There are numerous examples of how AI algorithms have helped companies solved operations and business problems. With the ability of AI technologies to churn through and analyze vast amounts of data from a variety of sources, a growing number of organizations are eyeing the possibility of integrating AI into their cyber defence strategies, according to a white paper produced cybersecurity solutions provider Reveelium Inc.
Reveelium has developed a behaviour-based cybersecurity solution. Reveelium analyzes billions of system events and logs, in real-time, on a daily basis. It can identify occurring anomalies in a system’s behaviour and determine which ones are most likely to become security threats.
Helping CSOs, CISOs and other IT and security decision makers come up with a solution to gain better visibility into the vast amounts of data bombarding the typical enterprise organizations is a key area where AI technology can help.
Monitoring, tracking and understanding big data. Recognizing the potential threats and suspicious activities from the information logs generated by sensors, endpoint devices and by security and identity management infrastructures. These are tasks that would normally require a large IT team. However, AI and machine learning technologies can streamline the process and cut down the time to identify cyber threats and stop them in their tracks before they can do any damage.
“The main advantage for AI is that it can do better and faster what humans do today,” according to the Reveelium white paper. “Extracting value from data was, up until now, made difficult by various technical and financial barriers. With the emergence of new, more affordable analytical technologies, these barriers are gradually disappearing.”
Automating the process of detecting malicious behaviours can be accomplished by using two methodologies, according to Reveelium.
The first approach concerns learning how to recognize attacks. This method requires that data streams be previously categorized and separated, for instance, between “normal” and “malicious.”
Once trained, the models can indicate the class to which each newly analyzed behavior belongs to.
While the method shows a high predictive ability, it has two notable drawbacks, according to Reveelium:
- The approach requires a representative volume of data to be collected (users must specify the type of behaviour associated with each analyzed data stream sample). A base of various attacks and history of all behaviour associated with each analyzed data must be available.
- Although the method is capable of detecting similar (but not identical) attacks to those observed during the training phase, the approach is not able to detect new attack strategies.
The second approach aims to group analyzed data flows via similarity. This method makes it possible to highlight how several behavioural groups were formed. The approach makes it possible to highlight how behavioural groups are formed. Under-represented groups (groups with fewer elements) are assigned to abnormal (in statistical terms) behaviour groups.
“In order to distinguish the difference between groups of adnormal behaviour (illegal, suspicious, malicious, etc, it is necessary to take contextual information into account,” according to Reveelium. “Failing this, the analysis will trace a significant number of false alarms (identifying legitimate but unexpected behaviour).”
Both types of approaches can lead to a high predictive result. According to Reveelium the key elements to choosing and AI-based solution are:
- Detection rate of known threat patterns
- False positive rates
- Ability to interact with existing tools within an infrastructure
- Detection rates of unknown threats (advanced persistent threats, advance malware, and viruses)
Of course, there is also the fear that cyber criminals will begin using AI.
Just as the technology helps IT and security teams automate the data extractions and analytics, hackers can employ AI to rapidly target specific users and zero in on the types of data to steal. Artificial intelligence, for instance, can help cyber criminals develop more effective phishing attacks by helping them more accurately analyze a target person’s online communication patterns.
Find out more about how your organization can use artificial intelligence to boost its cybersecurity capability, click on this link to access the AI for Cybersecurity: Technology Breakthrough white paper from Reveelium.
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…