We’re just two weeks away from our flagship quarterly event- Security Spotlight Forum. As always, we intend to get attendees up to date with the very latest developments in the field of cyber security and there is no doubt that one such area is Artificial Intelligence (AI) and Machine Learning (ML). In the run up to Security Spotlight Forum therefore, I would like to describe some of the uses of these technologies in cyber security.
Before I start, I’d like to clarify that I use these terms in the same context and would therefore like to define what AI and ML are. Simply put, they entail applying compute power to complex problems and then allowing the computer to come up with a solution. Unfortunately, since this is a broad definition, it allows the terms to be loosely applied by any technology provider, thereby turning a cutting-edge technology into a mere industry buzzword.
On the contrary, the science behind AI and ML is complex yet extremely interesting Across the world, the brightest scientific minds are applying themselves to the field. Its scope is vast and can include everything from a simple decision tree to applying CPU power to highly complex questions.
What is certain though is that automating the answer to complex issues has the potential to be a revolutionary technology with benefits that we are yet to imagine.
Addressing the Cyber Security Challenge
The digital revolution of recent years has brought along with it a tremendous surge in cyber-attacks. As this becomes one of the biggest concerns for Industry 4.0, it makes sense to leverage the power of AI to solve this challenge. Currently, when we talk about AI in the context of cybersecurity, we primarily think about automating response and defense– both of which are necessary and involve applying computing power to differentiate between what’s good and bad.
The true potential however extends well beyond this and there are numerous use-cases such as utilizing machine learning from event, network and user behaviour detection to train malware analysis systems on large datasets, thus generating more accurate detection of malicious files and behaviour in various forms of threat intelligence, as well as detection capabilities on our cyber security platforms. Every single one of our large cyber security platform partners, be it F5 Networks, Palo Alto Networks, Fortinet, Symantec, Cisco or Splunk, are therefore applying ML and AI on their platforms today.
What’s also interesting is how AI and ML are constantly moving down in the defense chain. Before, we imagined AI to involve super computers locked up in dark data centers and operated by scientists in white lab coats. But now, most firewalls and endpoint solutions have capabilities which at least automate some of the decisions and analysis.
There are a number of areas where we will see AI impacting our lives as cyber security professionals. The first automated penetration systems have emerged wherein computers perform all the tasks of a penetration test. Of course, pen testers have always used computers, but here we are talking about fully automated and unsupervised penetration testing systems. In fact, at Black Hat in 2016, for the first time, a computer was awarded the Black Badge, which is one of the highest recognitions you can get as a hacker.
The Downside
But as with all good things there is also a flip side to AI. Cyber security is an arms race, and unfortunately defensive investments are greatly overshadowed by the offensive investments (a recent report has shown that if cybercrime were a country, it would have the 13th highest GDP in the world!). Therefore, when we think of AI/ML from a defensive perspective, we must remember that cyber criminals are also exploring its ability to achieve their malicious objectives.
Malware Will Get Worse
Attackers have begun using AI and ML to aid their malware creation. While we talk about malware already being a major problem, thus far the creation of malware has always been relatively manual. Furthermore, most of the malware attacks we have seen so far have not been targeted- rather broadly distributed (though highly effective) generic malware.
With AI powered malware variants, and the supporting infrastructure for malware also being automated, highly targeted attacks can be generated easily. To understand the magnitude of this challenge, think about all the impact broadly distributed malware have had over the last 5 years, and imagine this growing exponentially through the application of AI.
AI Helps Evasion
AI and ML can also be used when attackers design the detection evasion nature of their malware. While the cyber security industry invested billions of dollars in sandbox technologies, the attackers spent even more on building capabilities in their malware to avoid detection. As a result, sandboxes today are great for gathering threat intelligence, but you simply can’t deploy them in the hope that they’ll protect you from all attacks.
Social Engineering is also an area where attackers are using AI and ML- it doesn’t take a lot of imagination from a social engineering perspective to start thinking about what the voice recognition capabilities of for instance Amazon Alexa or Apple’s Siri would be able to do in the hands of a hacker.
Finally, if attackers can bring down the costs of their attacks using AI and ML, we can expect to see them begin creating large volumes of easy-to-detect campaigns. These would overload our threat intelligence with too many events or too many IP addresses- thereby letting the really malicious attacks get lost in the noise.
There is Hope
No doubt reading all this may make you a little worried about the future – but fear not – I believe that cyber security will continue to get better at keeping attackers at bay for many years to come. Most importantly, even as attacks and defense continue to coevolve, the best defense will still be to get your basics right. Good configuration and operation of security systems, constant risk assessment and mitigation capabilities will still be key.
As we embark on digital transformation, your organization will not operate IT, but IT will operate your organization, making the requirement for cyber security capabilities greater than ever before. If you are unsure of how to do this in the face of highly motivated cyber attackers, you need to work with organizations such as Help AG that have built their entire business around helping organizations always stay secure and a step ahead. And there’s no better opportunity for you to get an in-depth view of just how we can leverage AI and ML to strengthen the security posture of your organization than by attending our Security Spotlight Forum in Dubai (25 June, 2018) or Abu Dhabi (26 June, 2018). Seats are filling in fast; email Soumya.Prajna@helpag.com to confirm your attendance today!
Blog by:
Nicolai Solling, CTO at Help AG