SEMA News—July 2019
INTERNET
By Joe Dysart
Revenge of the Thinking Machines
Rubber-Meets-Road AI Security Tools Now Widely Available
Sophisticated hackers are upping their games with AI-driven threats. (Photo courtesy Shutterstock.com.) |
IT security pros are gearing up in earnest for the newest threat to corporate security: viruses, malware and similar cybersecurity attacks turbocharged with artificial intelligence (AI).
The reason: Just as AI is remaking every other part of the digital world with applications that can think for themselves and grow smarter over time, the wonder technology is also being hijacked by hackers to imbue already dangerous cyber threats with machine intelligence and creativity.
“We have to raise the bar now,” said John N. Stewart, senior vice president and chief security and trust officer for technology conglomerate Cisco, regarding adding AI to the cybersecurity mix. “There is too much risk, and it is up to us to reduce it.”
Added Eva Chen, CEO of cybersecurity company Trend Micro: “The future threat landscape requires AI-powered protection that leverages expert rules and machine learning.”
A significant percentage of the IT security community agrees. In a survey (www.arubanetworks.com/ponemonsecurity) released by Ponemon Institute in September 2018, 25% of security and IT pros said they are already using AI in some way to protect their networks. Another 26% said they planned to deploy AI-driven security in the next 12 months.
Even more disturbing: More than 75% of those surveyed believe that the Internet of Things devices attached to their networks are not secure. And 66% said they have little or no ability to defend those devices from malware, viruses and the like.
“Despite massive investments in cybersecurity programs, our research found that most businesses are still unable to stop advanced, targeted attacks,” said Larry Ponemon, chairman of the Ponemon Institute technology research organization. “The situation has become a ‘perfect storm,’ with nearly half of respondents saying it’s very difficult to protect complex and dynamically changing attack surfaces, especially given the current lack of security staff with the necessary skills and expertise to battle today’s persistent, sophisticated, highly trained and well-financed attackers. Against this backdrop, AI-based security tools—which can automate tasks and free up IT personnel to manage other aspects of a security program—were viewed as critical for helping businesses keep up with increasing threat levels.”
“Despite massive investments in cybersecurity programs, our research found that most businesses are still unable to stop advanced, targeted attacks,” said Larry Ponemon, chairman of the Ponemon Institute technology research organization. |
Ponemon’s concerns were echoed by “The Malicious AI Report” (www.maliciousaireport.com), a study authored by a number of experts from the Center for New American Security, the Electronic Frontier Association and similar organizations. Essentially, the report concludes that AI in the hands of black-hat hackers will make cyber attacks on companies and organizations easier and will broaden the type and number of possible hacks a business can suffer.
Meanwhile, AI is also expected to make attacks against companies and organizations more effective, more precise and more untraceable, according to the report. Of special concern is the possibility that black-hat operatives may use their AI to infiltrate the facial-recognition systems that are embedded in the computer networks of companies and organizations.
The report’s laundry list goes on: Companies may use AI-driven hacking to poison the databases of competitors or simply completely destroy the supporting database architecture of a competitor, according to the report authors. Plus, the entire Internet of Things—so rosily celebrated during the past few years—is currently child’s play for AI-driven attacks. Many if not most of the devices that comprise the Internet of Things are ridiculously unprotected, sporting easy-to-guess passwords that are often issued by manufacturers and never changed by the users who buy the devices.
AI security tools that are currently working to combat those threats are mostly being used to look for suspicious activity on computer networks, analyze that activity often in milliseconds, and neutralize the cause of the activity (which usually originates from a rogue file or program) before it can do any damage. That approach differs from traditional IT security, which has been more focused on identifying specific files and programs known to bear threats rather than studying how those files and programs behave.
The good news is that each time these new AI tools detect suspicious activity, they learn from the experience and get better and faster at detecting the same activity or similar activity in the future.
Also encouraging is that those AI tools can often instantly transmit the knowledge of a new threat across the entire cloud, if simultaneously used with numerous companies who happen to share the same IT cloud, for example, ensuring that if one company is hit first, other companies sharing the same cloud can be instantly protected from the same experience.
Even more of a plus: Cybersecurity pros say the threat of AI-driven viruses, malware and similarly dark IT tools is still limited at the moment, given that the expertise and learning curve need to create and deploy AI security threats is steep. On the downside, AI cybersecurity tools are still so new that the tech has acquired a reputation in many instances for triggering too many false positive alerts. Too often, behavior it identifies as suspicious turns out to be benign, and files it sometimes identifies as threatening sometimes turn out to be innocuous.
Even so, spending some time to at least get acquainted with the latest in AI cybersecurity is considered mandatory by many cybersecurity experts, given that many of the black hats of the world have already embraced the tools for their own nefarious purposes and have no intention of looking back. And while your business may not be able to afford AI-driven cybersecurity at the moment, prices for all things tech tend to have a way of plummeting rapidly, as we all know, so AI cybersecurity that may seem out of reach now may look like a bargain in a year’s time.
Here’s a representative sampling of AI-driven cybersecurity tools currently available:
Symantec’s Targeted Attack Analytics (TAA) Tool (www.symantec.com/about/newsroom/press-releases/2018/symantec_0415_01): TAA uses AI to study the characteristics of new viruses, malware and other cybersecurity threats as they emerge in the databases Symantec protects for numerous clients. One of the primary advantages of this approach is that a virus that crops up at one business can subsequently be caught before it deploys at the next business Symantec protects.
“With TAA, we’re uniting the intelligence generated from our leading research teams with the power of advanced machine learning to help customers automatically identify these dangerous threats and take action,” said Eric Chein, technical director for Symantec Security. TAA is available for Symantec Advanced Threat Protection customers.
Sophos Intercept X Tool (www.sophos.com/en-us/products/intercept-x.aspx): Intercept X uses AI behavioral analytics to continually study the behavior of how malware, viruses and other cybersecurity threats execute. The premise behind the protection is that Intercept X focuses on suspicious behaviors in a computer network rather than what a file may look like.
According to Sophos, Intercept X is able to analyze a file in millions of ways and determine if the file is malicious in as little as 20 milliseconds. Given that it’s equipped with AI, it continually gets smarter over time at recognizing and dealing with malicious threats.
IBM QRadar Advisor (www.ibm.com/us-en/marketplace/cognitive-security-analytics): QRadar relies on IBM’s famous Watson technology—the computer that became a “Jeopardy” champion on TV a few tears back—to investigate threats from suspicious computer files and neutralize those that could compromise a computer network.
Besides studying rogue files, it also studies how the files may be associated with suspicious IP addresses, questionable websites and the like to offer a company a holistic view of potential IT threats it may be facing.
Vectra’s Cognito (www.vectra.ai/cognito-platform): Like its competitors, Cognito continually gets smarter over time at detecting and eliminating cybersecurity threats using machine learning, data science and behavioral analytics. Having Cognito onboard will enable a company to either block a cybersecurity threat outright or identify execution of a rogue application very early to ensure that it will not damage the core of the company’s IT operation.
Darktrace Antigena (www.darktrace.com/products): Like other AI-driven security tools, Darktrace continually studies a computer network for suspicious activity and automatically neutralizes threats without depending on human intervention. Core to its function is being able to block threats without disrupting everyday business processes.
Joe Dysart is an internet speaker and business consultant based in Manhattan. Contact Dysart at 646-233-4089, joe@joedysart.com and www.joedysart.com.