Story image

Bringing a gun to a gunfight: Countering AI-enabled threats

14 Aug 2018

As artificial intelligence gains traction, organisations are beginning to find enterprise use cases for the technology.

At the same time, cybercriminals are also finding ways to weaponise the technology to execute more sophisticated attacks at a higher volume.

A report by the Electronic Frontier Foundation found that there are several characteristics of AI that lend themselves well to being utilised in cyberattacks: namely its scalability, the ability for its algorithms to be rapidly distributed, and its ability to exceed human capabilities.

Using AI to amplify cyber threats

AI-enabled cyberattacks can expand existing threats, introduce new threats, and alter the typical character of threats, allowing attacks to be more versatile, effective, and targeted.

As an example, AI could influence email attacks such as spear phishing to become more automated – and it could even eliminate the need for the attacker to speak the same language as the target.

It could also target malware’s behaviour that it becomes impossible for humans to control in a manual way.

In response, security experts have turned to the same technology that makes them so effective to combat these threats.

Artificial intelligence can reduce human effort and lower the time needed to detect, respond to, and recover from cybersecurity incidents.

One organisation focusing on this area is LogRhythm’s with its AI-enabled security operations centre CloudAI.

The integration of artificial intelligence with it security operations centre was aimed at realising the following outcomes:

  • Discerning patterns of known threats, on a global, geographic, vertical, and company basis and detecting in real time every observed instance going forward.
  • Discerning with security and risk relevancy the behavioural shifts across the IT environment that predict and detect with accuracy an active or emerging threat.
  • Enabling organisations to perform effective threat hunting – augmenting what is today an art few can effectively perform or afford.
  • Eliminating false negatives with a very low false positive frequency, and present alarms with real time risk context in support of detecting and neutralising threats early in the kill chain.

AI in security applications

User and entity behaviour analytics (UEBA) is a perfect application for machine learning as long as the necessary security context is available for understanding the significance of each anomaly.

Gartner defines UEBA as profiling and anomaly detection based on a range of analytics approaches, usually using a combination of basic analytics methods.

Machine learning can make UEBA considerably more effective for the following reasons:

• Machine learning can handle the volumes of data to be analysed and the environment to be understood. This includes being able to incorporate many types of data sets, from network traffic patterns and application data to records of user authentication attempts and user access to sensitive data.

• Machine learning-driven UEBA is well suited for identifying “qualified” threats—those that are legitimate and require action. Machine learning can take many more factors into consideration than humans can when looking at potential threats, and it can do so in near real time.

UEBA is only one example of the possible applications of artificial intelligence in cybersecurity.

The same characteristics that make it an efficient tool for executing cyber attacks – scalability, versatility, and efficiency at processing large amounts of data in a short time – also make it effective for threat detection, threat response, and against insider threats. 

See how you can detect and stop an insider threat with LogRhythm CloudAI with UEBA.

Microsoft urges organisations to tackle data blindspots
Despite significant focus placed on CX transformation, over a third of Australian organisations claimed that more than one in five of their projects failed.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Renesas develops 28nm MCU with virtualisation-assisted functions
The MCU features four 600 megahertz CPUs with a lock-step mechanism and a large 16 MB flash memory capacity.
DOCOMO ranked world's top mobile operator in 5G SEP applications
NTT DOCOMO has been ranked the world's leading mobile operator in terms of applications for candidate standard-essential patents.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.
Gartner’s top 10 data and analytics trends for 2019
Data is the fuel for the modern world, and analytics the engine. Gartner has compiled the top 10 trends to watch this year.
How CIOs can work with colleagues to drive new competitive advantages
"If recent history has taught us anything, it’s that the role of the CIO is always changing, and that it won’t stop changing anytime soon."