Blog

Impact Of Artificial Intelligence On Cyber Security

Andrew Ochse Nov. 26, 2020
Follow Digital14 thought leaders, news, and alerts.
LinkedIn
Twitter
RSS

The adoption of machine learning and basic artificial intelligence has been accelerating over the last few years on both sides of the cybersecurity frontline. 

The adoption by cybercriminals and nation-state threat actors in using automated systems with elements of artificial intelligence built-in has increased drastically. In fact, I saw my first machine learning adaptive attack in late 2018, and this shed light on what the future held for cybersecurity professionals, and the evolution of advanced attacks. Future attacks will have the ability to adapt to mitigation and remediation actions in an attempt to achieve their goal of breaching and exfiltration. The attacks were/are relentless compared to human-derived attacks, continuing for several weeks without respite and no or little time to regroup. In contrast, typical human-based attacks would favour a low and slow stealth penetration, even in the case of syndicated attacks. The automated machine learning attacks are like being hit by an avalanche of scans and exploits. As quickly as you would block one set of attackers, the next group of bots would fire up and continue the attack.

To counter these types of threats, the adoption of machine learning and basic artificial intelligence in cyber security products has increased significantly, especially in the following technologies:

  • Endpoint detection and response (EDR)

  • Managed detection and response (MDR)

  • User and Entity Based Analytics (UEBA)

  • Network Anomaly Detection

  • Intrusion Prevention Systems (IPS)

  • Endpoint Protection and Antivirus

  • Security Incident and Event Management (SIEM)

  • Security Orchestrations, Automation and Response (SOAR) 

Therefore, CISOs do not have to go out and explicitly deploy artificial intelligence and machine learning technologies, since a number of the leading cyber technologies already have these capabilities built-in and are improved continuously. Interestingly, at least from my point of view, AI/ML have become extremely powerful, from an attack detection point of view, when technologies are deployed together as part of a single vendor ecosystem. Several large cybersecurity vendors have created some extremely comprehensive ecosystem, but none of them yet deployed all of the critical technology pillars to provide a single comprehensive ecosystem that covers everything. 

The other challenge facing cybersecurity decision-makers is the cost of investing in these ecosystems can be high and not all the point products are best-of-breed or at the same level of maturity. That said, these ecosystems do provide an additional level of correlation and machine learning within their management and analytics consoles, which leverages the strengths of the individual components to produce results by using machine learning and basic AI to deliver a useful detection capability. 

The aforementioned technology does not address the full scope of the problem when dealing with rapidly evolving automated advanced threat actors (AATA). This is where the next generation of managing security service providers (MSSP’s) are advancing. They are leveraging multi-tenanted data lakes to run near real-time machine learning algorithms coupled with advance decision analysing algorithms to identify the Rare Events and Artefacts in the massive volume of log data. This points to otherwise undetectable indicators of a potential breaches. The trend is definitely towards machine aided analytics, with a shift away from traditional correlation rules towards algorithms that are able to sift through vast lakes of log data to identify what even a thousand analysts looking at the data would not be able to pick up. 

In conclusion, Industry Growth Insights (IGI) recently published a report on the Artificial Intelligence (AI) in Cyber Security market, investigating what the various vendors were doing around artificial intelligence. And, the reality is that even the antivirus currently running on your home PC is already got some artificial intelligence built-in. What this means is that cybersecurity professionals are going to have embrace artificial intelligence in every aspect of their profession and develop a deep understanding of the technologies to ensure that it is effectively deployed with the correct diligence and care. 

To learn more, visit Digital14.com today.