AI is changing everything about cybersecurity, for better and for worseby Elisha Moskel Talent Management Services
2020 has started as 2019 ended, with new cyberattacks, hacking incidents and data breaches coming to light almost every day.
Cyber criminals pose a threat to all manner of organisations and businesses, and the customers and consumers who use them. Some of the numbers involved in the largest data breaches are staggering, with personal data concerning hundreds of thousands of individuals being leaked – each one potentially a new victim of fraud and other cybercrime.
Businesses are doing their best to fight off cyberattacks, but it's hard to predict what new campaigns will emerge and how they'll operate. It's even harder to discern what the next big malware threat will be: the Zeus trojan and Locky ransomware were once major threats, but now it's things like Emotet botnet, the Trickbot trojan and Ryuk ransomware.
It's difficult to defend your perimeter against unknown threats -- and that's something that cyber criminals take advantage of.
AI & ML to the rescue?
Artificial intelligence (AI) and machine learning (ML) are playing an increasing role in cybersecurity, with security tools analysing data from millions of cyber incidents, and using it to identify potential threats -- an employee account acting strangely by clicking on phishing links, for example, or a new variant of malware.
But there is a constant battle between attackers and defenders. Cyber criminals have long tried to tweak their malware code so that security software no longer recognises it as malicious.
Spotting every variation of malware, especially when it is deliberately disguised, is hard: increasingly it's by applying AI and ML that defenders are attempting to stop even the unknown, new types of malware attack.
"Machine learning is a good fit for anti-malware solutions because machine learning is well suited to solve 'fuzzy' problems," says Josh Lemos, vice-president of research and intelligence at Cylance, a BlackBerry-owned, AI-based cybersecurity provider working out of California.
The machine-learning database can draw upon information about any form of malware that's been detected before. So when a new form of malware appears -- either a tweaked variant of existing malware, or a new kind entirely -- the system can check it against the database, examining the code and blocking the attack on the basis that similar events have previously been deemed as malicious.
That's even the case when the malicious code is bundled up with large amounts of benign or useless code in an effort to hide the nefarious intent of the payload, as often happens.
It was these machine-learning techniques that enabled Cylance to uncover -- and protect users against -- a new campaign by OceanLotus, a.k.a. APT32, a hacking group linked to Vietnam.
"As soon as they came out with a new variant in the wild, we knew exactly what it was because we had some machine-learning signatures and models designed to orient to these variants when they appear. We knew they're close enough in their genetic make-up to be from this family of threat," Lemos explains.
But uncovering new kinds of malware isn't the only way machine learning can be deployed to boost cybersecurity: an AI-based network-monitoring tool can also track what users do on a daily basis, building up a picture of their typical behaviour. By analysing this information, the AI can detect anomalies and react accordingly.
"Think about what AI is really good at -- the ability to adapt and respond to a constantly changing world", says Poppy Gustafsson, co-CEO of Darktrace, a British cybersecurity company that uses machine learning to detect threats.
"What AI enables us to do is to respond in an intelligent way, understanding the relevance and consequences of a breach or a change of behaviour, and in real time develop a proportionate response," she adds.
For example, if an employee clicks on a phishing link, the system can work out that this was not normal behaviour and could therefore be potentially malicious activity.
Using machine learning, this can be spotted almost immediately, blocking the potential damage of a malicious intrusion and preventing login credentials being stolen, malware being deployed or otherwise enabling attackers to gain access to the network.
And all of this is done without the day-to-day activity of the business being impacted, as the response is proportionate: if the potential malicious behaviour is on one machine, that doesn't require the whole network being locked down.
A key benefit of machine learning in cybersecurity is that it identifies and reacts to suspected problems almost immediately, preventing potential issues from disrupting business.
By deploying AI-based cybersecurity from Darktrace to automate some of the defence functions, the McLaren Formula One team aims to ensure that the network is going to be safe, without relying on humans having to perform the impossible the task of monitoring everything at once.
"If we can't see data coming off the car, if we're compromised, we stop racing -- so high-speed decision-making from machines makes it safer," Karen McElhatton, Group CIO at McLaren explains. "Data isn't just bits and bytes: we have video, we have chats, emails -- it's the variety of that input that's coming and the growing volume of it. It's too much for humans to be able to manage and automated tools are opening our eyes up to what we need to be watching."
That's especially the case when it comes to monitoring how employees operate on the network. Like other large organisations, McLaren employs training to help staff improve cybersecurity, but it's possible that staff will attempt to take shortcuts in an effort to do their job more efficiently -- which could potentially lead to security issues. Machine learning helps to manage this.
"We've got really clever people at McLaren, but with smart people come creative ways of getting around security, so having that intelligence response is really important to us. We can't slow decision-making or innovation down, but we need to enable them to do it safely and securely -- and that's where Darktrace helps us," McElhatton explains.
But while AI and ML do provide benefits for cybersecurity, it's important for organisations to realise that these tools aren't a replacement for human security staff.
It's possible for a machine learning-based security tool to be programmed incorrectly, for example, resulting in unexpected -- or even obvious -- things being missed by the algorithms. If the tool misses a particular kind of cyberattack because it hasn't been coded to take certain parameters into account, that's going to lead to problems.
"Where AI and machine learning can get you into trouble is if you are reliant on it as an oracle of everything," says Merritt Maxim, researcher director for security at analyst firm Forrester .
"If the inputs are bad and it's passing things through it says are okay, but it's actually passing real vulnerabilities through because the model hasn't been properly tuned or adjusted -- that's the worst case because you think you're fully protected because you have AI".
Maxim notes that AI-based cybersecurity has "a lot of benefits", but isn't a complete replacement for human security staff; and like any other software on the network, you can't just install it and forget about it -- it needs to be regularly evaluated.
This Article Source is From: https://www.zdnet.com/article/ai-is-changing-everything-about-cybersecurity-for-better-and-for-worse-heres-what-you-need-to-know/
Created on Mar 4th 2020 00:54. Viewed 297 times.