AI Will Underpin Cybersecurity

Cybersecurity risks are growing in complexity and volume, but artificial intelligence techniques can help businesses track and fight them in real time.

Cyber criminals continue to launch increasingly sophisticated and devastating attacks on industrial, business and financial organisations around the world, and the damage from such crime could reach $6tn by 2021, according to a report from Cybersecurity Ventures.

It has become clear that organisations cannot simply rely on manpower and human interaction to fight off cyber-attacks. Not only is it time-consuming for employees to spot potential threats, but it is also challenging to come up with security technologies to prevent them. So there are fears that businesses will continue to fall victim to hackers.

As a result, organisations are being forced to consider new ways to boost their cyber defences. Whether it is implementing new cloud strategies or big data analytics, many companies are showing that they can think outside the box when it comes to modernising their IT security defences.

But artificial intelligence (AI) is emerging as the frontrunner in the battle against cyber-crime. With autonomous systems, businesses are in a far better place to strengthen and reinforce cyber security strategies. But does this technology pose challenges of its own?

Large organisations are always exposed to cyber criminals, and so they need appropriate infrastructure to spot and combat threats quickly. James Maude, senior security engineer at endpoint security specialist Avecto, says systems incorporating AI could save firms billions in damage from attacks.

“Although AI is still in its infancy, it’s no secret that it is becoming increasingly influential in cyber security,” he says. “In fact, AI is already transforming the industry, and we can expect to see a number of trends come to a head, reshaping how we think about security in years to come. We might expect to see AI applied to cyber security defences, potentially avoiding the damage from breaches costing billions.”

But Maude believes the use of AI in cyber security is a double-edged sword. While businesses will see the benefits, criminals will also tap into this technology to automate attacks. He says businesses could “see criminals and nation states using innovative AI attacks to do serious harm to everything from companies’ reputations to critical infrastructure”.

Andy Powell, vice-president and head of cyber security at professional services firm Capgemini, agrees that criminals could turn to AI to drive their attacks. “From a hacker’s point of view, AI will power attacks, from automatically generating and launching distributed denial of service(DDoS) attacks via the internet of things (IoT), to rapidly analysing code and system weaknesses before inserting exploitation methods,” he says.

New Opportunities
Based in the UK, RazorSecure is an example of a cyber security company that is capitalising on the potential of AI. It uses AI techniques to recognise attacks targeting the aviation, rail and automotive markets, and is one of nine cyber security firms chosen to take part in GCHQ’s latest Cyber Accelerator. Alex Cowan, CEO at RazorSecure, says AI and deep learning will transform cyber security approaches in the coming years. “Artificial intelligence is a big part of the future of cyber security,” he says. 

“One of the key areas we must solve is how to not only use deep learning for correlation detection, but also causation. Without understanding the ‘why’ behind a cyber security incident, we will always be chasing false positives and lacking the ability to prioritise a growing queue of cyber security incidents.
“Cyber security is a difficult enough problem. We must use AI to bring a new focus and to enhance and improve our ability to manage security of systems. Given the shortage of cyber security professionals and the explosion in IoT and cloud systems, at RazorSecure we are focused on working smarter, not harder. And as an industry, we must stop inflating the scale of the problem.”

Headquartered in Cardiff, Amplyfi is a cutting-edge business that is using AI to transform cyber security research. It has created a learning platform that mines the deep web for key security trends. The company recently completed a project with Harvard University that explored North Korean biological warfare threats. Chris Ganje, CEO at Amplyfi, says: “Artificial intelligence is prevalent across almost every industry and, among other things, is an indispensable tool to help uncover the threat landscape for an organisation.

“In cyber security, AI can automatically identify potentially malicious software behaviour, attack vectors and related anomalies in real time, allowing a continuously adaptive defence mechanism to identify and shut down intrusions faster and easier than ever before.” 
“This technological advancement not only significantly reduces the number of cyber security breaches, but also empowers analysts to better focus their time and speeds up the process to identify breaches from hundreds of days to mere hours.”

Farrpoint, an independent consultancy that advises companies on matters surrounding IT infrastructure, cyber security and connectivity, has also shifted its attention to AI. It has worked with a number of high-profile clients, including Kwik Fit, Total and Clarks, and public sector organisations such as the Scottish government, the NHS and the London Borough of Greenwich. Dan Brown, a cyber security consultant at Farrpoint, says companies can speed up response times by implementing machine learning. 

