“Time is what determines security. With enough time nothing is unhackable.” Aniekee Tochukwu Ezekiel.
Investments in new age security technologies have surged exponentially in the recent past to limit and minimise the risk profile and impact potential of the cyber threats. While this has helped in bridging the gap against the formidable cyber adversaries, the industry’ ability to timely discover and respond to cyber threats continues to be one of the defining challenges of our time. Security teams often find themselves overwhelmed by the ever-growing data sources, increasing complexity of technology environment and evolving nature of the cyber threat landscape. To put things into context, some of the core contributing factors to the challenge of timely discovery and response are:
• Data fluidity & volume: Security Operations Centres (SOC) are struggling to make sense of the sheer volume of data flowing from across the security & technology stacks - spanning across applications, infrastructure, network, IOT, end devices and extended environment which is often the target of advanced attacks.
• Ballooning Attack Surface: Attack surface is exponentially expanding, with addition of new IOT devices, cloud environment, adoption of 5G, distributed workforce and growing partner ecosystem, presenting a formidable challenge to the security posture of a company.
• User Behaviour & Trust: With employees connecting at the time, place and device of their choice, it is inherently an untrusted environment bringing in its own set of risks. User behaviour and data activity has become even more diverse and unpredictable, making it harder to identify anomalous behaviour which can lead to more false positives.
• Borderless Ecosystem: Model of a single centralised view of assets is getting blurred with the fast pace of adoption of new technologies, distributed setups, multi-tenant cloud environments, multiple operating environments, shared ownerships, etc. resulting in challenges in effectively monitoring, governing and assessment of the associated risk.
• Traceability Constraints: Attack traceability is proving to be hard with increasing use of supply chain attacks which have grown in sophistication, scale and impact – increasing vulnerabilities to company’ distributed networks and end-user points.
These factors coupled with significant shortage of security talent, skills and experience has aggravated the problem for the security teams and significantly constraint their bandwidth to think beyond day-to-day operations and prepare & solve for the future.
How AI can help?
AI can be a force multiplier for the security teams in their fight against cyber threats. It’s ability to adapt, learn and detect new patterns can accelerate detection, containment, and response. Along with pattern recognition, use of machine learning algorithms, and predictive and behavioral analytics, it can help in identifying and preventing attacks on real-time basis, and automatically detect abnormal user behaviour.
To understand it further, let’s look at five common cyber security use cases where AI is already playing a key role:
a. Accelerated Threat Detection: AI-powered cybersecurity systems can identify anomalies in network traffic by quickly stifling through high volume of data and user behaviour patterns that may indicate a potential threat. Thereby, reducing noise and allowing security teams to zero in on the strongest signals and indicators of compromise. With the use of machine learning algorithms, it can learn from past incidents to improve future threat detection, make decisions, and take actions more rapidly.
b. Active Vulnerability Management: AI can be used to identify and prioritise vulnerabilities in software and hardware systems, minimise manual time-consuming activities, and build auto containment and response strategies based on the severity. This can help organisations to reduce their attack surface and protect against potential threats.
c. User Behavioral Analysis: AI can analyse user behavior to identify suspicious activities such as unauthorised access, data exfiltration, and insider threats. It can also detect and prevent phishing attacks by identifying suspicious links and email content.
d. Automated Response: Organisations can use AI to automate areas such as security policy configuration, compliance monitoring, and threat and vulnerability detection and incident response processes, thereby helping organisations to respond to cyber threats proactively and in real-time. This can include blocking network traffic, isolating compromised devices, and quarantining malware.
e. Predictive Analytics: With use of machine learning algorithms and by analysing historical data, AI can identify patterns and trends that may indicate a future attack. This will enable organisations to stay in operations during an attack and significantly reduce the time an attacker is in the environment, thereby contributing to a more proactive security posture and cyber resilience.
Way Forward
AI can’t replace human security professionals, but its ability of speedy data analysis, real time event processing & correlation, anomaly detection, continuous learning, and predictive intelligence can significantly reduce time and effort associated with cyber threat response and help security teams to spend more time on strategic priorities and decisions.
Also, it is important to note that the characteristics that make AI a valuable weapon against security threats can also be manipulated by adversaries to develop new or more sophisticated attacks and detect system vulnerabilities. It can make it easier for cybercriminals to impersonate trusted users, auto generate contextual fraudulent & phishing emails, and evade detection during a compromise.
As we say fight fire with fire, to counter such AI driven threats and cybercrime, AI-driven security tools and strategies can prove a game changer in building a time sensitive discovery & response capability along with future fit skills for the ever-evolving cyber threat landscape.
Author: Priyank Kothari, Head of Information Security, Risk, and Compliance, Tesco Business Services