Artificial Intelligence in Cybersecurity - usm systems

Category: Entertainment

Presentation Description

No description available.


Presentation Transcript

slide 1:

10/4/2019 Artificial Intelligence in Cybersecurity - usm systems - Medium 1/7 Articial Intelligence in Cybersecurity usm systems Jul 21 · 8 min read AI has made some inroads in the cybersecurity sector and several AI vendors claim to have launched products that use AI to help safeguard against cyber threats. At Emerj we’ve seen many cybersecurity vendors offering AI and machine learning-based products to help identify and deal with cyber threats. Even the Pentagon created the Joint Artificial Intelligence Center JAIC to upgrade to AI-enabled capabilities in their cybersecurity efforts. In this article we list out some of the more common use-cases for AI in cybersecurity where there has been some evidence of real-world business use. Specifically we cover: AI for Network Threat Identification AI Email Monitoring AI-based Antivirus Software

slide 2:

10/4/2019 Artificial Intelligence in Cybersecurity - usm systems - Medium 2/7 AI-based User Behavior Modeling AI For Fighting AI Threats We begin our analysis of AI in the cybersecurity space with an explanation for why AI is such a good fit for cybersecurity. The Natural Fit for Artificial Intelligence in Cybersecurity For a business safeguarding their data network security is critical and even small data centers might have hundreds of applications running each of which needs to have different security policies enforced. Human experts might take several days to weeks to fully understand these policies and make sure the security implementation is successful. Cybersecurity inherently involves repetitiveness and tediousness. This is because identification and assessment of cyber threats require scouring through large volumes of data and looking for anomalous data points. Companies can use the data collected by their existing rules-based network security software to train AI algorithms towards identifying new cyberthreats. Understanding the consequences of the attack and the response needed from the company also requires further data analysis. AI algorithms can be trained to take certain predefined steps in the event of an attack and over time can learn what the most ideal response should be through input from cybersecurity subject-matter experts. Human security experts cannot match the speed and scale at which AI software can accomplish these data analysis tasks. Additionally AI-based cybersecurity data analysis software can complete the task with consistently higher accuracy than human analysts. Large-scale data analysis and anomaly detection are some of the areas where AI might add value today in cybersecurity. Many cybersecurity intrusions usually operate over the enterprise network monitoring the data going in and out of the network is one way to detect cybersecurity threats. Monitoring each ‘packet’ of data that is part of the enterprise networks communications is almost impossible for human analysts to monitor accurately.

slide 3:

10/4/2019 Artificial Intelligence in Cybersecurity - usm systems - Medium 3/7 Machine learning-based software can potentially use multiple techniques such as statistical analysis keyword matching and anomaly detection to determine if a given packet of data is different enough from the baseline of data packets used in the training dataset. All of this seems to indicate that artificial intelligence is now starting to be seen as an effective tool to gain serious advantages against fraudsters and hackers. AI for Network Threat Identification Enterprise network security is critical for most companies and the hardest part about establishing good network cybersecurity processes is understanding all the various elements involved in the network topography. For human cybersecurity experts this means time-consuming work in tracking all the communications going in and out of the enterprise network. Managing the security of these enterprise networks involves identifying which connection requests are legitimate and which are attempting unusual connection behavior such as sending and receiving large volumes of data or having unusual programs running after connection to an enterprise network. The challenge for cybersecurity experts lies in identifying which parts of an application whether on the web mobile platforms or applications that are in development or testing might be malicious. Identifying the malicious applications amongst thousands of similar programs in a large-scale enterprise network requires enormous amounts of time and human experts are not always accurate. AI-based network security software can potentially monitor all incoming and outgoing network traffic in order to identify any suspicious or out of the ordinary patterns in the traffic data. The data in question here is usually too voluminous for human cybersecurity experts to accurately classify threat incidents. In a real-world example the startup ShieldX Networks claims they use AI to speed up the process of identifying which security policies are applicable for each application. In addition the company claims its software can study the network communications data for each application over a period of time and then generate suggestions for security policy for that application.

slide 4:

10/4/2019 Artificial Intelligence in Cybersecurity - usm systems - Medium 4/7 Apart from this in the banking sector AI vendors such as now acquired by eSentire offer enterprise cybersecurity AI software that uses anomaly detection to identify network security threats. The company claims its software can help financial firms and banks with adversary detection and cybersecurity threat management. AI vendor now acquired by eSentire offers enterprise cybersecurity AI software called the VSE Versive Security Engine which they claim can help banks and financial institutions analyze large datasets of transactions and cybersecurity-related data using machine learning. Versive claims banks NetFlow network protocol developed by Cisco for collecting IP traffic information and monitoring network traffic proxy DNS data computer network data as inputs to the Versive Security Engine. The software can then monitor enterprise networks using anomaly detection to alert human officers in case of deviations in the data that might be similar to events in past cyber threats. AI Email Monitoring Enterprise firms understand the importance of monitoring email communications in order to prevent cybersecurity hacking attempts such as phishing. Machine learning- based monitoring software is now being used to help improve the detection accuracy and the speed of identifying cyber threats. Several different AI technologies are being used for this use-case. For instance some software use computer vision to “view” emails to see if there are features in the email that might be indicative of threats such as images of a certain size. In other cases natural language processing is used to read through the text in emails coming in and going out of the organization and identify phrases or patterns in text that are associated with phishing attempts. Using anomaly detection software can help identify if the email’s sender recipient body or attachments are threats. This use-case again highlights AI’s strengths with large scale data analysis. It is not difficult for a human employee to read through an email and identify suspicious features but doing so for millions of emails sent and received within large organizations on a day-to-day basis is simply impossible. AI software can instead read through all the

slide 5:

