Cognitive Security AI Driven Cyber Security
Tuesday, March 5, 2019
Tuesday, March 5, 2019
The term Artificial Intelligence (AI) collectively refers to a set of intuitive technologies like natural language processing (NLP), machine learning, and data science. These technologies are capable of performing tasks usually attributed to humans, emulating cognitive abilities like learning from experience and using it to consistently improve performance.
With AI constantly evolving and acquiring advanced deep learning capabilities, machines are becoming increasingly adept at learning how to recognize patterns and create models to help them perform a diverse range of tasks.
While it has several potential use-cases in enterprises, one of its most crucial applications has emerged in the realm of IT and cyber security. AI has the ability to not only add value to an organization’s operations, but also significantly augment human functions pertaining to threat monitoring, detection, and response.
Artificial intelligence is changing the game for cybersecurity, analyzing massive quantities of risk data, to speed response times and augment the capabilities of under-resourced security operations. As cyberattacks grow in volume and complexity, artificial intelligence (AI) is helping under-resourced security operations analysts stay ahead of threats. Curating threat intelligence from millions of research papers, blogs and news stories, AI provides instant insights to help you fight through the noise of thousands of daily alerts, drastically reducing response times.
AI technologies like machine learning and natural language processing enable analysts to respond to threats with greater confidence and speed.
Learn - AI is trained by consuming billions of data artifacts from both structured and unstructured sources, such as blogs and news stories. Through machine learning and deep learning techniques, the AI improves its knowledge to “understand” cybersecurity threats and cyber risk.
Reason - AI gathers insights and uses reasoning to identify the relationships between threats, such as malicious files, suspicious IP addresses or insiders. This analysis takes seconds or minutes, allowing security analysts to respond to threats up to 60 times faster.
Augment - AI eliminates time-consuming research tasks and provides curated analysis of risks, reducing the amount of time security analysts take to make the critical decisions and launch an orchestrated response to remediate the threat.
Triaging - AI will minimize false positives. It will augment rules-based detection systems with the machine learning methods of clustering, pattern matching, association rules, and data visualization. Using these methods, AI will quickly filter out the most relevant alerts to present human analysts to investigate further while reducing both false positives and false negatives within an increased flood of alerts.
Threat Hunting - AI will continuously comb through all system data in search of recurrent patterns, anomalous behavior, and other outliers to present to human threat hunters for further investigation. SIEM will utilize AI to analyze network data, netflow, proxy, DNS, packets. User behavior analytics products will apply machine learning on user data. End point threat analytics (EDR) products will do the same with end point data to detect advanced malware. And AI will detect application attacks and fraud using RASP agents.
Incident Analysis/Investigation - In the event of an attack, AI will increasingly answer what happened to the asset (the attack’s impact), who the attackers were, what were the past sequence in the attack chain on the asset, what was the attack’s blast radius (including which other assets were part of the attack), and who was patient zero (where the attack originated). AI will mine past alerts, network and asset information, security logs, and other relevant data to uncover clusters, associations, and patterns to present human investigators in a concise manner.
Threat Anticipation - AI will automate the collection of machine readable external threat intel data, and increase the accuracy and fidelity of this data for each organization’s specific context. AI will also be able to collect and apply text analytics and natural language processing to human-readable data with relevant threat information-including blogs, forums, social media, and the dark web-to narrow human threat analysts’ daily research load.
Incident Response - AI techniques such as knowledge engineering and case-based reasoning will be used to create playbooks that guide incident responders on what to do in the event of an incident. AI will review previous incidents and codified knowledge from experts, and it will continuously modify or create new branches in the main playbook as it learns from new incidents.
Considering the rate of data generation and digital adoption, it is imperative that organizations have the security tools defend themselves against sophisticated threats. To achieve this, CISOs must begin investing in AI-driven solutions, as well as towards strong human-machine collaborations in the context of enterprise security – right away!
For CISOs, integrating AI into their enterprise security framework through solutions such as Managed Detection and Response (MDR) can deliver substantial benefits which conventional security mechanisms simply cannot. That’s because an MDR solution not only monitors systems and responds to attacks, but also proactively hunts for threats, analyses multiple incidents in depth, and anticipates similar threats that may arise in the future. More importantly, it does all of this in real-time to protect enterprise systems and sensitive data from threats and attacks, 24×7.