The threats against organizations are growing in volume and success, but can AI in cyber security stop the rot and turn failure into success?
There is a list of growing cyber security threats, ranging from a rise in identity thefts and account takeovers to vindictive ransomware strains. Businesses are feeling the strain, especially Fortune 500 enterprises, who have massive stores of data. Because of this, they have become attractive to bad actors who want to try and take over that honeypot.
AI in cyber security, while not a silver bullet, can help improve an organization’s overall cyber security posture — if they get the security basics right in the first place (firewalls, data encryption etc.).
AI in Cyber Security
New malware is constantly being generated, so it is incredibly difficult to recognize, let alone defend against. AI is able to look at all these various of malware — some predict it’s around 800 million different strains — and see certain patterns; this new malware has a similar code to X, Y, Z etcetera. The technology is useful in future-proofing organizations against new malware.
AI is also excellent at detecting anomalies; identifying patterns that do not match existing patterns of behavior. It can alert an organization if a malicious strain has entered the network quickly. This is a huge asset, because in the past malware could roam undetected for months, even years, harvesting data and generating significant revenue for the hackers.
Both the good guys and bad guys are using AI. But what AI does — along with basic cyber hygiene — is help make sure organizations do not fall prey to traditional types of attack.
AI can help with mitigating the insider threat as well. The insider threat — whether intentional or not — is the single biggest cause of organization vulnerability; clicking on a phishing email is a classic example. Employees need to undergo extensive and frequent cyber security awareness training. AI can help here as well — it can look at the pattern of internal computer usage from different data sources (individuals) within an enterprise. For example, if it’s 2 am in the morning and an employee is unusually logged into the network and downloading some internal files, the AI can quickly see this is anomalous behavior and take the appropriate steps.
Implementing AI in Cyber Security
AI shouldn’t be implemented for the sake of it. But, when should it be applied? Patel thinks that if there is a human expert who can do a certain task, but it takes them a long time to achieve it, AI can help. “Humans are very good at recognizing patterns and software is really good at following rules,” explains Patel. “You can teach a machine to behave like a human, and the more data it has, the better it gets at its job.”
Organizations want to embark on a cognitive journey and sometimes, they don’t care if AI fits into a particular use case. This is absolutely the wrong approach. To implement AI in cyber security (in anything), there has to be a use case and there has to be a strong data set, for supervised algorithms especially.
Access to data is a significant challenge in implementing AI in cyber. A lot of systems, especially in larger Fortune 500 companies, have multiple data silos. For AI to work, it needs access to those silos to train the algorithms with that data, while complying with regulations and maintaining strong ethics when handling particularly sensitive data.
Why AI in Cyber Security has yet to take off yet?
The key challenge for most security teams right now is getting hold of the data they need in order to get even a basic level of visibility on the fundamentals of how their security program is performing and how they measure up against regulatory frameworks like GDPR.
With access to security relevant data controlled by multiple stakeholders from IT to MSSPs and tool vendors there can be a lot of red tape on top of the technical challenges of bringing together multiple siloed data sources. Then there’s data cleaning, standardization, correlation and understanding — which often require a detailed knowledge of the idiosyncrasies of all the unique datasets.
Once all that work has gone into data collection, the benefits of applying simple statistics cannot be underestimated. These provide plenty of new insights for teams to work through — most won’t even have the resources to deal with all of these, let alone additional alerting from ML solutions. Until the general level of organizational maturity in the area of data-driven security increases, the applications of machine learning will likely be restricted to siloed use cases.
Dynapt.ai has been on the forefront of infusing AI into all kinds of traditional and modern domains. Oue team of experts will ensure that your applications, cyber and other security postures re equipped with state of the art AI technologies.