AI Will Underpin Cybersecurity

Cybersecurity risks are growing in complexity and volume, but artificial intelligence techniques can help businesses track and fight them in real time.

Cyber criminals continue to launch increasingly sophisticated and devastating attacks on industrial, business and financial organisations around the world, and the damage from such crime could reach $6tn by 2021, according to a report from Cybersecurity Ventures.

It has become clear that organisations cannot simply rely on manpower and human interaction to fight off cyber-attacks. Not only is it time-consuming for employees to spot potential threats, but it is also challenging to come up with security technologies to prevent them. So there are fears that businesses will continue to fall victim to hackers.

As a result, organisations are being forced to consider new ways to boost their cyber defences. Whether it is implementing new cloud strategies or big data analytics, many companies are showing that they can think outside the box when it comes to modernising their IT security defences.

But artificial intelligence (AI) is emerging as the frontrunner in the battle against cyber-crime. With autonomous systems, businesses are in a far better place to strengthen and reinforce cyber security strategies. But does this technology pose challenges of its own?

Large organisations are always exposed to cyber criminals, and so they need appropriate infrastructure to spot and combat threats quickly. James Maude, senior security engineer at endpoint security specialist Avecto, says systems incorporating AI could save firms billions in damage from attacks.

“Although AI is still in its infancy, it’s no secret that it is becoming increasingly influential in cyber security,” he says. “In fact, AI is already transforming the industry, and we can expect to see a number of trends come to a head, reshaping how we think about security in years to come. We might expect to see AI applied to cyber security defences, potentially avoiding the damage from breaches costing billions.”

But Maude believes the use of AI in cyber security is a double-edged sword. While businesses will see the benefits, criminals will also tap into this technology to automate attacks. He says businesses could “see criminals and nation states using innovative AI attacks to do serious harm to everything from companies’ reputations to critical infrastructure”.

Andy Powell, vice-president and head of cyber security at professional services firm Capgemini, agrees that criminals could turn to AI to drive their attacks. “From a hacker’s point of view, AI will power attacks, from automatically generating and launching distributed denial of service(DDoS) attacks via the internet of things (IoT), to rapidly analysing code and system weaknesses before inserting exploitation methods,” he says.

New Opportunities
Based in the UK, RazorSecure is an example of a cyber security company that is capitalising on the potential of AI. It uses AI techniques to recognise attacks targeting the aviation, rail and automotive markets, and is one of nine cyber security firms chosen to take part in GCHQ’s latest Cyber Accelerator. Alex Cowan, CEO at RazorSecure, says AI and deep learning will transform cyber security approaches in the coming years. “Artificial intelligence is a big part of the future of cyber security,” he says. 

“One of the key areas we must solve is how to not only use deep learning for correlation detection, but also causation. Without understanding the ‘why’ behind a cyber security incident, we will always be chasing false positives and lacking the ability to prioritise a growing queue of cyber security incidents.
“Cyber security is a difficult enough problem. We must use AI to bring a new focus and to enhance and improve our ability to manage security of systems. Given the shortage of cyber security professionals and the explosion in IoT and cloud systems, at RazorSecure we are focused on working smarter, not harder. And as an industry, we must stop inflating the scale of the problem.”

Headquartered in Cardiff, Amplyfi is a cutting-edge business that is using AI to transform cyber security research. It has created a learning platform that mines the deep web for key security trends. The company recently completed a project with Harvard University that explored North Korean biological warfare threats. Chris Ganje, CEO at Amplyfi, says: “Artificial intelligence is prevalent across almost every industry and, among other things, is an indispensable tool to help uncover the threat landscape for an organisation.

“In cyber security, AI can automatically identify potentially malicious software behaviour, attack vectors and related anomalies in real time, allowing a continuously adaptive defence mechanism to identify and shut down intrusions faster and easier than ever before.” 
“This technological advancement not only significantly reduces the number of cyber security breaches, but also empowers analysts to better focus their time and speeds up the process to identify breaches from hundreds of days to mere hours.”

Farrpoint, an independent consultancy that advises companies on matters surrounding IT infrastructure, cyber security and connectivity, has also shifted its attention to AI. It has worked with a number of high-profile clients, including Kwik Fit, Total and Clarks, and public sector organisations such as the Scottish government, the NHS and the London Borough of Greenwich. Dan Brown, a cyber security consultant at Farrpoint, says companies can speed up response times by implementing machine learning. 

