Christian Wiens is Director of Marketing at MixMode. He has 10+ years of experience as a cybersecurity professional. He has his BA from The University of California, Berkeley and resides in Austin, TX.
The consensus in the cybersecurity industry in 2019 is pretty clear: AI in cybersecurity is here to stay, and it has a variety of interesting use cases that is advancing the industry as a whole for the better. From Network Detection and Response (NDR) to potentially helping to displace the humble password as the user authentication standard, there are many reasons why AI is something to pay close attention to in this space.
Trends in Artificial Intelligence in Cybersecurity
Network Detection and Response
Detecting a threat during network monitoring is only the first step in keeping the network safe. Good network security also depends on quickly determining the cause of the threat and dealing with it. Rapid Network Detection and Response (NDR) limits the effectiveness and reach of an attack on the network, and therefore minimizes the impact.
NDR is quickly becoming a vital tool for many companies trying to secure their networks. An NDR system utilizes AI to create a baseline of the network, or an image of what the network looks like on average. Then the system scans continuously for deviations from this baseline. When a deviation, or potential problem is discovered, the NDR system deploys network forensics and initiates a response to begin repairing the damage. In this way, a good NDR helps to eliminate the lag of a human response time.
Data Analysis and Trends
There are big opportunities for security data analysis through AI technology. The ability to quickly sort through and analyze huge data sets helps with quickly pinpointing security risks in a network. This saves security analysts quite a lot of time they would have otherwise spent sifting through unrelated data.
AI tools are also utilizing more diverse data sets, which makes it a lot easier for security analysts to quickly see a high-level overview from sources such as static configuration data, historic local logs, global threat landscapes, and contemporaneous event streams.
False Positive Management
Alert fatigue from the impossible number of alerts IT teams get from their cyber security software is an issue that demands a solution as hackers and gatekeepers play tug-of-war with cutting-edge technology. When systems have too many false positives, they can neither decide what is a real problem nor accurately justify a fix that costs time or performance.
Human-interactive machine learning systems compare security data collected internally with external threat data to show the security analysts where to look to find threats to the network. The security analysts can then train the system by tagging the most relevant threats. Over time, the system adapts to the human inputs, which will eventually reduce false positive alerts.
With a context-aware AI-powered platform like MixMode, analysts can monitor what the AI is showing and look into the events that have been flagged by the AI. Out of all the indicators in the system, the AI is going to select a few events that are aggregates of indicators that the analysts should be cognizant of and solve first. This way analysts can spend a lot more of their valuable time threat hunting and looking deeply into the events that actually matter, rather than wasting massive amounts of time on false positive alerts.
Malware Attack Response
Malware and cyber attacks evolve over time, so more dynamic approaches are necessary to ensure network security, and especially to prevent zero-day attacks. Using a network baseline, an AI system can leverage what it knows and understands about past attacks and threats to identify similar attacks.
Because attackers are constantly building upon older threats, utilizing AI systems to look out for and provide notification of emerging attacks could be incredibly beneficial to stem the tide of zero-day threats. This means new threats will be pinpointed faster and the necessary updates and patches released in a more streamlined manner, minimizing the number of victim systems impacted.
Password Management
Cyberattacks are on the rise and many security experts no longer consider passwords to be the most secure method of user authentication. In the future, AI technology could offer us the option of a more secure, password-free future.
According to an April 2019 survey conducted by IDG, more than 75% of people surveyed believed mobile devices with biometric authentication methods were the most secure option for replacing passwords. 61% believed hardware tokens could also work to replace conventional passwords. The use of AI for responding to cybersecurity threats on mobile devices makes the passwordless future possible.
Mixmode’s context-aware AI learns about your network unsupervised and without human input – it’s the first of its kind in cybersecurity.
MixMode Articles You Might Like:
What is Network Detection and Response (NDR)? A Beginner’s Guide
The Tech Stack Needed to Start an MSSP Practice: Firewall, SIEM, EDR and NDR
AI-Enabled Cybersecurity Is Necessary for Defense: Capgemini Report
Web App Security: Necessary, Vulnerable, and In Need of AI for Security
The Endpoint Gap in Cybersecurity
3 Reasons Why Managed Service Providers Should Consider Focusing on Cybersecurity