AI and Automation in Cybersecurity in “Information Security”
Two of the biggest risks to a secure network today are the potentially growing attack surface and the ever-changing forms that attacks can take.
See how automation helps address issues with Cybersecurity:
“The biggest challenge is the attack surface,” says Michael Xie, founder, president and CTO of Fortinet. Compared to a few years ago, there was a massive increase. There are traditional servers and desktop computers, which are not leaving. There are mobile devices on the wireless network; there is WiFi;
There are all types of IoT devices and smart devices.
Looking at IoT alone, there were 31 billion IoT devices connected in 2018, with 130 billion projected by 2030, according to the IHS Markit IoT Devices and the Connectivity Intelligence Service.
Run the monitoring software
To stay ahead of potential threats, companies need to run monitoring software on all of these devices and networks and then find a way to analyze the data generated by that software.
"It is almost impossible for humans to handle everything," says Xie.
Artificial intelligence allows computers to monitor most of the network, process records and reports, classify false positives for legitimate issues and search for anomalies that could represent real attacks. In other words, automated systems can become first-rate security officers, doing the routine job of observing sensors and scanning logs, just alerting their supervisors - experts in human cybersecurity - to real problems.
"Instead of the need for hundreds of professionals to process this information for a large company, computers can reduce that to perhaps 10," says Xie.
The machine learning advantage
Systems using machine learning can also recognize variants of malware, making automated threat detection even more useful.
“Antivirus software tends to look for an exact match of a malware signature” based on the software’s current threat database,Ed Amoroso, executive director of TAG Cyber.
“And if you have an exact match, it says you have malware. But if it doesn't, you will have a problem ”, since a new version of the malware, or a totally new threat, may go unnoticed.
"With machine learning, you have neurons that focus on small pieces of a problem that could be a cyber attack."
"They will learn their little piece of it, then coordinate to make a decision about whether it is an attack."says Amoroso
The software learns from what it is seeing and trains itself. This makes machine learning-enabled systems very well designed to identify malware variants.
"It used to be like putting 30 pictures of cats in software and then asking, 'Is that a cat?'" He says. “The software said, 'Well, is it an exact match? No. ”“ But machine learning takes the software away from the exact match problem, ”he says. “You put a 'malware'and says,' Well, I've seen about a million examples here, and this one is really right in the mix. It's definitely an attack, even though I can't give you an exact match, it's definitely a cat. '”
Identify Cybersecurity Standards
Artificial intelligence systems can identify patterns that humans sometimes cannot.
The Auto-evolution Detection System of the Fortinet, for example, can identify new attacks based on pattern recognition, behavioral analysis and machine learning, and instantly create signatures to block threats before they infect a network.
The system proved to be effective even against malware from zero day, where there is no previous version of the threat.
"We run an operations center where millions of samples arrive every minute," says Xie, which means that Fortinet systems are examining potential threats that their sensors have picked up around the world. If there is no artificial intelligence, there is no way anyone can analyze all these factors and understand the trends among different hackers in different places in the world, creating attack 'malware'.
The artificial intelligence machine is capable of capturing something that looks super complicated and that we cannot discover by looking at it with human eyes. "
Evolving software for evolving threats
Another great advantage of artificial intelligence technology in cybersecurity:
- Protection software's ability to learn and evolve as threats change.
"When you buy a product that has machine learning, just put it on," says Amoroso. There is no need to wait for it to hit new, unknown threats. “I already taught you how to find out what to look for. You do not need updates.
See that this makes the cybersecurity AI-enabled not only more effective, but also easier to maintain, since it’s always up to date.
"The auto-evolutionary aspect is the really fascinating piece".Say Xie
“AI is becoming more powerful and more accessible. And as it does more, it actually gets better. At some point, it really exceeds the capacity of humans ”.
WSJ. Custom Studios is a unit of the advertising department of The Wall Street Journal. The Wall Street Journal news organization was not involved in the creation of this content.
Wall Street Journal - Jan 2, 2019