Mix Mode News

6/14/19 Weekly Update: AI in Cybersecurity

Friday, June 14, 2019

Is AI Fundamental to the future of Cybersecurity?

Artificial Intelligence and Machine Learning are words we hear thrown around a lot, often arbitrarily in the cybersecurity space. However, they are instrumental to the development of our industry. According to this article by Sam Bocetta for CSO,if you turn a blind eye to AI and you will get left behind.

“In the future, companies will be able to rely on smart tools to handle the bulk of event monitoring and incident response. The next generation of firewalls will have machine learning technology built into them, allowing the software to recognize patterns in web requests and automatically block those that could be a threat,” said Bocetta.

That’s exactly what good cybersecurity AI should do: lessen the workload for people and recognize threat patterns that may be invisible to the human eye due to the sheer magnitude of data one has to look at while monitoring a company’s network for attacks. Read More

Can AI Help Win the Cybersecurity Wars?

The battle to protect and defend data rages on between increasingly machine-intelligent hackers and network security teams defending their companies, institutions, governments, and enterprises.

Rodney Caudle for Government Technology Magazine explains that AI and Machine Learning will be welcome additions to the software cybersecurity already has, like SIEMs, which just isn’t enough to keep up with the growing threat of advanced hackers.

“Artificial intelligence and machine learning hold promise as effective techniques for sifting through the large volumes of security events logged by SIEM technology. These tools can augment existing security staff and safeguard the enterprise by dramatically increasing the chances that real threats will be detected more quickly,” Caudle writes.

He shares 4 ways AI strengthens cybersecurity defensive capabilities:

  1. Scanning large volumes of events from multiple sources.
  2. Identifying variations from typical network traffic patterns.
  3. Grouping related security events and notifying security personnel about potential threats.
  4. Watching IoT network entry points. Read More

How to Vet AI and ML in Cybersecurity

Traditionally, cybersecurity has been approached within an “indicator-based” framework in which analysts look at how an attack happened. Moving forward, with advances in AI and ML, it is now possible to operate within a behavioral analytics-based approach that looks at the motives of a hacker rather than tactics - meaning, understanding what they are trying to achieve.

Knowing you want to adopt a behavioral approach most certainly requires new tools and behavioral analytics solutions but looking at a simple product comparison matrix won’t show the true value that you will be getting from emerging AI-threat detection technology.

The article for Info Security Magazine gave a list of ways to better evaluate AI-driven solutions to gain a deeper look into the technology, and ultimately, choose the solution that will actually have an impact:

  • Use real-life examples to test. CIOs should use complex examples to test the depth of the analysis and engine.
  • Ask the vendor to describe the depth of the engine’s analysis. A strong behavioral analytics cybersecurity solution should arrive at its conclusions via complex and numerous deduction chains. The simple conclusion that a user is malicious could be driven by hundreds of different data points. Truly sophisticated platforms have the human ability to contextualize. Even when a behavior deviates from a baseline of normalcy, the platform searches for mitigating factors before assuming malicious intent.
  • Evaluate explainability. A good behavioral engine explains its conclusions in as close to human terms as possible. More importantly, it explains how it arrived at those conclusions, taking users step-by-step down the deduction path all the way to the raw data. Opacity is the enemy in AI, since it makes it hard to evaluate how well a solution is working or how its performance changes over time.
  • Look to the future. AI solutions are expected to evolve. A good platform should be able to illustrate how that evolution will take place, ensuring it remains relevant even as the threat landscape changes. Read More


By
Ana Mezic, Marketing Coordinator at MixMode

MixMode Institute Articles You Might Like:

5 Things to Know About the New PacketSled Platform

SC Magazine: Beefing Up Your Next Generation Security Tool Set

Baltimore City Government Ransomware Attack: Municipalities Must Move Beyond Protection at the Perimeter

Intro to Wire Data: Why Should I Care When I Already Have Log Files?