Tally banner

“How Artificial Intelligence is Accelerating Cybersecurity”

October, 23, 2018

Authored by Mr. Nirmal Kumar, Associate Vice President at Paladion Networks.

Artificial Intelligence is a buzzword these days. In this article, we would like to cut through the hype surrounding this term and get to the heart of what AI has to offer in cybersecurity (and what is just hype).

Today’s Evolved Threat Landscape and the Need for AI

To be clear, there is a real need for AI to effectively defend against today’s evolved attacks.

In the past, effective cybersecurity meant analyzing system logs and alerts from IPS/AV products. But today, we have a lot more threat data to analyze. We now must look at network traffic, endpoint internals, application & transaction data, user access data, cloud data, threat intel data, social media data, dark web data… and the list goes on. It would be impossible for any human-only team of cybersecurity experts—no matter how effective they are—to analyze all relevant data to detect and respond to modern cyber threats.

We Still Need Human Cybersecurity Experts

This spells out the primary need for AI in cybersecurity today. AI is required to quickly analyze this influx of threat data, and to analyze it with enough complexity, scale, and speed to uncover both unknown and known threats in near real-time. We still require human cybersecurity experts to evaluate the AI’s output, determine if there’s really an attack, and select the appropriate response. But human actors can no longer perform these foundational cybersecurity actions without a powerful AI system augmenting their insight.

No Silver Bullet: What AI Can Do, and What AI Can’t Do

This reality—that we will still require human cybersecurity experts—will come as a surprise for many readers. The reason for this is simple: in today’s marketplace, AI is being sold as a standalone “silver bullet” solution to every cybersecurity problem.

Often, if you read about AI you will hear it discussed interchangeably with two other concepts: Machine Learning, and Data Science. These three terms are related, but not interchangeable:

  • Artificial Intelligence: A broad term related to how to make machines mimic human thinking and action.
  • Machine Learning: A subset of Artificial Intelligence related to teaching machines how to learn from past data and create their own knowledge.
  • Data Science: Various activities within data engineering that needs to be “taught” to a computer to enable machine learning. These activities include data collection, preparation, integration, visualization, measuring algorithm performance, and the like.

From teasing out these three terms, and applying a little precision to our definitions, it becomes clear that AI primarily revolves around taking a foundation of data science and using machines to scale and supercharge these activities.

Finding the Best Place for AI in Cyber Defense

Now, in our comprehensive Managed Detection & Response (MDR) service, we have found beneficial uses for AI within every stage of an attack’s lifecycle. AI can be very effective at orchestrating a full response to a detected threat. AI is effective at containing the speed of an attack, recovering affected systems, mitigating root causes of the attack, and improving the security posture after the attack has been remediated.

But, overall, as a cluster of activities, AI’s superior analytics-focused capabilities shine best within the detection phases of our services. We have found AI most often effective at driving:

  • Triaging: AI deploys historical patterns, clustering, association rules, and data visualizations to present human experts with fully triaged and enriched alerts.
  • Threat Hunting: AI does not require fixed rules to uncover the patterns, anomalies, and outliers that indicate unknown attacks.
  • Incident Analysis/Investigation: In the event of an attack, AI defines the impact of the attack, who the attackers are, what the attack chain looked like, and who was the attack’s “patient zero”.
  • Threat Anticipation: AI compiles terabytes of global threat data, applies it to each organization’s unique context, and proactively evolves their defenses against likely incoming threats.

By now, you have a much better understanding of AI’s role as a necessary element of any modern cybersecurity posture, but an element that is not sufficient on its own. That is why AI is simply one element in our Left of Hack – Right of HackSM cyber defense service.



Share Your Views - post Your Comments Below

DT encourage Readers to go for verification process for security reasons.

Max Characters 1000.

We request you not to post comments that are obscene, libellous, slanderous or in flammatory, and do not indulge in personal attacks, name calling or inciting hatred against any community. Any offensive comments will not be published and will be forwarded to cyber crime department.

Posted Comments
There are no comments yet.
Reve Banner