“Traditionally, identifying a cyber threat would require prior knowledge of the function and source of the threat,” he says. “Machine learning means that technology can adapt and improve, using its learned knowledge to flag up shared characteristics of threats and pre-empt a previously unseen attack.”
“The continual seep of AI into security offerings should help shift the balance of power, giving companies the upper hand, speeding up responses and helping to spot potential problems before they occur. AI is also able to spot, and adapt quickly to, changes in attack methodology.”

Managing complex data
With threats becoming more complicated, cyber security professionals are dealing with a growing influx of data. Alexandra Mendes, a senior lecturer in computer science at Teesside University, believes AI is the answer.

“AI systems and techniques have a big role to play in cyber defence,” she says. “In recent years, with the huge increase in the number of systems and security attacks, the amount of data that cyber security professionals have to process has increased dramatically, to the point where it is impossible to process it manually.
“It is also almost impossible to manually detect patterns in the data that can be used to respond to, or prevent, security incidents. Modern AI techniques, such as machine learning and deep learning, have an important role to play in the analysis of that data. They are particularly useful for predicting attacks and providing response plans.
“In fact, these AI techniques have been used to improve the performance of intrusion detection systems. More classic AI techniques, such as AI planning, still have an important role in cyber security systems, for example in the generation of response plans for security attacks.”

Talal Rajab, head of cyber and national security at industry support organisation TechUK, takes a similar view to Mendes. He believes AI can help companies to simplify and quicken their cyber security strategies.

“AI allows companies to understand their adversaries better, predicting where the next attack may come from and helping them respond to cyber threats and attacks more quickly than they can now,” he says. “Many companies are currently reliant solely on human expertise to detect anomalies. With the current cyber skills shortage, investing in AI can be a crucial tool in addressing the increase in frequency of attacks, both to businesses and individuals.”

Big Business Benefits
Prakash Arunchalam, chief information officer at customer experience management firm Servion, also sees big business benefits in AI-driven security, and says the technology can improve efficiencies among IT and cyber security teams.

“As more and more devices get connected, the challenges of new security risks, is sure to arise, and cyber security experts will need all the help they can get to meet these threats,” says Arunchalam. 
“AI systems are designed to detect even the smallest changes in the environment, and they have the potential to act much faster and fix them. AI will be of tremendous help to identify and analyse such exploits and weaknesses to quickly mitigate more attacks. In 2018, AI-based cyber security technologies will become more mature.”

Joining a new breed of security-conscious businesses, telecoms giant BT is using AI to stay ahead of attackers. Mark Hughes, CEO of the firm’s security arm, explains how BT has developed a new AI-driven method to identify threats and protect its network.

“Our approach is to enable cyber analysts to perform ‘hunting’ for unusual or abnormal patterns in huge amounts of different types of data to find early indicators of cyber-attacks,” he says. 
“Our patented approach is based on ‘intelligence augmentation’, where we train a deep learning network to learn what normal network behaviour is and use data visualisation to present deviation from the normal behaviour to human analysts. Typically, the system is trained to produce tens of anomalies from hundreds of millions of logs.”

With this technology, the company’s 2,500 cyber security experts can get a much deeper insight into threats. Hughes adds: “Once an analyst selects a subset of the anomalies, deeper analysis is performed by the algorithms to determine whether the anomaly points to a real attack or a known vulnerability. In either case, this approach helps analysts deal with much larger volumes of data in a fraction of the time.

“We often refer to this approach of using AI within cyber security as ‘Ironman’ rather than ‘Terminator’, aiming to enhance human detection capabilities rather than replacing them.”  

Jeff Dickerson, CEO at point-of-sale software provider DaySmart, says his company has been using AI security technology from Burning Tree and CyGlass to keep an eye on potential cyber-attacks. He says the growth and complexity of threat “makes it difficult for existing security tools to prevent or even to identify today’s’ attacks”. He adds: “We saw artificial intelligence as a way to assist our security team, by reducing the noise and focusing them on what is a potential threat.

“Using products such as CyGlass, which uses a layered AI approach to search through millions and even billions of network conversations and find anomalous behaviour, gives us the ability to find the needle in the haystack while providing a level of protection that cannot be offered with the security products we have become used to in recent years.”

Eben Upton, CEO and founder of Raspberry Pi, has ploughed money into AI security systems from Darktrace to safeguard his firm’s intellectual property. He says: “Darktrace’s AI technology for cyber defence is a game-changer. It provides us with full visibility into our network, including any connected personal devices, and other weak spots.

