The chances of the number of cyberattacks decreasing is …zero,
nada, null, nil, etc. Likewise, the chances of the types of attacks are
exceptionally small. As the years have passed, especially the last seven, the
number of attacks has skyrocketed. One general attack accounting for a significant
number of these have been the ransomware and BEC attacks. There are also too
many individual attacks on large corporations published daily and weekly. Affected
persons for each compromise can be as few as a few hundred or over 300M. Each
compromise brings revenue in the form of a ransom or the data being sold on the
darknet. The data indicates this is not going to slow down any time soon and
is a good bet to continue to grow.
The blue team is facing insurmountable odds. The threats are
located across the globe, all working to successfully attack the organizations.
Granted the teams are doing their best to defend against the 7 days a week, 24
hours a day attacks. There is no doubt. Complicating the issue is the attacker’s
creativeness. As they create a new piece of malware, the program is detected
and a signature created. Being aware of this, the attacker creates a new piece
of malware, and the cycle continues. As each attacker does this through the
globe, the mass influx of malware is astounding. The difficulty level in
defending against the known and unknown threats is difficult at best.
ML/AI
There continues to be a debate on AI whether this is a benefit
or detriment; will it further society or be the end of humanity. Cybersecurity is
a useful coupling with AI. The task at hand is daunting. One method used to
assist with this increasing risk is machine learning (ML) and artificial
intelligence (AI). This has been manifested in cybersecurity tools to analyze
mass amounts of data, attempting to detect trends of attacks, and other
methods. AI learns from its experiences and patterns in addition. This may, for
example, look for anomalies or odd activity with someone’s email account,
indicating a successful phishing attack. This is processed through automation.
Once this is placed into service and trained, the system is able to accomplish
its tasks 24 hours a day, seven days a week.
A nuance to this has been to code these applications to seek
a new form of malware based on the prior detected examples. In this proactive
approach, the system is looking forward to attempting to stem the issue prior to it
becoming one.
Detection
The conventional applications that are in place have difficulty
with simply trying to maintain an awareness of the present and new malware. This is
due to the mountain of malware created every single month. The new tools are
apt for detecting malware and its variants. These have the processing power to
analyze the data, as it presently does, but also to review a piece of potential
malware to gauge the probability of it being malware (aka fuzzy problems). The
organizations are teaching the ML/AI systems to detect viruses and malware
through complicated algorithms. This builds from the present database of
malware, compares the subject code to the database, and blocks any traffic
based on previously noted prior events from known malware. This also works when
the attackers have added code into the program which is moot. Even the minimal
odd behavior indicating a ransomware attack would be detected and the activity
stopped prior to gaining a substantial foothold into the network.
Internal Threats
ML/AI may also be used internally for the organization. This
may be used to monitor the user’s activity. This would initially be integrated into
the system to build a baseline of activity for the specific user. Further activity
after the baseline is created is compared for anomalies and other indicators of
employee malfeasance (aka heuristics). Using the processing power, the apps are
able to detect this activity within a few cycles. This potentially is able to
block the malicious attack, credential theft, deployment of malware, and access
to the network. This would be done automatically, in comparison to other
solutions that detect and notify.
Another instance involves internal data theft. There have
been multiple stories of the disgruntled employee or employee preparing to
leave to work for another competitor and happens to download multiple files
within their last week. ML/AI. In this instance, heuristics would also be employed
to monitor for any unusual activity, defined as anomalous or above the standard
baseline. The program would look for not only the volume of data being
downloaded, but also the folders, and file type/extension. This form of user
behavior analytics is very useful and able to remove issues.
Wide-Spread
This innovative application, while relatively new in
comparison to the entirety of the industry has many organizations involved. The
senior management has seen the value in this field and has invested in the
future. A few of these are Versive, LogRhythm, Cybereason, SparkCognition,
Cylance, Tessian, White Ops, Truu, Anomali, Crowstrike, Darktrace, Cynet,
Sovereign Intelligence, Jask, Fortinet, High-Tech Bridge, Palo Alto Networks,
Perimeterx, Securonix, Sentinelone, Shape Security, FireEye, Check Point, Symantec,
Vectra, PatternEx, CUJO AI, Cyware, Deep Instinct, Obsidian Security, and
Lastline.
