By: Muhammad Tariq Ahmed Khan
November 13, 2020
Artificial Intelligence In Cybersecurity Operations
By: Muhammad Tariq Ahmed Khan
November 13, 2020
Since the attack surface is rapidly expanding and continues to evolve at an unprecedented pace, cyber-attacks are becoming more sophisticated and are increasing at lightning speed. There are innumerable varying cyber threats that need to be detected, prevented, and analyzed to calculate their danger or risk accurately. Simultaneously, one of the biggest challenges is that cyber-criminals within various state-sponsored attackers, cyber terrorists, and hacktivists have emerged with Artificial Intelligence (AI) techniques. They circumvent many controls, gain privileged access to an organization's confidential data, and erase their traces to avoid detection. They tend to use AI to automate and enhance cyber-attacks and expand their attack-surface. Furthermore, AI is going through continuous advancements that can yield a new chain of cyber threats.
In response to this unprecedented challenge, organizations (private and public) are inclined to adopt AI-based solutions to deal with cybersecurity risks/ threats and fine-tune their security posture efficiently and effectively. While the cybersecurity outlook appears bleak, there is an immediate need to augment AI technology, with the help of Machine Learning (ML) and Deep Learning (DL), with today's cybersecurity threats and attacks landscape. This is necessary to cope with the constant battle against cyber-crime.
Here are some key points to be considered while augmenting AI technology with Cybersecurity operations.
First of all, organizations should focus on building a well-thought-out and integrated strategy, rather than merely deploying an additional burden on the network in the guise of best of breed AI technology. It is vital to ascertain realistic security requirements and business expectations and risks and success criteria to measure the success of implementation for deploying AI into cybersecurity.
Secondly, the quality of data input is an integral part of employing AI. So, data should be consistent, complete, and compact. In addition, a complete and accurate inventory of all devices, users, applications, and infrastructure, with all types of access to information systems along with the business criticality, should be established. Combining data from multiple sources and folding it together, so it becomes cohesive enough, then it can be fed within the ML.
ML, a subset of AI, is an approach to the science of AI. It provides computers the capability to learn through experience, without being explicitly programmed. The idea is to supervise a machine to learn, find patterns, solve problems, and predict outcomes based on various algorithms available in ML. As an example, malware's existing signatures can be used to train ML algorithms to discover any zero-day or unknown emerging malware.
Thirdly, sometimes the algorithms do not predict and learn the right things but something else. In addition to ML's available algorithms, organizations should consider developing customized AI-based use-cases to analyze patterns and learn from them. For example, AI-based use-cases can be developed to learn from malicious activities and stop attacks, analyze mobile endpoints, enhance social analysis, automate repetitive tasks, and close zero-day vulnerabilities. With this, ML is expected to predict the right outcomes with a minimum of 70% accuracy.
To achieve 90% accuracy, Deep Learning (DL) comes into the picture. DL is a subset of Machine Learning, where machines are capable of unsupervised learning. In DL, machine's algorithms learn through their algorithms to reach decisions in real-time without human intervention. A large amount of data stored and processed by various hosts on the network is analyzed, and decisions are made using predictive reasoning. It can understand the relationship between multiple events and then provide automatic threat scoring for compromised hosts. For example, DL can be used to distinguish between normal and abnormal traffic for anomaly detection. It can only be achieved by understanding, defining, and integrating the entire infrastructure (e.g., the network, applications, databases, hosts, etc.) with the AI solution.
As DL algorithms have been developed based on neural networks and layers, they function as independent brains. The key to success lies in adequately managing the architecture of this brain.
AI is a need of the hour as a substitute for human decision-making, and it uses scientific algorithms and evaluations to form a decision. It plays a significant role in cybersecurity, has many advantages. It can think like an attacker, and as a result, enhance the security posture of a specific area. It can almost eliminate human error from the process. In cases where there is a large amount of traffic, and human involvement is not possible, it works efficiently and effectively.
Organizations should use the combinations of supervised and unsupervised learning to make the most of AI. The key to success will be choosing the appropriate input that the algorithms can process to make decisions automatically.
No matter how powerful and expensive the AI technology is, achieving effectiveness is limited to only specified desired outcomes. There's no machine, yet, that can function and learn completely on its own.