A zero-day exploit initiated the 2020 SolarWinds attack, which spread to government agencies, major corporations and other organizations in the company’s supply chain.
In February 2021, a Chinese attack group dubbed Hafnium used a zero-day attack to exploit flaws in Microsoft’s Exchange Server email software, and within a couple of weeks, had infected more than 30,000 U.S. organizations — including a significant number of city, town and local governments — and thousands of other organizations in more than 115 countries.
Leaders’ favorite phrase — “work smarter, not harder” — may at times elicit eyerolls, but in cybersecurity, it is truly what’s necessary today. And with properly deployed artificial intelligence (AI), it is very possible. The key is to focus not just on protection, but on prevention.
Not all AI is created equal, so government agencies looking to adopt a predictive security posture should look for features that benefit them. That includes:
Most traditional AV systems depend on a constant flow of information and updates to stay up to speed and constant connectivity to the cloud services, which can leave them ineffective (or not working at all) when connectivity is lost. Because an AI-driven security solution does not rely on signature-based detection, it can continue functioning as long as it has power. AI-driven technology can often be extremely effective, even when years out of date.
AI handles its processing locally on the device, which requires fewer resources than traditional solutions that need a regular flow of updates and a steady transmission of data from a central location followed by a response from the IT center. That all adds to the traffic and latency on a network. And because AI can handle its job via a single AI process compared with traditional AV, which could be working with multiple products from different vendors, it often requires less memory to run. In some cases, AI only needs 50 to 70 megabytes as opposed to 700 megabytes or a gigabyte with typical AV.
Securing a Range of Systems
The Internet of Things is full of outdated medical devices, manufacturing devices, kiosks and point-of-sale machines with limited amounts of memory and running older operating systems, such as Microsoft Windows 7 or even Windows XP. They aren’t updated often but are still part of the network and must be protected. An AI system’s tiny footprint allows it to fit comfortably in those devices, delivering malware and attack prevention without requiring steady updates and management, and will continue to work seamlessly whenever that device’s OS is upgraded.
The key factor in a solution’s ability to work offline is its ability to function effectively without a constant flow of updates from a central location via an internet connection. That requires continual uptime and effort from the IT staff. An AI solution’s ability to learn as it goes and think independently allows it to function without the need for signature-based updates, because it doesn’t use them. A mature solution can go a year or more without needing a new version pushed out to a network’s endpoints.
This article is an excerpt from GovLoop’s recent report, “Smart Move: Why Government Agencies Need AI-Powered Cybersecurity.” Download the full report here.