data and infrastructure security.