AI Might Be The Ultimate Answer To Cyber Threats

Uploaded on 2017-04-26 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Developments

In a constantly evolving digital threat landscape firewalls and antiviruses are considered tools of antiquity and now companies are looking to more technologically advanced means of protecting crucial data.

One such firm, UK-based Darktrace, uses machine learning capabilities, advanced algorithms that can adapt and learn, and probabilistic mathematics to learn the normal 'pattern of life' for every user and device in a network and detect anomalies. 

Their technology is modeled after how a human immune system identifies and responds to foreign threats, swiftly and without compromising the human body's key functions.

"The philosophy of our entire portfolio, or our approach, is largely based on this DNA: human immune system," Sanjay Aurora, managing director for Asia Pacific at Darktrace, told CNBC. "How have human beings, for millions of years, thrived and survived? (It) is because of our immune system. Almost every day, we're hit by unknown unknowns, which is the way organizations are also hit ... in terms of viruses and malware."

Experts point out the cyber-threat landscape has drastically changed and that criminals are now using more advanced technologies to launch sophisticated attacks. 

Even a few years ago, launching a distributed denial of service attack to take down a website, defacing webpages and stealing credit card details were considered major instances of cyber-attacks. Today, anything from medical records to airline miles, data that can be sold, are considered targets.

Detecting criminals who have breached a network has become harder because they maintain a low profile once they're inside. A recent report from cybersecurity company FireEye showed organisations on average took 99 days in 2016 to realise they had been breached. While that figure improved notably from the average 146 days it took in 2015, experts say attackers can do a lot of damage within that time.

In the past, attacks were extremely noisy, according to Eric Hoh, president for Asia Pacific Japan at FireEye. "Your computer would stop working and you'd know about it. There'd be a message that'll show on your computer and you'll know about (the attack)," he told CNBC.

Today, Aurora said, attackers are spending weeks, months and years looking for crucial information inside a network. More worryingly, he said, cyber-attackers are focused on not only stealing the data but also altering them without detection. If an attacker can alter a single row or column of data in a database once a month, undetected, in the long run the consequences can be severe because companies would find it hard to distinguish between real and fake. 

For example, if electronic medical records are altered without the knowledge of doctors and nurses, it could potentially lead to misdiagnoses that could put patients' lives in danger.

"This is the real scare, to not just a particular industry of a particular size, but to everybody. It is a matter of existence," said Aurora.

That's where Darktrace's artificial intelligence system comes in, with the latest technology offering called Antigena. Once a threat is identified, Antigena automatically responds by taking proportionate actions to neutralise it and buy security teams enough time to catch up. 

In essence, it acts like a digital antibody that can slow down or stop compromised connections or devices within a network without disrupting normal business operations.

"Human beings are still going to be fundamental, but right now, the kind of attacks, you find it very difficult to figure out and they're so quick that if you look at traditional means, by the time human beings get to respond, it's too late," Aurora explained. The technology has been operational for about a year among early adopters and was made available on a large scale earlier this month.

In February, Australian cyber-security company Nuix put out a report where they surveyed about 70 professional hackers and penetration testers at last year's Defcon, the global hacking and security conference, to understand their perspective on cyber-security.

In the report, about 88 percent of the respondents said they could break through cyber-security defenses and into the systems they target within 12 hours, while another 81 percent said they could identify and take valuable data within the same time frame even when the breach may not be detected for nearly 100 days on average.

The respondents said traditional counter-measures such as firewalls and antiviruses very rarely slowed them down, but having endpoint security technologies were more effective in stopping the attacks. About half said they changed their attacking methods with every target, which limited the effectiveness of security defenses based on known files and attacks.

Darktrace's Aurora said organisations need to invest in a new way of thinking about cyber-defense. "If you still do the same, which is put more resources or investment on the border, or put more investment and resources on rules and signatures which are completely not working out, you will be on the back foot," he said.

Investment in machine learning and artificial intelligence is crucial, according to Aurora, because machines can respond more quickly to the way attacks are mutating.

But that's not the only area that companies should look into. FireEye's Hoh said aside from defense capabilities, companies also need to invest in cyber-intelligence.

Intelligence gathering is very common in the physical world, it is used to protect national security interests of countries, thwart terror attacks and bring down illegal networks in areas such as human and drug trafficking.

