Nothing gets our hackles raised more than another hack that threatens vital assets. Protecting data and information along with physical assets has become the all-encompassing concern of business, government and citizens alike.
It’s not surprising. Nearly every day, we see cyber criminals breach banks, credit bureaus, voting institutions, government services, medical data, and transportation systems, affecting many millions of individuals. Chances are you have personally experienced a breach. In recent years, the global cost of these attacks is estimated to be as much as $600B in funds stolen and costs to clean up the damage.
As threats escalate, as attackers grow more creative in evading even the most sophisticated defense, we’re also contending with a prolific rise in Internet-connected devices, data streams and network traffic. So what’s the answer? Or answers?
There are no easy ones, however artificial intelligence (AI) offers options. Specifically, threat intelligence is increasing as a key component of cybersecurity operations. A recent SANS survey on cyber threat intelligence found that 81% of respondents definitively said that the use of threat intelligence improved their security, while only 2% said it didn’t.
Smart investments today are key to achieving stable footing and maximizing cybersecurity for the future. As you consider the risks and opportunities ahead, artificial intelligence (AI) offers real potential to strengthen cybersecurity operations and defend computer networks.
Countering cybersecurity breaches and shoring up vulnerabilities are complex matters, complicated by many factors.
- Cyber workforce – While increasing threats hit our networks at a relentless pace, we’re facing a workforce shortfall of qualified cyber talent (8 million shortage by 2022). Automation can be configured for certain tasks, while artificial intelligence could power other cyber roles and outcomes.
- Technology capabilities – Most organizations use 20-40 different cyber software tools, often outdated and expensive to maintain. Machine learning can introduce workflow automation, behavior analytics, active monitoring, intelligent prediction and advanced threat detection to improve all aspects of Security Operations.
- Adversary sophistication – Adversaries today target weaknesses in the traditional Security Operations Center model. Most Advanced Persistent Threats (APTs) circumvent typical defenses. AI can focus on detecting and hunting for threats and evolving the organization to be more agile and able to contain security risks.
These realities aren’t changing any time soon. To strengthen readiness and response, consider modernizing security operations by integrating analytics and AI. As access to cybersecurity data grows, the ability to extract meaningful signals becomes more and more critical. With AI capabilities, you can move from just measuring signals (data) to creating sentinels (machine learning algorithms) to sense-making (actionable AI).
From threat hunting to risk analysis, there are many opportunities to leverage AI. As shown in the table below, there are a variety of common cybersecurity use cases for AI.
Common Cybersecurity Use Cases for AI
|Detecting malware, especially unseen variants, is a daunting challenge in organizations with a large number of endpoints, many users, and a wide public Internet presence.
AI approaches can learn characteristics of malware previously observed in order to predict potential malware infections that signature-based approaches would miss. Zero-day detection of new malware threats is usually considered impossible, but dynamic behavior modeling of malware can be a game-changer.
|Network anomaly detection
|High volumes of traffic traverse typical networks (internally and externally) each day and it is difficult to distinguish benign traffic from malicious or risky activities.
By employing AI, deviations from normal network traffic can be extracted in real time and evaluated by algorithms, saving massive amounts of time manually sifting through logs.
|Sophisticated threat actors are capable of intruding into networks and covering their tracks to look like a typical user, which makes detection and remediation very difficult.
By modeling patterns seen in malicious traffic (particularly user behavioral patterns), AI can learn over time the early-warning signals of malicious or inappropriate behaviors, so intrusion detection can get ahead of the threat, rather than requiring frequent rule updates.
|Many organizations are successfully able to implement first-order analytics (queries, statistics, patterns), but in isolation these datasets miss the big picture threat landscape.
Advanced AI analytical techniques can learn how to integrate multiple analytic data products to tell a more cohesive story regarding the aggregate threat.
|Deep packet inspection
|Network threats are continually evolving, and organizations must move past signature matching to uncover malicious content contained within network packets at network speed.
Modern computing architectures, such as GPUs, are being designed specifically for AI workloads at an attainable price-point using open source software.
Scaling analytics capabilities takes real commitment and investment. The starting point though is developing an enterprise ecosystem that will embrace and foster analytics and machine learning success. There is an abundance of research and experimental data available to help jumpstart an AI-driven approach to cybersecurity. For one approach, read Modernizing Cybersecurity with Machine Intelligence and learn more about advanced threat detection, hunting and analysis, including applications of behavioral analytics for modeling and insights discovery of user cyber behaviors and personas. Also check out the new Cyber Security standards across the defense industrial base as outlined in the National Defense Authorization Act of 2019.
Achieving proactive insights helps organizations get ahead of pervasive, persistent threat actors. Clearly, the time to act is now, before yet another cyber disaster strikes. AI offers powerful protection for cybersecurity operations in a world of escalating threats.
Dr. Kirk Borne is a GovLoop Featured Contributor. He is the Principal Data Scientist and an Executive Advisor at management consulting firm Booz Allen Hamilton since 2015. In those roles, he focuses on applications of data science, data management, machine learning, and AI across a variety of disciplines. You can read his posts here.