In this modern age of cybersecurity, the level of sophistication of threats and malicious activities has significantly increased. The threats are becoming harder to detect and the damage caused in an enterprise has gone up many folds.
Whatever security measures you may build around your organisation today, the shocking reality is that no system or infrastructure till today is 100 percent secure neither we will be able to achieve such universal security at least in near future.
Considering this reality, the modern security systems and platforms are essentially moving away from the traditional “deterministic” approach of dealing with security threats to a “probabilistic” kind of an approach.
What that means is that in the traditional approach we used to be very certain of an attack that already happened and then only take necessary remedial actions or take a stand on how to deal with the situation.
Contrarily, in the modern probabilistic approach using Artificial Intelligence and Machine Learning techniques, we take a probabilistic approach to generate an alert by continuously monitoring the network, devices and user behaviours even when we are not very sure of an attack or malicious activity.
This approach provides an advantage over the traditional deterministic approach because of its predictive nature. The same applies to the security strategy and model that we implement in an enterprise while dealing with such cybersecurity threats.
The approach is very similar to how a human body fights against intruders. If you consider our DNA, which is essentially an information that can be damaged, altered or hacked by any external entities. Our immune system deals with that kind of attacks and risks every day.
Millions of viruses attack our DNA all the time but our body has an amazing security system which keeps monitoring the entire body even to the level of the DNAs all the time to safeguard us from any such attacks or threats. It generates early alerts and activates different hierarchies of defense mechanisms available in our immune system immediately to fight against such threats.
The reason that our immune system is so effective is because it knows what is internal and what isexternal to our body, i.e. what is part of us and what is an outsider, like various viruses. And this is how it knows how to protect our body from the external attacks.
With the above philosophy in mind few of the leading cyber security companies leveraged the power of Artificial Intelligence and Machine Learning and developed their groundbreaking AI cyber defense platform which mimics the human immune system. These platforms are self-learning, capable of understanding what is normal and what could be an emerging threat in real time and can take remedial measures accordingly. They are also capable of automatically modeling every network, devices, users and other asset behaviours in an enterprise and not only provides early alert of any probable threat but also provides threat visualisation dashboard using tropological network projection techniques that allows security analysts to act on the security threats and thus preventing them rather than reacting to the attacks after it had actually happened.
One example of such an advanced platform which is worth mentioning here is Darktrace which uses “self-learning AI to identify and respond to in-progress cyber-threats”. This proactive cyber risk management approach in an enterprise can reduce the risk of attacks and its consequences dramatically by safeguarding its resources and users well in advance of the attacks.
I personally believe that the firewalls and “Signature-based Models” such as conventional anti-virus and other products are not going to be completely ineffective at least in the near future as claimed by many of the cybersecurity experts.
Rather, we should build a layered approach wherein the firewalls and “Signature-based Models” can be one level of security. But there should certainly be an additional layer of AI and Machine Learning algorithms which is going to help identifying unusual activities, unusual data flow and patterns and suspicious buildups in an around your network and devices.
This can tell you in advance with some degree of probability and confidence that there could be some security threat in your enterprise considering many such factors and thus shrink the attack surface which is otherwise simply impossible to deal with a traditional approach.
Also, AI models once trained to have the capability to detect the genome of many malicious entities. So, it can easily detect the advanced versions and different variances of such malicious programmes. Any malware is often communicated within encrypted traffic through the internet, and sensitive data passed across the cloud.
AI can very well be used in this type of scenarios to be able to learn how to automatically detect unusual patterns in encrypted web traffic and can improve network security defenses dramatically. These categories of products use machine learning to process incoming threat samples to determine if they are malicious based on the knowledge and the patterns that it learns every day.
It can determine how likely an incoming pattern is a new malware and accordingly, it can trigger the analysis to create patterns and signatures of the new malware and incorporate it into the core security fabric which in turn distributes to the cloud or as an update to all the subscribers. AI-powered malware scanner products are becoming increasingly popular because of their various advanced capabilities.
The spamming and phishing cases are not new but are becoming more and more sophisticated every day with bad actors implementing new and innovative techniques continuously for fooling users and spam filtering applications. It is almost impossible to keep pace with such innovative attack strategies continuously evolving in the dark world. So, AI and ML techniques have become almost indispensable to detect and arrest such attacks.
On the other hand, even attackers have begun to adapt AI and machine learning techniques themselves to find out a loophole in your security systems and formulating attack strategies. They also keep discovering innovative ways to play with the training data used for your machine learning model, this is something called “Data Poisoning”. If these guys can somehow figure out how where your training data is stored to train your machine learning models, they can feed misleading data to confuse your ML model thus degrading its accuracy and jeopardise your overall game plan for fighting attacks.
So, a solid strategy around protecting your AI and ML algorithms and the data used for training them sometimes becomes more crucial than safeguarding other vulnerable resources in your enterprise; at least when you are using AI at the forefront to fight such cyber attacks.
(The author of this article is Utpal Chakraborty. He is an industry expert on Artificial Intelligence in banking. Views expressed are a personal opinion.)