BACK TO LIST

07.11.2019

Disrupting Cybercriminal Strategy With AI and Automation

In the cybersecurity space, there has always been an unfair advantage for cybercriminals. Adversaries only need to find one vulnerability to wreak havoc on an entire system. All it takes is a single misconfigured device, or outdated operating system. Security teams, however, must work to anticipate hundreds of types of attacks, and then block them on all devices throughout the network. That partly explains why spending on cybersecurity continues to grow and could reach $133.8 billion by the year 2022, according to IDC. Even so, cybercrime is still costing enterprises around twice that of their total security spend.

Three Basic Cybersecurity Strategies to Start With

As the stakes get higher as businesses connect more devices and applications to the internet, leaders need to rethink how they approach cybersecurity. As IT teams revise their strategies, there are three strategies they should keep in mind: 

  1. Build Security from Day One: When developing your network, think of security as an integral component to be deployed alongside critical business infrastructure. A common mistake is for organizations to deploy business solutions without consulting their security teams. Security teams then have to scramble to secure these systems in an ad-hoc fashion.
  2. Cover the Basics: Cybercriminals target low-hanging fruit because it’s easier and cheaper. By simply covering best cybersecurity practices at your organization to ensure strong cyber hygiene, you can eliminate many common risks.
  3. Leverage Automation: Malicious events can happen in seconds, leaving little or no time for human intervention to make a true impact. Automation can help security teams respond to known threats in real time, while machine learning evaluates standard network behavior to identify abnormalities, thereby reducing dwell time.  

Why Artificial Intelligence is Essential

While automation speeds up response times and machine learning can identify indications of a possible threat, artificial intelligence (AI) can make human-like decisions in a split second and even anticipate future cyber events. However, using AI to protect your system means taking a giant technological leap forward. To determine if a vendor actually has the infrastructure necessary to develop an AI solution, IT leaders need to talk to vendors about their AI development strategies. 

The True Meaning of AI-Based Cyber Security

Capitalizing on new directions in cybersecurity, many vendors now claim AI-based security products. The reality is, however, that many solutions advertised as AI are merely sophisticated scripts combined with a decision tree. Developing true AI is challenging, which is why enterprises need to be skeptical when they’re talking to vendors. 

An AI system needs to be fed enormous amounts of data to be effective. And in order to train an AI, there must also be an artificial neural network (ANN) present, and a deep learning model that will accelerate data analysis. Only then can the AI make use of data to learn, adapt, and evolve. 

Here’s a quick checklist of what to look for:

  1. A Massive ANN. Artificial neural networks used to operate an AI system need to be comprised of millions or even billions of nodes to provide adequate processing resources. 
  2. Large Volumes of Data. Insufficient data can diminish an AI’s understanding of cyber threats and how to properly respond, resulting in an ineffective product that can make bad decisions about your security. 
  3. Supervised and Unsupervised Learning. The AI system needs to be continually fed massive amounts of  labeled data so the system can learn how to recognize patterns and make decisions. The system is then fed unlabeled data so the AI system can begin to learn on its own by recognizing new patterns. Structured reinforcement is applied throughout to systematically improve AI performance through rewards for correct results. The process is then repeated with incrementally more sophisticated data. 
  4. Trained AI Instructors. Proper AI instruction and development requires individuals with years of training and experience.

It can take years of cycling through these steps before an AI program is ready for the field. Keep in mind that meanwhile, cybercriminals are devising new ways to breach enterprise systems. That means there’s a constant supply of new cybercrime data that will need to be continually incorporated into training. AI training models will need to be continually adjusted to new threats, along with new strategies to designed to combat those threats. 

Security leaders are right to be skeptical when they talk to vendors of AI-enabled security services. The learning curve for AI might be steep, but the advantages of a good AI-based security system are well worth the effort. 

References

This is a summary of an article written for Security Week by Fortinet’s Chief Marketing Officer and Executive Vice President of Products, John Maddison. The entire article can be accessed here.