“Traditionally, identifying a cyber threat would require prior knowledge of the function and source of the threat,” he says. “Machine learning means that technology can adapt and improve, using its learned knowledge to flag up shared characteristics of threats and pre-empt a previously unseen attack.”
“The continual seep of AI into security offerings should help shift the balance of power, giving companies the upper hand, speeding up responses and helping to spot potential problems before they occur. AI is also able to spot, and adapt quickly to, changes in attack methodology.”

Managing complex data
With threats becoming more complicated, cyber security professionals are dealing with a growing influx of data. Alexandra Mendes, a senior lecturer in computer science at Teesside University, believes AI is the answer.

“AI systems and techniques have a big role to play in cyber defence,” she says. “In recent years, with the huge increase in the number of systems and security attacks, the amount of data that cyber security professionals have to process has increased dramatically, to the point where it is impossible to process it manually.
“It is also almost impossible to manually detect patterns in the data that can be used to respond to, or prevent, security incidents. Modern AI techniques, such as machine learning and deep learning, have an important role to play in the analysis of that data. They are particularly useful for predicting attacks and providing response plans.
“In fact, these AI techniques have been used to improve the performance of intrusion detection systems. More classic AI techniques, such as AI planning, still have an important role in cyber security systems, for example in the generation of response plans for security attacks.”

Talal Rajab, head of cyber and national security at industry support organisation TechUK, takes a similar view to Mendes. He believes AI can help companies to simplify and quicken their cyber security strategies.

“AI allows companies to understand their adversaries better, predicting where the next attack may come from and helping them respond to cyber threats and attacks more quickly than they can now,” he says. “Many companies are currently reliant solely on human expertise to detect anomalies. With the current cyber skills shortage, investing in AI can be a crucial tool in addressing the increase in frequency of attacks, both to businesses and individuals.”

Big Business Benefits
Prakash Arunchalam, chief information officer at customer experience management firm Servion, also sees big business benefits in AI-driven security, and says the technology can improve efficiencies among IT and cyber security teams.

“As more and more devices get connected, the challenges of new security risks, is sure to arise, and cyber security experts will need all the help they can get to meet these threats,” says Arunchalam. 
“AI systems are designed to detect even the smallest changes in the environment, and they have the potential to act much faster and fix them. AI will be of tremendous help to identify and analyse such exploits and weaknesses to quickly mitigate more attacks. In 2018, AI-based cyber security technologies will become more mature.”

Joining a new breed of security-conscious businesses, telecoms giant BT is using AI to stay ahead of attackers. Mark Hughes, CEO of the firm’s security arm, explains how BT has developed a new AI-driven method to identify threats and protect its network.

“Our approach is to enable cyber analysts to perform ‘hunting’ for unusual or abnormal patterns in huge amounts of different types of data to find early indicators of cyber-attacks,” he says. 
“Our patented approach is based on ‘intelligence augmentation’, where we train a deep learning network to learn what normal network behaviour is and use data visualisation to present deviation from the normal behaviour to human analysts. Typically, the system is trained to produce tens of anomalies from hundreds of millions of logs.”

With this technology, the company’s 2,500 cyber security experts can get a much deeper insight into threats. Hughes adds: “Once an analyst selects a subset of the anomalies, deeper analysis is performed by the algorithms to determine whether the anomaly points to a real attack or a known vulnerability. In either case, this approach helps analysts deal with much larger volumes of data in a fraction of the time.

“We often refer to this approach of using AI within cyber security as ‘Ironman’ rather than ‘Terminator’, aiming to enhance human detection capabilities rather than replacing them.”  

Jeff Dickerson, CEO at point-of-sale software provider DaySmart, says his company has been using AI security technology from Burning Tree and CyGlass to keep an eye on potential cyber-attacks. He says the growth and complexity of threat “makes it difficult for existing security tools to prevent or even to identify today’s’ attacks”. He adds: “We saw artificial intelligence as a way to assist our security team, by reducing the noise and focusing them on what is a potential threat.

“Using products such as CyGlass, which uses a layered AI approach to search through millions and even billions of network conversations and find anomalous behaviour, gives us the ability to find the needle in the haystack while providing a level of protection that cannot be offered with the security products we have become used to in recent years.”

Eben Upton, CEO and founder of Raspberry Pi, has ploughed money into AI security systems from Darktrace to safeguard his firm’s intellectual property. He says: “Darktrace’s AI technology for cyber defence is a game-changer. It provides us with full visibility into our network, including any connected personal devices, and other weak spots.