"In the cyber-world, intelligence has played, up till now, a less prominent role," said Hoh. "I think that companies need to really pay more attention to knowing your attackers and understanding what valuable information you have that people would want."

Cyber-intelligence could help companies take surgical steps to protect crucial information, instead of having to invest in every piece of technology available, he explained.

Experts agree that companies should understand that breaches are inevitable. "You will get breached, but the question is how would you respond to this breach? Detect and respond is key," said Hoh.

Etay Maor, an executive security advisor at IBM Security, pointed out companies also have to train people to become more aware of digital threats and competent in tackling them. "There's a very painful issue of the people that need to be trained as well. It has to be a combination (of technologies and training)," he told CNBC.

Compounding the problem, a shortage of cyber-security professionals is an issue in most countries. Some universities are only just beginning to offer specialised degrees that would equip people with the necessary skills needed to combat advanced threats.

Meanwhile, experts say organisations have to also build a culture where employees are more aware of possible phishing attacks, for example clicking on suspicious links that would allow an attacker to install a piece of malware inside a computer and compromise the entire network. Indeed, the professional hackers surveyed by Nuix said employee education was an extremely important counter-measure.

Ultimately, as IBM's Maor said, it will become a combination of people, processes and technologies to tackle today's complex cybersecurity landscape. "It's a multi-layered approach," he said.

CNBC: 

You Might Also Read: 

Darktrace Cybersecurity Raises New Funding:

Four Startup Companies That Are Harnessing AI In The Invisible Cyberwar:

AI Ushers In A Whole New Era Of Hacking:

Five Things AI Can Do Better Than Humans:
 

 

« Time To Speak The Language Of Risk
Drones, Satellites And Cyber Warfare »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Intercede

Intercede

Intercede is a cybersecurity company specializing in digital identities, derived credentials and access control, enabling digital trust in a mobile world.

ProfitBricks

ProfitBricks

ProfitBricks is a secure cloud computing infrastructure-as-a-service (IaaS) solution.

IoT Security Foundation (IoTSF)

IoT Security Foundation (IoTSF)

IoTSF is a collaborative, non-profit organisation with a mission to raise the quality and drive pervasive security in the Internet of Things.

Scientific Cyber Security Association (SCSA)

Scientific Cyber Security Association (SCSA)

The main goal of Scientific Cyber Security Association is the development of scientific and practical directions of cyber security.

Elliptic

Elliptic

Elliptic solve the crucial problem of identity in cryptocurrencies, with the sole purpose of combating suspicious and criminal activity.

EPIC Insurance Brokers & Consultants

EPIC Insurance Brokers & Consultants

EPIC is an insuarnce broker and consultancy firm. Risk management services include risk consultancy and cybersecurity insurance.

Britive

Britive

The Britive Platform is a cloud-native security solution built for the most demanding cloud-forward enterprises.

Intrepid Solutions & Services

Intrepid Solutions & Services

Intrepid Solutions and Services provides technology solutions and professional services to key components of the intelligence and national security communities.

Hackuity

Hackuity

Hackuity is a breakthrough technology solution that rethinks the way of managing IT vulnerabilities in enterprises.

Valeo Networks

Valeo Networks

Valeo Networks is a full-service Managed Security Service Provider (MSSP). We partner with organizations to remove the burden of technology so that they can focus on growing their business.

European Union Agency for Network and Information Security (ENISA)

European Union Agency for Network and Information Security (ENISA)

The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe.

ShieldIO

ShieldIO

ShieldIO Real-Time Homomorphic Encryption™ enables your organization to reach regulatory compliance without compromising data availability.

ImagineX Consulting

ImagineX Consulting

ImagineX Consulting is a cybersecurity-focused boutique technology consultancy whose mission is to help our clients #BeBetter by reducing their corporate risk.

Resemble AI

Resemble AI

Resemble AI is an innovator in Generative Voice AI technology and tools to combat AI fraud including audio watermarking and deepfake detection.

Freeze

Freeze

Freeze prevents attacks before they can start by finding, removing, and stopping the spread of information about your organization and employees.

Pellera Technologies

Pellera Technologies

Pellera Technologies is by a singular purpose: to empower organizations with innovative IT solutions that unlock potential, drive progress, and fuel transformation.