AI Driven Cybersecurity Gives Companies A Fighting-Chance

Cyber threats regularly overwhelm traditional security solutions. It’s growing clear that artificial intelligence and machine learning is the safest path to lock down data and protect the enterprise.

The amount of information that we have to pour through in order to identify threats and vulnerabilities and ongoing attacks is growing non-linearly, says Fernando Maymi, Ph.D., CISSP, a security practitioner with over 25 years’ experience in the field for both government and private sector organisations in the US and abroad.

“What AI fundamentally does is give us a fighting chance,” Maymi says.

The New Face of Threats

Maymi first became a passionate cyber-security advocate, decades ago, when as part of a government project looking at creating the next generation of wearable computing devices for soldiers, he realised there was no way to prevent an adversary from intercepting any communications. The project was ultimately cancelled till it was entirely reimagined some time later to manage for the risk.

And today we see similar threats in the civilian sphere, with the rise of nation state attacks against companies that may not seem like logical targets. The OPM attack in 2015 perhaps makes sense, since hackers were going after security information for people who held clearances.

But the Anthem, Marriott, and Equifax hacks that followed have come as a surprise to many, and smaller organisations that aren’t making headlines are being attacked by nation states as well. The long game, Maymi says, is complicated, and kind of terrifying.

“For the most part, it’s all about some of our adversaries building some very detailed files on everybody in our country,” he explains. “You never know who’s going to be in a position of prominence later on, and they may have something in their background that can be used as leverage, whether maliciously or simply to manipulate their opinions, as we’ve seen in the influence campaigns recently.”

These attacks are not letting up, making cybersecurity a top-line concern for companies of every size.

The AI Advantage

AI techniques like machine learning, neural networks, and statistical methods are exceptionally good at finding a very specific thing, or a very specific set of things, Maymi says, pointing at spam filters as an example.

But you’ll find that while AI is very good at point solutions, it’s not quite as good at looking holistically at an organisation and telling you what a bad guy is going to do next (or even what they’re doing now) looking at broader patterns of behavior, and determining the intent of an adversary, figuring out why they’re aiming for a specific objective, and how.

While armed with hindsight, any of the companies that have experienced a headline-grabbing breach could have built an AI system to detect the threat, it wouldn’t have been particularly difficult, he says. But the issue is that you have to tell it what you want it to look at.

“Could they have built that AI system?” he asks. “Yes, but they would have had to have a reason to do it. They would need to have known what the threat is. Our risk management efforts, which of course rely heavily on threat modeling and threat assessments, are not where they need to be. A lot of these companies wouldn’t have had the motivation, the foresight.”

The underlying problem for a lot of organisations is they have no idea what their level of risk is, Maymi says.

Adding Risk Management

“There is strong evidence that the organisations that take risk management seriously, that follow through, see dramatic returns on their investment,” he adds.

Some mature organisations go deep in quantifying their risk and then taking deliberate actions to mitigate that risk to an acceptable level, but most organisations don’t go through this process.

The vast majority of organisations that even look at risk management do so in the context of satisfying some regulatory or insurance requirements. And once you get that stamp of approval, it stays on a shelf.

“I’ve talked to tons of people in the security world and asked, can you talk me through your risk management process?” he says. “They say, ‘I didn’t know we had one. I think somebody’s doing that, but it’s never involved me.’ That underscores the importance of bringing everyone to the conversation who should be in there.”

A robust risk management process requires an honest assessment of the threats to your systems, those you’re facing and those you could potentially face. Then looking at what you know about these threats, you model them, looking at what they could do against your systems, and how bad actors would try to get in.

“This is not just about technology,” he says. “What things do you put in there to prevent an attack? But also, what techniques do you put in there to detect that an attack is ongoing? AI can help you do a very targeted search for the events that are going on in your network, but you have to know what to look for.”

The last piece is ensuring that there are effective response systems in place. You have to prepare yourself, rehearse your own internal response procedures, but you also have to think about what dependencies exist between your entities and other entities, your security might be up to speed, but if you do business with a company that’s just hanging out in the breeze, it becomes an attack vector into your organisation.

Tackling an Incident, the Right Way!

Your incident response plan has to be tied to business objectives and the business in general. A big problem, Maymi says, is when security policies and incident response plans don’t take the organisation into account, and then the organisation rehearses its incident response plans with just the security people in the room.