10/4/2019 Artificial Intelligence in Cybersecurity - usm systems - Medium 5/7 incoming and outgoing emails and report the most likely cases of cybersecurity threats to security personnel. For instance claims to provide email monitoring AI software that can help financial firms prevent misdirected emails prevent data breaches and phishing attacks. The company’s software likely uses natural language processing and anomaly detection in different steps in order to identify which emails are likely cybersecurity threats. AI-based Antivirus Software Traditional antivirus software functions by scanning files on an enterprise network to see if any of them match the signature of known malware or viruses. The problem with this approach is that it is dependent on security updates for the antivirus software when new viruses are discovered. Additionally this method makes traditional antivirus software slow in terms of real-time threat detection and makes deploying a scalable system challenging. In contrast AI-based antivirus software in many cases uses anomaly detection to study program behavior. Antivirus systems using AI focus on detecting unusual behavior generated by programs rather than matching signatures of known malware. While traditional antivirus software works well for threats that have been previously encountered and identified through its public signature new threats are not easily detected and resolved by these types of software. Steve Grobman SVP at McAfee claims that most traditional antivirus software can achieve a 90 threat detection rate. The added advantage that AI brings to the table in this use-case is in increasing the threat detection rate to even 95 or above. Cylance which was acquired by Blackberry claims their Smart Antivirus product offering uses AI to predict detect and respond to cybersecurity threats. The company claims that unlike traditional antivirus software Cylance’s AI-enhanced Smart Antivirus does not need virus signature updates but rather learns to identify patterns that indicate malicious programs from scratch over time. AI-based User Behavior Modeling

slide 6:

10/4/2019 Artificial Intelligence in Cybersecurity - usm systems - Medium 6/7 Some types of cybersecurity attacks on enterprise systems can compromise specific users in the organization by taking over their login credentials without their knowledge. Cyberattackers who have stolen a user’s credentials can gain access to an enterprise network through technically-legitimate means and are thus hard to detect and stop. AI- based cybersecurity systems can be used to detect a pattern of behavior for particular users in order to identify changes in those patterns. In doing so they can alert security teams when that pattern is broken. AI vendors such as offer cybersecurity software that they claim to use machine learning to analyze raw network traffic data to understand the baseline of what normal behavior is for each user and device in an organization. Using training datasets and inputs from subject-matter experts the software learns to identify what constitutes a significant deviation from the normal baseline behavior and immediately alert the organization to cyber threats. AI For Fighting AI Threats Companies need to improve the speed at which they detect cyber threats because hackers are now employing AI to potentially discover points of entry in enterprise networks. Thus deploying AI software to guard against AI-augmented hacking attempts might become a necessary part of cybersecurity defense protocols in the future. In the past couple of years companies around the world have succumbed to cyber threats and ransomware attacks such as WannaCry and NotPetya. These types of attacks spread rapidly and affect a large number of computers. It’s likely that the perpetrators of these types of attacks might use AI technology in the future. The advantage that AI could give these hackers is similar to what AI offers in businesses: rapid scalability. Cybersecurity Vendor Crowdstrike claims its security software Falcon Platform uses AI to guard against such ransomware threats. The software reportedly uses anomaly detection for end-point security in enterprise networks. The video below demonstrates how the software works: The Future of AI in Cybersecurity AI-use in cybersecurity systems can still be termed as nascent at the moment. Businesses need to ensure that their systems are being trained with inputs from cybersecurity

slide 7:

10/4/2019 Artificial Intelligence in Cybersecurity - usm systems - Medium 7/7 experts which will make the software better at identifying true cyber attacks with far more accuracy than traditional cybersecurity systems. Businesses need to understand that these systems are only as good as the data that is being fed to them. AI systems are usually famously touted to be “garbage in garbage out” systems and a data-centric approach to AI projects is necessary for continued success. The one challenge for companies using purely AI-based cybersecurity detection methods is to reduce the number of false-positive detections. This might potentially get easier to do as the software learns what has been tagged as false positive reports. Once a baseline of behavior has been constructed the algorithms can flag statistically significant deviations as anomalies and alert security analysts that further investigation is required. Cybersecurity applications are among the most popular AI applications today. This is in large part due to the fact that these applications rely on anomaly detection which machine learning models are very well suited for. Additionally most large businesses might already have existing cybersecurity teams product development budgets and IT infrastructure to handle large amounts of data. Want to know more about AI services then have a free consultation for USM systems Cybersecurity Articial Intelligence Machine Learning Ai Services Ai Solution About Help Legal

authorStream Live Help