“Darktrace is unique in its ability to detect and remediate any emerging cyber threats, including ‘unknown unknowns’ that routinely bypass legacy security tools. It allows us to remain resilient in the face of a rapidly evolving threat landscape, despite a flexible IT policy and a lean security team.”

Transforming Network Security
Eric Ogren, a senior analyst at 451 Research, says the “most promising” area for AI in cyber security is in network security, helping businesses to secure their hybrid cloud infrastructure. 

“There is huge value in AI applied to network security,” he says. “For one, the network is a data source that never lies. What network security sees on the wire is what is actually happening – there is no dependence on untrusted hosts or agents self-reporting their health status.
“So mapping east-west and north-south flows with network traffic analytics provides a good metric for catching threats, streamlining traffic, and thus improving business outcomes. So much of security is looking outward into the dark web. Sandboxing is one example of reacting to what is actually executing in the network.
“Network traffic analytics with AI approaches twists security conventional wisdom to what is actually seen in the business, as opposed to a prior, patterns of everything that can be a security risk. We have seen this with FireEye’s work in establishing sandboxing as a major security category based on actual execution performance. We see similar possibilities for AI in network security.”

If there is one technology that will have a massive impact on the world in the coming years, then AI is definitely it. But it is not just powering smart assistants such as Amazon’s Alexa, it is also becoming a prevalent force in the cyber security industry.

Although businesses need to be mindful that AI is still relatively nascent, there are already many proven possibilities.

Computer Weekly

You Might Also Read: 

Alphabet Launches A Cybersecurity Company - Chronicle:

AI Cyber Attacks Will Be Almost Impossible For Humans to Stop:

AI Can Guess Your Password:
 

« Tackling The Insider Threat: … Where To Start?
Cyber Threats Will Grow With GDPR »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Infinigate UK

Infinigate UK

Infinigate is a value-added distributor of IT security solutions to protect and defend IT networks, servers, devices, data, applications, as well as the cloud.

Malware.lu

Malware.lu

Malware.lu is a repository of malware and technical analysis. The goal of the project is to provide samples and technical analysis to security researchers.

Cybercrypt

Cybercrypt

Cybercrypt is a world leading system provider in robust cryptography. Protecting critical assets, applications and sensitive data.

GreyCastle Security

GreyCastle Security

GreyCastle Security is a leading cybersecurity services provider dedicated exclusively to cybersecurity and the practical management of cybersecurity risks.

Tecnalia Research & Innovation

Tecnalia Research & Innovation

Tecnalia is the largest center of applied research and technological development in Spain, a benchmark in Europe and a member of the Basque Research and Technology Alliance.

Kickstart

Kickstart

Kickstart supports your startup in scaling deep technology businesses in Switzerland in areas such as AI, Blockchain and Cybersecurity.

Aligned Technology Solutions (ATS)

Aligned Technology Solutions (ATS)

ATS manage, monitor, and maintain everything from your network and servers to your workstations and mobile devices, and we do it proactively to eliminate downtime and keep hackers at bay.

Mindmajix Technologies

Mindmajix Technologies

Mindmajix is a live and interactive e-learning platform that offers professional online IT training in areas including cyber security.

Security & Intelligence Division (SID) - Singapore

Security & Intelligence Division (SID) - Singapore

Security & Intelligence Division (SID) protects Singapore from external threats and safeguards its interests in areas related to terrorism, cyber security, other transnational threats, and geopolitics

Prevasio

Prevasio

Prevasio is a next-gen Cloud Security Posture Management (CSPM) with a built-in Vulnerability and Anti-Malware Scan for Containers.

Orpheus Cyber

Orpheus Cyber

Orpheus Cyber provides predictive and actionable intelligence to our clients - enabling them to anticipate, prepare for and respond to the cyber threats they face.

Covenant Technologies

Covenant Technologies

Make Covenant Technologies the only choice for your IT and cybersecurity recruitment needs. We deliver quality candidates at the forefront of the cybersecurity and IT industry.

Nagomi Security

Nagomi Security

Nagomi is changing the way security teams balance risk and defense, empowering customers to focus on what matters now.

IndoSec

IndoSec

IndoSec is an annual cybersecurity summit that powers an in-person gathering of cybersecurity leaders from Indonesia’s major corporations, leading businesses and key government entities.

SECQAI

SECQAI

At SECQAI we create dual-use hardware and software to enable the future of computing.

SecuRedact

SecuRedact

SecuRedact is an AI-powered tool to detect and pseudonymize personal data in text and images. Fast, local, secure, and free to try.