AI is changing everything about cybersecurity, for better and for worse
by Elisha Moskel Talent Management Services2020 has started as 2019 ended, with new cyberattacks, hacking incidents and data breaches coming to light almost every day.
Cyber
criminals pose a threat to all manner of organisations and businesses,
and the customers and consumers who use them. Some of the numbers
involved in the largest data breaches are staggering, with personal data
concerning hundreds of thousands of individuals being leaked – each one
potentially a new victim of fraud and other cybercrime.
Businesses
are doing their best to fight off cyberattacks, but it's hard to predict
what new campaigns will emerge and how they'll operate. It's even
harder to discern what the next big malware threat will be: the Zeus
trojan and Locky ransomware were once major threats, but now it's things
like Emotet botnet, the Trickbot trojan and Ryuk ransomware.
It's difficult to defend your perimeter against unknown threats -- and that's something that cyber criminals take advantage of.
AI & ML to the rescue?
Artificial
intelligence (AI) and machine learning (ML) are playing an increasing
role in cybersecurity, with security tools analysing data from millions
of cyber incidents, and using it to identify potential threats -- an
employee account acting strangely by clicking on phishing links, for
example, or a new variant of malware.
But there is a constant
battle between attackers and defenders. Cyber criminals have long tried
to tweak their malware code so that security software no longer
recognises it as malicious.
Spotting every variation of malware,
especially when it is deliberately disguised, is hard: increasingly it's
by applying AI and ML that defenders are attempting to stop even the
unknown, new types of malware attack.
"Machine learning is a good
fit for anti-malware solutions because machine learning is well suited
to solve 'fuzzy' problems," says Josh Lemos, vice-president of research
and intelligence at Cylance, a BlackBerry-owned, AI-based cybersecurity provider working out of California.
The
machine-learning database can draw upon information about any form of
malware that's been detected before. So when a new form of malware
appears -- either a tweaked variant of existing malware, or a new kind
entirely -- the system can check it against the database, examining the
code and blocking the attack on the basis that similar events have
previously been deemed as malicious.
That's even the case when
the malicious code is bundled up with large amounts of benign or useless
code in an effort to hide the nefarious intent of the payload, as often
happens.
It was these machine-learning techniques
that enabled Cylance to uncover -- and protect users against -- a new
campaign by OceanLotus, a.k.a. APT32, a hacking group linked to Vietnam.
"As
soon as they came out with a new variant in the wild, we knew exactly
what it was because we had some machine-learning signatures and models
designed to orient to these variants when they appear. We knew they're
close enough in their genetic make-up to be from this family of threat,"
Lemos explains.
But uncovering new kinds of malware isn't the
only way machine learning can be deployed to boost cybersecurity: an
AI-based network-monitoring tool can also track what users do on a daily
basis, building up a picture of their typical behaviour. By analysing
this information, the AI can detect anomalies and react accordingly.
"Think
about what AI is really good at -- the ability to adapt and respond to a
constantly changing world", says Poppy Gustafsson, co-CEO of Darktrace,
a British cybersecurity company that uses machine learning to detect
threats.
"What AI enables us to do is to respond in an
intelligent way, understanding the relevance and consequences of a
breach or a change of behaviour, and in real time develop a
proportionate response," she adds.
For example, if an employee
clicks on a phishing link, the system can work out that this was not
normal behaviour and could therefore be potentially malicious activity.
Using
machine learning, this can be spotted almost immediately, blocking the
potential damage of a malicious intrusion and preventing login
credentials being stolen, malware being deployed or otherwise enabling
attackers to gain access to the network.
And all of this is done
without the day-to-day activity of the business being impacted, as the
response is proportionate: if the potential malicious behaviour is on
one machine, that doesn't require the whole network being locked down.
Timely response
A key benefit of machine learning in cybersecurity
is that it identifies and reacts to suspected problems almost
immediately, preventing potential issues from disrupting business.
By
deploying AI-based cybersecurity from Darktrace to automate some of the
defence functions, the McLaren Formula One team aims to ensure that the
network is going to be safe, without relying on humans having to
perform the impossible the task of monitoring everything at once.
"If
we can't see data coming off the car, if we're compromised, we stop
racing -- so high-speed decision-making from machines makes it safer,"
Karen McElhatton, Group CIO at McLaren explains. "Data isn't just bits
and bytes: we have video, we have chats, emails -- it's the variety of
that input that's coming and the growing volume of it. It's too much for
humans to be able to manage and automated tools are opening our eyes up
to what we need to be watching."
That's especially the case when
it comes to monitoring how employees operate on the network. Like other
large organisations, McLaren employs training to help staff improve
cybersecurity, but it's possible that staff will attempt to take
shortcuts in an effort to do their job more efficiently -- which could
potentially lead to security issues. Machine learning helps to manage
this.
"We've got really clever people at McLaren, but with smart
people come creative ways of getting around security, so having that
intelligence response is really important to us. We can't slow
decision-making or innovation down, but we need to enable them to do it
safely and securely -- and that's where Darktrace helps us," McElhatton
explains.
But while AI and ML do provide benefits for
cybersecurity, it's important for organisations to realise that these
tools aren't a replacement for human security staff.
It's
possible for a machine learning-based security tool to be programmed
incorrectly, for example, resulting in unexpected -- or even obvious --
things being missed by the algorithms. If the tool misses a particular
kind of cyberattack because it hasn't been coded to take certain
parameters into account, that's going to lead to problems.
"Where
AI and machine learning can get you into trouble is if you are reliant
on it as an oracle of everything," says Merritt Maxim, researcher
director for security at analyst firm Forrester .
"If the inputs
are bad and it's passing things through it says are okay, but it's
actually passing real vulnerabilities through because the model hasn't
been properly tuned or adjusted -- that's the worst case because you
think you're fully protected because you have AI".
Maxim notes
that AI-based cybersecurity has "a lot of benefits", but isn't a
complete replacement for human security staff; and like any other
software on the network, you can't just install it and forget about it
-- it needs to be regularly evaluated.
This Article Source is From: https://www.zdnet.com/article/ai-is-changing-everything-about-cybersecurity-for-better-and-for-worse-heres-what-you-need-to-know/
Sponsor Ads
Created on Mar 4th 2020 00:54. Viewed 474 times.