How better to fight cybercrime than with today’s top cyber technology, AI; fighting fire with fire. Ross Brewer, Vice President and Managing Director at LogRhythm explains the ins and outs of artificial intelligence and the prospects it holds for the future of cyber security.
Over the last few years the world has seen a steady and increasing flow of high profile data breaches hitting the headlines. Whether the result of unknown web vulnerabilities, DDOS attacks or overall lax corporate data security policies, data breaches are becoming an everyday occurrence. In fact, it is generally agreed that no organisation is safe from hackers who use are using more and more sophisticated ways of breaching our defences – but they can be stopped before they cause any lasting damage to a business.
With the rise of hyper connected workplace environments, and the growth of cloud and mobile technologies, organisations can no longer rely solely on network and endpoint protection. The attack surface has grown rapidly and businesses that have not bolstered their cyber defences or invested in the right tools will find themselves extremely vulnerable to business risk. The rise of low security, internet-connected endpoints and cloud-based applications are a cyber criminal’s dream.
The traditional approach to cybersecurity has been to use a prevention-centric strategy focused on blocking attacks. While important, many of today’s advanced and motivated threat actors are circumventing perimeter based defences with creative, stealthy, targeted, and persistent attacks that often go undetected for significant periods of time. In response to the shortcomings of this approach, and the challenges of securing an increasingly complex IT environment, organisations need to shift their resources and implement strategies that are centered on rapid threat detection and response.
Artificial Intelligence (AI) and how it can be applied has been widely discussed, with CEOs increasingly looking at ways they can utilise this technology to improve business processes. Cyber security and data protection has – unsurprisingly – been top of mind during these conversations, however many are unsure how big a role AI will play and how they can implement it effectively.
In the past, a common problem has been that cyber criminals have relied on automation when launching their attacks, but organisations have been relatively slow in leveraging the same technology to protect themselves.
Organisations have always struggled with network visibility. AI, however, has the potential to transform cyber security practices by giving companies the ability to detect attacks in their earliest stages or anticipate them before they occur. Indeed, as the threat landscape becomes more complex, the role of AI in cyber security will increase substantially to help organisations keep up with cyber criminals’ sophisticated tactics. Businesses find it difficult to manually manage, process and analyse the volume of data generated by the myriad of IT and cyber security tools they have, which is no surprise given the complexity of today’s IT infrastructure. By implementing the right tools to automate these steps, high-risk threats can be detected and prioritised much more effectively.
For example, AI can be used to automatically generate behavioural whitelists of “normal” activity to help identify suspicious behaviour patterns and automatically identify and alert on potential threats and breaches. Furthermore, malware can invade and spread through an organisation quickly, exposing data and weakening security faster than administrators can react. In many cases, the extent of the damage is unknown. AI will become essential as the human eye loses the ability to spot such complex attacks by ensuring these threats are flagged as soon as a network has been compromised.
Understanding threat lifecycle management
Adopting an end-to-end threat lifecycle management (TLM) approach that provides insight into each stage of an attack is also crucial. When a hacker targets an environment, a process unfolds from initial intrusion through to eventual data breach, if that threat actor is left undetected . The modern approach to cybersecurity requires a focus on reducing the mean time to detect (MTTD) and mean time to respond (MTTR) where threats are detected and stopped early in their lifecycle, thereby avoiding downstream consequences and costs. It is AI that is increasingly helping businesses detect, anticipate, prioritise and neutralise these high-risk intrusions and anomalous behaviour.
However, whilst AI does represent the future of cyber defence, organisations need to be aware that it is not a silver bullet. It is important not to expect critical components of artificial analytics to actually ‘be’ AI – such as User and Entity Behaviour Analytics (UEBA), machine learning, forensics and advanced analytics. Indeed, true AI-like cyber protection needs a fusion of advanced, security-centric intelligent analytics involving machine learning, largely scalable and centralised data analytics, forensic analytics, and intelligent reporting. Only then can organisations be secure in any event – from within the core (premise and cloud), beyond the perimeter, to individual sensors.
With EU General Data Protection Regulation (GDPR) pending, AI will be pushed even further to the forefront of cyber security. Coming into force in May 2018, these regulations will change the way organisations manage the detection and reporting of breaches. In fact, businesses will only have a 72-hour window to report a breach, otherwise they risk having to pay a fine of up to 4 percent of the company’s turnover. IT teams simply will not have time to comb through the huge amounts of data that point towards a compromise to connect the dots. AI is subsequently becoming invaluable for organisations that are not only looking to protect their data and create a more efficient business, but also for those that need to remain compliant in the face of stricter regulations.