“Security professionals get paid to keep the business doing whatever it is that the business is doing,” he says. “If it’s a commercial entity, that’s making money. If it’s a government entity, it’s serving citizens. That’s our job. If we’re able to look beyond the technology and into what our organisations are intended to be doing, our job is to ensure that the organisation continues doing that.”

You have to bring in business people, he explains, come up with exercise scenarios that involve the business’s bottom line, whatever that may be, and then you need whomever is impacted by a threat to the bottom line in the room to ensure your response plan is robust enough and protects the pieces of the business that need to be protected without threatening or undermining business as usual.

Your Secret Security Weapon

“It all boils down to people,” Maymi says. “Who is on our team that’s helping us fight the adversaries? What are their strengths and weaknesses? How do we offset those? Who do we need to give the time to get smart about AI? Where are our blind spots and how do we mitigate them?”

And then once you have your team figured out, and you have a well-running engine there, you look more broadly. What is the organisational team? What are the user behaviors that I need to be concerned about? What are we trying to do as an organisation? What are the goals I’m supposed to support?

And then you look beyond that, even, looking at what you need to do to grow your network so that when you face a difficult issue, you know who to go to for help.

Perhaps you don’t have the resources to build a data science or AI cell within your shop, but you have a connection at another company who does that kind of work, and you can talk to them about the challenges you’re facing to get some insight and ideas on how to address them.

“The first step is to look inwardly,” he says. “And then based on what we find, look outward and say, how do I need to grow my network? How do I need to grow my team? How do I get better?”

VentureBeat:

You Might Also Read:

AI For Cyber - You Don’t Need To Know The Threat, Just The Network:

 

 

« Personal Cyber Insurance Market Could Be Worth $3B by 2025
Facebook Is Moving Fast To Get Into Blockchain »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

E-Tech

E-Tech

E-Tech has been providing system support and information technology consulting services including Internet and Network Security assessments.

K2 Integrity

K2 Integrity

K2 Integrity is a preeminent risk, compliance, investigations, and monitoring firm - built by industry leaders to safeguard our clients’ operations, reputations, and economic security.

Centurion Information Security

Centurion Information Security

Centurion Information Security is a consulting firm based in Singapore that specialises in penetration testing and security assessment services.

Tempest

Tempest

TEMPEST is a leading provider of IT products and services including solutions for network and application security.

Uhuru Corp

Uhuru Corp

Uhuru offers a wide variety of IoT products and solutions including enebular® IoT Orchestration Service.

Genians

Genians

Genians provides the industry’s leading Network Access Control (NAC) solution, which ensures full visibility of all IP-enabled devices regardless of whether they are wired, wireless, or virtual.

US Secret Service

US Secret Service

The US Secret Service has a pivotal role in securing the nation’s critical infrastructures, specifically in the areas of cyber, banking and finance.

DivvyCloud

DivvyCloud

DivvyCloud protects your cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges.

OISTE Foundation

OISTE Foundation

OISTE foundation allows users to control their digital identities using well-understood and secure algorithms that ensure the continued validity of an identity and its claims.

TrustGrid

TrustGrid

Trustgrid is a pioneer and leader in secure, cloud-native software-defined connectivity.

National Cyber Coordination & Command Centre (NC4) - Malaysia

National Cyber Coordination & Command Centre (NC4) - Malaysia

NC4 is established as a center for dealing with cyber threats and crisis at the national level in Malaysia.

HolistiCyber

HolistiCyber

HolistiCyber provide state-of-the art consulting, services, and solutions to help proactively and holistically defend against a new era of constantly evolving cyber threats.

Air IT

Air IT

Air IT are a responsive, client-focused and award-winning Managed Service Provider, helping clients achieve success and transformation through their IT and communications.

Debevoise & Plimpton

Debevoise & Plimpton

Debevoise & Plimpton LLP is a premier law firm with market-leading practices in areas including Data Strategy & Security.

Think|Stack

Think|Stack

Think|Stack is a managed IT services company specializing in cloud and cybersecurity with human-centered design.

Park Place Technologies

Park Place Technologies

Park Place Technologies' mission is to drive uptime, performance and value for critical IT infrastructure.

Abissi

Abissi

Abissi offer cyber intelligence, IoT security, automotive security, red teaming, application security and artificial intelligence security services, with a focus on security by design.

Assura

Assura

Assura provides innovative cybersecurity advisory and managed services to all industries including government, healthcare, financial, manufacturing, and transportation sectors.