Cybersecurity and AI
The chances of the number of cyberattacks decreasing is …zero, nada, null, nil, etc. Likewise, the chances of the types of attacks are exceptionally small. As the years have passed, especially the last seven, the number of attacks has skyrocketed. One general attack accounting for a significant number of these have been the ransomware and BEC attacks. There are also too many individual attacks on large corporations published daily and weekly. Affected persons for each compromise can be as few as a few hundred or over 300M. Each compromise brings revenue in the form of a ransom or the data being sold on the dark net. The data indicates this is not going to slow down any time soon, and, is a good bet to continue to grow.
The blue team is facing insurmountable odds. The threats are located across the globe, all working to successfully attack the organizations. Granted the teams are doing their best to defend against the 7 days a week, 24 hours a day attacks. There is no doubt. Complicating the issue is the attacker’s creativeness. As they create a new piece of malware, the program is detected and a signature created. Being aware of this, the attacker creates a new piece of malware, and the cycle continues. As each attacker does this through the globe, the mass influx of malware is astounding. The difficulty level in defending against the known and unknown threats is difficult at best.
There continues to be a debate on AI whether this is a benefit or detriment; will it further society or be the end of humanity. Cybersecurity is a useful coupling with AI. The task at hand is daunting. One method used to assist with this increasing risk is machine learning (ML) and artificial intelligence (AI). This has been manifested in cybersecurity tools to analyze mass amounts of data, attempting to detect trends of attacks, and other methods. AI learns from its experiences and patterns in addition. This may, for example look for anomalies or odd activity with someone’s email account, indicating a successful phishing attack. This is processed through automation. Once this is placed into service, and trained, the system is able to accomplish its tasks 24 hours a day, seven days a week.
A nuance to this has been to code these applications to seek a new form of malware based on the prior detected examples. In this proactive approach, the system is looking forward attempting to stem the issue prior to it becoming one.
The conventional applications that are in place have difficulty with simply trying to maintain an awareness of present and new malware. This is due to the mountain of malware created every single month. The new tools are apt for detecting malware and its variants. These have the processing power to analyze the data, as it presently does, but also to review a piece of potential malware to gauge the probability of it being malware (aka fuzzy problems). The organizations are teaching the ML/AI systems to detect the viruses and malware through complicated algorithms. This builds from the present database of malware, compares the subject code to the database, and blocks any traffic based on previously noted prior events from known malware. This also works when the attackers have added code into the program which is moot. Even the minimal odd behavior indicating a ransomware attack would be detected and the activity stopped prior to gaining a substantial foothold into the network.
ML/AI may also be used internally for the organization. This may be used to monitor user’s activity. This would initially be integrated into the system to build a baseline of activity for the specific user. Further activity after the baseline is created is compared for anomalies, and other indicators of employee malfeasance (aka heuristics). Using the processing power, the apps are able to detect this activity within a few cycles. This potentially is able to block the malicious attack, credential theft, deployment of malware, and access to the network. This would be done automatically, in comparison to other solutions that detect and notify.
Another instance involves internal data theft. There have been multiple stories of the disgruntled employee or employee preparing to leave to work for another competitor, and happens to download multiple files within their last week. ML/AI. In this instance, heuristics would also be employed to monitor for any unusual activity, defined as anomalous or above the standard baseline. The program would look for not only the volume of data being downloaded, but also the folders, and file type/extension. This form of user behavior analytics is very useful and able to remove issues.
This innovative application, while relatively new in comparison to the entirety of the industry, has many organizations involved. The senior management has seen the value in this field, and has invested in the future. A few of these are Versive, LogRhythm, Cybereason, SparkCognition, Cylance, Tessian, White Ops, Truu, Anomali, Crowstrike, Darktrace, Cynet, Sovereign Intelligence, Jask, Fortinet, High-Tech Bridge, Palo Alto Networks, Perimeterx, Securonix, Sentinelone, Shape Security, FireEye, Check Point, Symantec, Vectra, PatternEx, CUJO AI, Cyware, Deep Instinct, Obsidian Security, and Lastline.
