Using Artificial Intelligence in Cybersecurity

The problem with cybersecurity it that an attacker only needs to exploit a single vulnerability, while a defender needs to protect everything.  Defense has evolved from perimeter defense, to defending all endpoints, to adding automated detection and prevention appliances, to universal threat management that looks at not just north/south traffic passing through the Internet gateway, but also east/west traffic across the LAN between devices.  This is called “defense in depth.”

Cybersecurity continues to evolve.  One of the hopeful trends is the use of artificial intelligence and machine learning to detect attacks and intrusions, and mount a defense more quickly.  This may help turn the tables against attackers and reduce or even end the advantage that attackers have held over defenders.

Computers are great at tasks that humans are bad at.  For instance if you have ever had to look through a security log for information about a breach, you know this is a task you really want to turn over to a machine that has the speed and processing power to separate the desired information form the thousands of events in the log.  A human, on the other hand, is better at the actual analysis of this information.  Artificial intelligence and machine learning show promise to make this sort of information crunching even more useful.  Cybersecurity areas where AI is being tested include:

  • Discovering zero-day vulnerabilities and attacks – AI is being used not just to find and identify the vulnerabilities, but also to patch or defend them.
  • Threat intelligence – Extracting tactical and strategic trends from a multitude of information sources, and using the information to formulate new defenses.
  • Pivoting – Adapting to an adversary’s tactics and techniques and successfully defending against active exploits and attacks.
  • Learning – Using the information gained from individual incidents and creating policies, rules, and defensive tactics to prevent attacks from working a second time.

Artificial intelligence will become an important and increasing part of the software and hardware tools and appliances that businesses will be using to secure their networks and information and prevent attackers from gaining  their objectives.

More information:

 

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment