AI plays major role in automating cyber security threat detection and prevention

By Simeon Tassev, Managing Director and Qualified Security Assessor at Galix

Johannesburg, 25 May 2020
Simeon Tassev, MD and QSA at Galix.
Simeon Tassev, MD and QSA at Galix.

In one form or another, artificial intelligence (AI) plays a role in the majority of technology today, and cyber security is no different. Anything that makes use of any form of behavioural analytics will inevitably require the use of algorithms for calculating probabilities, central to the ability to make predictive insight. This capability has become critical in the ongoing war on cyber crime. As the potential for AI and machine learning is further explored, we will see it taking a central role in automating threat detection and prevention, among other areas.

Meeting fire with fire

One of the main reasons why AI has become critical in fighting cyber crime is that cyber criminals themselves are making use of it. The threats are more sophisticated than ever before, and the use of deep learning and AI to breach security systems is becoming an increasing reality.

One example of this is called a deepfake, which uses AI to replace a person’s face or voice in a video – the implications of this are significant. In fact, there was an example of a successful deepfake attack in the UK in 2019, where criminals employed AI-based software to replicate a CEO's voice to execute a cash transfer of €220 000.

Using AI, cyber criminals can also gather incredibly detailed personal information from the Internet and social media, allowing them to conduct ever more in-depth social engineering. AI could also be used to improve the success rate of phishing scams. These are currently fairly easy to spot because they typically display poor spelling and grammar, but using AI can dramatically improve this, and learning algorithms mean they will only get better. Added to this is the fact that AI can generate attacks far faster than any human could, so the potential of the threat cannot be ignored.

Managing the information overload

Aside from countering AI-based threats with equally intelligent tools, AI has become critical in managing the sheer volume of attacks and potential attacks. With the number of attempted breaches constantly increasing, human cyber security teams have an increasingly challenging task when it comes to monitoring threats and determining which ones merit closer attention.

According to the report: The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation: “Machine learning approaches are increasingly used for cyber defence” to learn from known threats and predict how new and future threats might manifest. ML is also used to detect suspicious behaviour and flag areas that may need closer attention.

Trying to analyse and understand this vast amount of data in time to make a difference to counter the threat is impossible for humans alone. AI and machine learning can be effectively harnessed to automate these activities, sort through the millions of malware files, learn the characteristics of attacks and help to prevent new ones. AI can also be used to analyse voices and writing styles to ensure that people are who they say they are, for improved authentication.

Focusing your attention in the right place

AI has applications across networking and endpoint security products, threat detection and incident response, removing much of the human element, which is where the potential for error creeps in. Automation is also essential in ensuring that software is patched and kept up to date with the latest malware signatures to shore up potential vulnerabilities.

With the number of attempted breaches, it is all but impossible to protect against each and every one. It is vital to ensure that your most critical resources are adequately protected, but it is just as important to be able to respond to a successful breach effectively. Basic controls need to be in place and detection and response need to be improved to control the threat, shut it down and minimise the damage.

AI is being used by cyber criminals, which means it is essential to counter any attacks. In addition, the ability to better predict threats before they happen and shut down attacks faster is central to enhanced cyber security. AI is beginning to play a major role in cyber security and this role will continue to grow and evolve through 2020 and in the future.


Editorial contacts