While there are an immense number of present uses within cybersecurity at this point and many more in the future, there are drawbacks. While AI creates cost savings (e.g. significantly less expense for any potential breach, and labor savings as these systems work efficiently and an exceptionally timely manner, the ML/AI uses cases are not without their own respective issues. These systems, while useful, are still capital intensive in the beginning of their implementation and operation. These require large amounts of memory, data, and computational power. The ML/AI systems learn from data. The greater the amount of data, the better the decision-making capabilities of the system. To arrive at the level required for proficiency and efficiency, the system requires malware, non-malware, and anomalies to learn from. These require the storage and processing power to learn from.
Balbix. (n.d.). Using artificial intelligence in cybersecurity. Retrieved from https://www.balbix.com/insights/artificial-intelligence-in-cybersecurity/
Bocetta, S. (2019, June 12). Is AI fundamental to the future of cybersecurity? Retrieved from https://www.csoonline.com/article/3402018/is-ai-fundamental-to-the-future-of-cybersecurity.html
Chickowski, E. (2019, December 30). How AI and cybersecurity will intersect in 2020. Retrieved from https://www.darkreading.com/application-security/how-ai-and-cybersecurity-will-intersect-in-2020/d/d-id/1336621?image_number=7
Columbus, L. (2019, July 14). Why AI is the future of cybersecurity. Retrieved from https://www.forbes.com/sites/louiscolumbus/2019/07/14/why-ai-is-the-future-of-cybersecurity/#106dc4e3117e
Crane, C. (2019, July 17). Artificial intelligence in cyber security: The savior or enemy of your business? Retrieved from https://www.thesslstore.com/blog/artificial-intelligence-in-cyber-security-the-savior-or-enemy-of-your-business/
Delgado, R. (n.d.). What to expect from AI and cyber security roles in the future. Retrieved from https://www.ccsinet.com/blog/what-to-expect-from-ai-and-cyber-security-roles-in-the-future/
Hypponen, M. (2020, February 11). AI can be an ally in cybersecurity. Retrieved from https://venturebeat.com/2020/02/11/ai-can-be-an-ally-in-cybersecurity/
IBM Security. (n.d.). Artificial intelligence for a smarter kind of cybersecurity. Retrieved from https://www.ibm.com/security/artificial-intelligence
inVerita. (2019, October 16). Why you should use artificial intelligence in cybersecurity. Retrieved from https://becominghuman.ai/why-you-should-use-artificial-intelligence-in-cybersecurity-204dbe33326c
Kharkovyna, O. (2020, February 4). CyberSecurity + AI: Defined, explained and explored. Retrieved from https://towardsdatascience.com/cyber-security-ai-defined-explained-and-explored-79fd25c10bfa
Laurence, A. (2019, August 22). The impact of artificial intelligence on cyber security. Retrieved from https://www.cpomagazine.com/cyber-security/the-impact-of-artificial-intelligence-on-cyber-security/
Mullahy, T. (2020, March 20). AI and cybersecurity: 3 things your team needs to know. Retrieved from https://techbeacon.com/security/ai-cybersecurity-3-things-your-team-needs-know
NormShield. (n.d.). Cyber security with artificial intelligence in 10 questions. Retrieved from https://www.normshield.com/cyber-security-with-artificial-intelligence-in-10-question/
Palmer, D. (2020, March 2). AI is changing everything about cybersecurity, for better and for worse. Here’s what you need to know. Retrieved from https://www.zdnet.com/article/ai-is-changing-everything-about-cybersecurity-for-better-and-for-worse-heres-what-you-need-to-know/
Schroeder, A. (2019, July 12). 30 companies merging AI and cybersecurity to keep us safe and sound. Retrieved from https://builtin.com/artificial-intelligence/artificial-intelligence-cybersecurity
Security Magazine. (2020, March 11). Nearly 60% of security professionals trust cybersecurity findings verified by humans over AI. Retrieved from https://www.securitymagazine.com/articles/91881-nearly-60-of-security-professionals-trust-cybersecurity-findings-verified-by-humans-over-ai
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.