“Darktrace is unique in its ability to detect and remediate any emerging cyber threats, including ‘unknown unknowns’ that routinely bypass legacy security tools. It allows us to remain resilient in the face of a rapidly evolving threat landscape, despite a flexible IT policy and a lean security team.”

Transforming Network Security
Eric Ogren, a senior analyst at 451 Research, says the “most promising” area for AI in cyber security is in network security, helping businesses to secure their hybrid cloud infrastructure. 

“There is huge value in AI applied to network security,” he says. “For one, the network is a data source that never lies. What network security sees on the wire is what is actually happening – there is no dependence on untrusted hosts or agents self-reporting their health status.
“So mapping east-west and north-south flows with network traffic analytics provides a good metric for catching threats, streamlining traffic, and thus improving business outcomes. So much of security is looking outward into the dark web. Sandboxing is one example of reacting to what is actually executing in the network.
“Network traffic analytics with AI approaches twists security conventional wisdom to what is actually seen in the business, as opposed to a prior, patterns of everything that can be a security risk. We have seen this with FireEye’s work in establishing sandboxing as a major security category based on actual execution performance. We see similar possibilities for AI in network security.”

If there is one technology that will have a massive impact on the world in the coming years, then AI is definitely it. But it is not just powering smart assistants such as Amazon’s Alexa, it is also becoming a prevalent force in the cyber security industry.

Although businesses need to be mindful that AI is still relatively nascent, there are already many proven possibilities.

Computer Weekly

You Might Also Read: 

Alphabet Launches A Cybersecurity Company - Chronicle:

AI Cyber Attacks Will Be Almost Impossible For Humans to Stop:

AI Can Guess Your Password:
 

« Tackling The Insider Threat: … Where To Start?
Cyber Threats Will Grow With GDPR »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ContentKeeper

ContentKeeper

ContentKeeper provides Web Threat Protection solutions to secure today’s Web 2.0 and mobile centric business environments.

Conix

Conix

Conix offerings include Governance and Risk Management, Auditing and Penetration Testing, Digital Forensics, Managed Security Operations Centre (SOC).

GreatHorn

GreatHorn

GreatHorn offers the only cloud-native security platform that stops targeted social engineering and phishing attacks on communication tools like O365, G Suite, and Slack.

SCADAfence

SCADAfence

SCADAfence offers cutting edge cybersecurity solutions designed to ensure the operational continuity of industrial (ICS/SCADA) networks.

Cybrary

Cybrary

Cybrary is an open-source cyber security and IT learning and certification preparation platform.

Cybersecurity Advisors Network (CyAN)

Cybersecurity Advisors Network (CyAN)

CyAN provides a not-for-profit platform that helps private and public organisations as well as governments to identify trusted advisors in the area of Cyber Security and Cyber Crime.

CERT NZ

CERT NZ

CERT NZ supports businesses, organisations and individuals affected by cyber security incidents, and provide trusted and authoritative information and advice.

ISEC7 Group

ISEC7 Group

ISEC7 Group is a global provider of mobile business services and software solutions. The company was one of the first movers in mobilising company and business processes.

The Legal 500

The Legal 500

The Legal 500 Hall of Fame highlights, to clients, the law firm partners who are at the pinnacle of the profession. Practice areas covered include Data Protection, Privacy and Cybersecurity.

Jandnet Recruitment

Jandnet Recruitment

Jandnet Recruitment is a small specialist company working in the IT sector. We recruit across all IT disciplines including cyber security and digital identity.

PQShield

PQShield

PQShield are specialists in Post-Quantum Cryptography. We provide quantum-secure cryptographic solutions for software, software/hardware co-design and data in transit.

Active Countermeasures

Active Countermeasures

Active Countermeasures believe in giving back to the security community. We do this through free training, thought leadership, and both open source and affordable commercial tools.

TriCIS

TriCIS

TriCIS design and engineer highly secure integrated solutions that meet the highest government and military security standards, providing information assurance to organisations across the globe.

Exodata

Exodata

Exodata is a French digital services company specializing in the outsourcing of IT Systems and solutions.

Lintu Solutions

Lintu Solutions

Lintu Solutions is a trusted provider of comprehensive cybersecurity and enterprise risk management solutions.

Cyber Compliance Watch

Cyber Compliance Watch

Free index and notification of main new cyber security publications (standards and regulations) from agencies and regulators.