Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, security includes both cybersecurity and physical security.
Ensuring cybersecurity requires coordinated efforts throughout an information system. Elements of cybersecurity include:
- Application security
- Information security
- Network security
- Disaster recovery / business continuity planning
- Operational security
- End-user education
Barclays Africa is beginning to use AI and machine learning to both detect cybersecurity threats and respond to them. “There are powerful tools available, but one must know how to incorporate them into the broader cybersecurity strategy,” says Kirsten Davies, group CSO at Barclays Africa.
For example, the technology is used to look for indicators of compromise across the firm’s network, both on premises and in the cloud. “We’re talking about enormous amounts of data,” she says. “As the global threat landscape is advancing quite quickly, both in ability and collaboration on the attacker side, we really must use advanced tools and technologies to get ahead of the threat themselves.”
AI and machine learning also lets her deploy her people for the most valuable human-led tasks. “There is an enormous shortage of the critical skills that we need globally,” she says. “We've been aware of that coming for quite some time, and boy, is it ever upon us right now. We cannot continue to do things in a manual way.”
The bank isn’t alone. San Jose-based engineering services company Cadence Design Systems, Inc., continually monitors threats to defend its intellectual property. Between 250 and 500 gigabits of security-related data flows in daily from more than 30,000 endpoint devices and 8,200 users -- and there are only 15 security analysts to look at it. "That's only some of the network data that we're getting," says Sreeni Kancharla, the company's CISO. "We actually have more. You need to have machine learning and AI so you can narrow in on the real issues and mitigate them."
Cadence uses these technologies to monitor user and entity behavior, and for access control, through products from Aruba Networks, an HPE company. Kancharla says that the unsupervised learning aspect of the platform was particularly attractive. "It's a changing environment," he says. "These days, the attacks are so sophisticated, they may be doing little things that over time grow into big data exfiltration. These tools actually help us."
Even smaller companies struggle with the challenge of an overload of security data. Daqri is a Los Angeles-based company that makes augmented reality glasses and helmets for architecture and manufacturing. It has 300 employees and just a one-person security operations center. "The challenge of going through and responding to security events is very labor-intensive," says Minuk Kim, the company's senior director of information technology and security.
The company uses AI tools from Vectra Networks to monitor traffic from the approximately 1,200 devices in its environment. "When you look at the network traffic, you can see if someone is doing port scans or jumping from host to host, or transferring out large sections of data through an unconventional method," Kim says.
The company collects all this data, parses it, and feeds it into a deep learning model. "Now you can make very intelligent guesses about what traffic could potentially be malicious," he says.
Eleifend auctor turpis magnis sed porta nisl pretium. Aenean suspendisse nulla eget sed etiam parturient orci cursus nibh. Quisque eu nec neque felis laoreet diam morbi egestas. Dignissim cras rutrum consectetur ut penatibus fermentum nibh erat malesuada varius.
When you think of AI (artificial intelligence), the first thought you may have is in regards to games, recreation, and futuristic robots. After all, AI is the next big thing in virtual video games, taking "reality" to a whole new level. However, AI is so much more than that. There has been a lot of hype about AI in the last couple of years. Again, most of it in the form of promises of faster answers, better outcomes, and improved productivity. From advanced machine learning and intelligent apps to digital twins and conversational systems, AI is just breaking out of an emerging state with substantial disruptive potential across all industries, says Gartner. Please don't misunderstand, there have been many examples of advancements in various industries with AI algorithms from predictive analytics in healthcare to cognitive science.
However, a lot of AI development is being spent in the cyber security space, as well it should with the advent of ransomware, sophisticated malware and the like. All the top technology companies are spending millions each year on AI and cyber security -- from Microsoft to Google, from Cisco to Symantec, including the big name anti-virus companies. However, in the last few years, there has been an increase in startups around security tools that tout machine learning and AI (Darktrace, Cylance, AlienVault, etc.). You can look at this trend by checking out Gartner's Top 10 Strategic Technology Trends for 2017, 2016, and 2015.
Robust security strategies are critical
While there is no "silver bullet" when it comes to protecting your company's network (at least not yet), it is important to have a robust, multi-layered security strategy. Unfortunately, those who are becoming most advanced when it comes to AI in terms of security are the ones on the offensive: cyber criminals, says Banking Technology. The way to combat these criminals is to escalate AI defenses. However, nothing is fool proof. There's not enough manpower in the world to make sure networks are 100% secure 100% of the time, especially with the prevalence of a cloud-based infrastructure.
Solid products, knowledgeable technical staff, and end-user training go hand-in-hand. This should include social engineering training and the use of AI/machine learning in your environment. As an example, on top of your traditional firewall and IPS (Intrusion Prevention System), add an industry-proven endpoint monitoring system, preferably one that uses machine learning to identify and prevent bad code from executing. Then, add a tool that gives you a holistic view of your entire network in real time that identifies advanced threats, including those stealthy, unconventional, silent attackers. Be sure that your end-user security training is inclusive, given regularly, and updated often as trends change around social engineering and phishing.
Additional risks in the healthcare realm
The risks with cyber security aren't just financial, although that aspect can certainly be devastating. We've all heard the stories of major retailers and credit card companies getting hacked for stolen account numbers and sensitive private information. However, the threat goes beyond that into the very realm of life and death. We're talking specifically about the healthcare industry. Whereas cyber attackers in years past have struck quickly and loudly as part of a virtual sneak attack, today's cyber criminals are taking it much more slowly and methodically. The focus now is not just on stealing the data, but altering that data without detection, according to CNBC.
Thus, long-term consequences can be devastating, as companies and healthcare providers attempt to isolate the altered data and determine which information is real and which is fake. This can have life-altering effects. For example, electronic medical records that are altered without the knowledge of doctors and nurses means critical misdiagnoses can adversely affect patients' health and indeed lives. This is why healthcare is just as important as the financial industry when it comes to cyber security, and all the more reason to leverage AI.
In response, many security tech companies are trying to embrace more technologically-advanced ways of protecting important data. At the heart of these developing tools are an advanced algorithm that can adapt and learn normal patterns of life for every user and device in a network and find anomalies. One popular system is modeled after the human immune system, this technology mimics how the body can quickly identify and respond to all of the foreign threats it encounters every single day.
Threat detection advances
Threat detection is certainly a main focus of today's AI and machine learning technology push. Not only can it monitor human behavior, it can detect things that aren't quite right and sound an alert. Lately, big data -- the ability to collect, monitor and analyze ever-increasing volumes of data -- has been deployed in the ongoing battle to stay one step ahead of hackers and malicious actors (anyone from disgruntled customers to spying governments), points out Forbes. While big data can be a good starting point for decreasing cyber threats, inevitably a machine learning strategy will need to follow. And that's what we're seeing: advanced analytics and cutting-edge technology trying to tackle vast streams of data available via company networks, the Internet, and connected machines.
Right now, there's a battle of wills going on: the cyber attackers vs. everybody else. The winner will be the one with the control. AI is emerging as a tool to capture that control.