Limitations
While there are an immense number of present uses within
cybersecurity at this point and many more in the future, there are drawbacks.
While AI creates cost savings (e.g. significantly less expense for any
potential breach and labor savings as these systems work efficiently and an
exceptionally timely manner, the ML/AI uses cases are not without their own
respective issues. These systems, while useful, are still capital intensive at
the beginning of their implementation and operation. These require large
amounts of memory, data, and computational power. The ML/AI systems learn from
data. The greater the amount of data, the better the decision-making
capabilities of the system. To arrive at the level required for proficiency and
efficiency, the system requires malware, non-malware, and anomalies to learn
from. These require the storage and processing power to learn from.
Resources
Balbix. (n.d.). Using artificial intelligence in
cybersecurity. Retrieved from https://www.balbix.com/insights/artificial-intelligence-in-cybersecurity/
Bocetta, S. (2019, June 12). Is AI fundamental to the future
of cybersecurity? Retrieved from https://www.csoonline.com/article/3402018/is-ai-fundamental-to-the-future-of-cybersecurity.html
Chickowski, E. (2019, December 30). How AI and cybersecurity
will intersect in 2020. Retrieved from https://www.darkreading.com/application-security/how-ai-and-cybersecurity-will-intersect-in-2020/d/d-id/1336621?image_number=7
Columbus, L. (2019, July 14). Why AI is the future of
cybersecurity. Retrieved from https://www.forbes.com/sites/louiscolumbus/2019/07/14/why-ai-is-the-future-of-cybersecurity/#106dc4e3117e
Crane, C. (2019, July 17). Artificial intelligence in cyber
security: The savior or enemy of your business? Retrieved from https://www.thesslstore.com/blog/artificial-intelligence-in-cyber-security-the-savior-or-enemy-of-your-business/
Delgado, R. (n.d.). What to expect from AI and cyber
security roles in the future. Retrieved from https://www.ccsinet.com/blog/what-to-expect-from-ai-and-cyber-security-roles-in-the-future/
Hypponen, M. (2020, February 11). AI can be an ally in
cybersecurity. Retrieved from https://venturebeat.com/2020/02/11/ai-can-be-an-ally-in-cybersecurity/
IBM Security. (n.d.). Artificial intelligence for a smarter
kind of cybersecurity. Retrieved from https://www.ibm.com/security/artificial-intelligence
inVerita. (2019, October 16). Why you should use artificial
intelligence in cybersecurity. Retrieved from https://becominghuman.ai/why-you-should-use-artificial-intelligence-in-cybersecurity-204dbe33326c
Kharkovyna, O. (2020, February 4). CyberSecurity + AI: Defined,
explained and explored. Retrieved from https://towardsdatascience.com/cyber-security-ai-defined-explained-and-explored-79fd25c10bfa
Laurence, A. (2019, August 22). The impact of artificial
intelligence on cyber security. Retrieved from https://www.cpomagazine.com/cyber-security/the-impact-of-artificial-intelligence-on-cyber-security/
Mullahy, T. (2020, March 20). AI and cybersecurity: 3 things
your team needs to know. Retrieved from https://techbeacon.com/security/ai-cybersecurity-3-things-your-team-needs-know
NormShield. (n.d.). Cyber security with artificial
intelligence in 10 questions. Retrieved from https://www.normshield.com/cyber-security-with-artificial-intelligence-in-10-question/
Palmer, D. (2020, March 2). AI is changing everything about
cybersecurity, for better and for worse. Here’s what you need to know.
Retrieved from https://www.zdnet.com/article/ai-is-changing-everything-about-cybersecurity-for-better-and-for-worse-heres-what-you-need-to-know/
Schroeder, A. (2019, July 12). 30 companies merging AI and
cybersecurity to keep us safe and sound. Retrieved from https://builtin.com/artificial-intelligence/artificial-intelligence-cybersecurity
Security Magazine. (2020, March 11). Nearly 60% of security
professionals trust cybersecurity findings verified by humans over AI.
Retrieved from https://www.securitymagazine.com/articles/91881-nearly-60-of-security-professionals-trust-cybersecurity-findings-verified-by-humans-over-ai
