Use cases of AI and ML in cybersecurity

We explore how artificial intelligence (AI) and machine learning (ML) can be integrated into cybersecurity

As devices used for work continue to diversify, so do cyberattacks, but AI can help prevent them.

As cyberattacks become more diverse in their nature and targets, it’s critical that cybersecurity personnel have the right visibility to determine how to fix vulnerabilities accordingly, and AI can help solve problems that their human colleagues cannot. solve alone.

“Cybersecurity is like a game of chess,” said Greg Day, vice president and global CISO at Cybereason – a former executive at Palo Alto Networks.

“The adversary seeks to outsmart the victim, the victim aims to stop and block the opponent’s attack. Data is king and the ultimate prize.

“In 1996, an AI-based chess system, Deep Blue, won its first game against world champion Garry Kasparov. It has become clear that AI can both think broader, faster and further from the norm, and this is also true for many of its applications in cybersecurity.

With that in mind, we explore particular use cases for AI in cybersecurity that are in place today.

Work alongside staff

Day went on to explain how AI can work alongside cybersecurity personnel to keep the organization safe.

“We all know there aren’t enough cybersecurity personnel out there, so AI can help fill the void,” he said. “Machine learning, a form of AI, can read input from SoC analysts and transpose it into an ever-expanding database.

How Combining AI and Humans Can Help Fight Cyber ​​Fraud

Charlie Roberts, Business Development Manager, UK, Ireland and EU at IDnow, explains how the combination of AI and humans can help fight cyber fraud. Read here

“The next time the SoC analyst walks into similar symptoms, they are presented with previous similar cases with the solutions, based on both statistical analysis and the use of neural networks – reducing human effort.

“If there is no previous case, the AI ​​can analyze the characteristics of the incident and suggest which SoC engineers would be the strongest team to solve the problem based on past experiences.

“All of this is actually a bot, an automated process that combines human knowledge with digital learning to give a more efficient hybrid solution.”

Fight the robots

According to research by Imperva, more than 40% of global internet traffic is made up of bots, with the majority of cyber attack techniques such as account takeover being performed by these machines. These have also proven to be important in fraudulent attacks.

Mark Greenwood, Chief Technical Architect at bot management specialist Netacea, discussed the benefits of bots in cybersecurity, keeping in mind the need to distinguish right from wrong.

“Companies cannot fight automated threats with human responses alone. They need to use AI and machine learning if they really want to tackle the “bot problem”. Why? Because to truly differentiate between good bots (such as search engine scrapers), bad bots, and humans, businesses need to use AI and machine learning to build a comprehensive understanding of their website traffic.

“There is a need to ingest and analyze large amounts of data and AI makes this possible, while adopting a machine learning approach allows cybersecurity teams to adapt their technology to a landscape. constantly evolving.”

By observing behavior patterns, companies can see what an average user journey would look like, find potentially suspicious activity, and act on it.

Endpoint Protection

Considering some aspects of cybersecurity that can benefit from technology, Tim Brown, CISO at SolarWinds, says AI can play a role in protecting endpoints. This becomes increasingly important as the number of remote devices used for work increases.

“By following best practice guidance and staying current with patches and other updates, an organization can be responsive and protect against threats,” Brown said.

“But AI can give IT and security professionals an edge against cybercriminals.”

Should CEOs take responsibility for cyber-physical security incidents?

Gartner predicts that 75% of CEOs will be personally responsible for cyber-physical security incidents by 2024, as the financial impact of breaches increases. Read here

Brown continued, “Antivirus (AV) versus AI-driven endpoint protection is an example; AV solutions often work on the basis of signatures, and it is necessary to follow signature definitions to stay protected against the latest threats. This can be a problem if virus definitions are lagging, either due to a failed update or lack of knowledge on the part of the AV vendor. If a new, never-before-seen strain of ransomware is used to attack a company, signature protection won’t be able to catch it.

“AI-based endpoint protection takes a different approach, establishing a behavioral baseline for the endpoint through a repeated training process. If anything unusual happens, the AI ​​can report it and take action. , whether it’s sending a technician notification or even reverting to a safe state after a ransomware attack, this provides proactive threat protection, rather than waiting for signature updates.

“The AI ​​model has proven to be more effective than traditional AV. For many small and medium businesses served by an MSP, the cost of AI-based endpoint protection is typically a small number of devices and therefore should be less of a concern.The other thing to consider is the cost of cleaning up after infection – if AI-based solutions help to avoid potential infection, they can pay for themselves by avoiding cleaning costs and, in turn, creating greater customer satisfaction.

Machine learning versus SMS scams

With flexible work between office and home and the use of personal devices to complete tasks and collaborate post-pandemic, it’s important to be wary of scams taking place in text messages.

“With malicious actors diversifying their attack vectors during the pandemic and beyond – using Covid-19 as bait in SMS phishing scams – organizations are under intense pressure to bolster their defenses,” said Brian Foster. , chief product officer at ReliaQuest – formerly at MobileIron.

“To protect devices and data against these advanced attacks, the use of machine learning in mobile threat defense (MTD) and other forms of managed threat detection continues to evolve as an approach. very effective security.

“Machine learning models can be trained to instantly identify and protect against potentially harmful activity, including unknown and zero-day threats that other solutions cannot detect in time. Equally important, when the machine learning-based MTD is deployed through a unified endpoint management (UEM) platform, it can augment the baseline security provided by UEM to support a mobile security strategy. layered business.

How to keep peripheral devices secure

As cyberattacks increase as employees work from home, we take a look at how edge device security can be ensured. Read here

“Machine learning is a powerful, yet unobtrusive, technology that continuously monitors application and user behavior over time to identify the difference between normal behavior and abnormal behavior. Targeted attacks typically produce a change very subtle in the device and most of them are invisible to a human analyst. Sometimes detection is only possible by correlating thousands of device parameters via machine learning.”

Obstacles to overcome

These use cases and many more demonstrate the viability of effectively uniting AI and cybersecurity personnel. However, Mike MacIntyre, vice president of product at Panaseer, believes the space still has hurdles to overcome for this to truly materialize.

“AI certainly holds a lot of promise, but as an industry we need to be clear that it is not currently a silver bullet that will solve all cybersecurity challenges and solve the shortage. skills,” MacIntyre said.

“That’s because AI is currently only a term applied to a small subset of machine learning techniques. Much of the hype around AI comes from how the products of Corporate security have embraced the term and misconception (intentional or otherwise) about what constitutes AI.

Blockchain and Cybersecurity: Seeing Beyond the Hype

Terry Greer-King, Vice President EMEA at SonicWall, explains how to beat the hype when it comes to blockchain and cybersecurity. Read here

“The algorithms built into many security products could, at best, be termed narrow or weak AI; they perform highly specialized tasks in a single, restricted domain and have been trained on large volumes of data, specific to a single domain. This is a far cry from general or strong AI, which is a system capable of performing any generalized task and answering questions in multiple domains.

“Another major hurdle that hampers the effectiveness of AI is the data integrity issue. There is no point deploying an AI product if you cannot access relevant data feeds or do not not install anything on your network The future of security is data-driven, but we’re a long way from seeing AI products live up to their marketing hype.

Related:

How AI Could Be a Game Changer for Data Privacy – AI offers multiple benefits to businesses, but it also presents data privacy risks.

Why fraud is getting more sophisticated — Dimitrie Dorgan, Senior Fraud Specialist at Onfido, explores why fraud is getting more sophisticated and how organizations can prevent it.