Attacks/Breaches

11/1/2017
10:30 AM
Rick Grinnell
Rick Grinnell
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

How AI Can Help Prevent Data Breaches in 2018 and Beyond

Artificial intelligence startups are tackling four key areas that will help companies avoid becoming the next Equifax.

Equifax's stunning data breach is a major headache for some 145 million Americans who could face identity theft for the rest of their lives. The breach has forever tarnished Equifax's business and brand, and it has prompted the company to replace its CEO, CIO, and CSO. However, as we look at the coming year and as new technologies continue to evolve, it's clear that artificial intelligence (AI) can have a powerful role in helping prevent future data breaches.

If we look at how the Equifax breach occurred, there's a lot to learn — and even cause for optimism. As we know, it all came down to patching. Patching vulnerable, out-of-date software should be straightforward, but in reality, it never is. Although Equifax could have prevented this disaster, it's hardly the first company to neglect a critical software patch. A 2016 survey found that 80% of companies that suffered a breach could have avoided it if they had used an available update. So why don't organizations apply patches?

Sometimes, the delay in patching is simply due to inadequate resources or a lack of solid internal processes that require immediate identification of the vulnerable software, testing of the new patch, and deployment of the fix. Often, firms delay so they can test a patch before applying it — to make sure they aren't fixing one problem but creating others. Sometimes companies don't realize they are running software that is vulnerable. Because of the complexity of sprawling applications, popular vulnerability scanning products miss important pieces of the puzzle, leaving holes for attackers to exploit. It appears that a combination of factors played a role in Equifax's situation. (Here's another great read on the barriers of patching for reference.)

The bright side? AI is driving exciting advancements in information security. Security professionals must get plugged into new technologies and not rely only on old-school solutions or methods, because traditional tech solutions won't cut it (e.g., antivirus software). AI will fuel next-generation solutions — whether they're focused on endpoints, analytics, or behavioral analysis. With the amount and velocity of data, and the sheer number of connections to monitor and manage accelerating at an exponential rate, AI will be a critical component in preventing breaches like the one at Equifax.

How AI Could Help
Problems largely caused by human error specifically lend themselves to AI. Here are four areas that AI startups are investigating — and in some cases, are in the early stages of development:

1. Code development: Whether the software is from open source communities or from companies like Apple or Microsoft, one could ask why these vulnerabilities aren't being found while the code is being put into production. Why would the Apache Foundation distribute software that has an obvious vulnerability? The reason is, when you're talking about millions of lines of code and lots of new functionality, sometimes things get lost in the shuffle. There probably was rigorous testing in Equifax's case, but people tend to look for things they've seen before. The existing tools to check for such vulnerabilities are also hard-wired by humans. AI would allow you to think of things a human couldn't.

2. In-market testing: Once software is released to the market, there are products and service providers that find vulnerabilities in public-facing applications. Clearly, someone caught Equifax's problem, but it took a long time and the damage was already done. AI would make testing and vulnerability-scanning tools more useful and close the gap between putting something into production that's unsafe and knowing it's unsafe.

3. Checking the patches: One reason that organizations (and people) are reluctant to download patches is that they often render old apps inoperable or cause them to lose functionality. Wouldn't it be great if there was intelligence to look at the code and provide higher confidence that downloading the patch wasn't going to break your application?

4. Benchmarking: Being a CISO isn't a very attractive proposition if you're likely to get fired if and when a major breach occurs. Because no one can prevent attacks 100% of the time, how can you hold security officers accountable in a fair way? One idea is to use AI to look at your industry category (such as banking or retail) and examine the firewalls, endpoint and other security products you're using and how they are configured in your overall security stack. When you look at this list of complex configurations, you get an inter- and intra-company set of metrics. With AI monitoring and analyzing of this data, you can see how you stack up against your peer group. Even if there were to be a security incident, you could let your board of directors know that you had gone above and beyond what your peers are doing by every other measure, perhaps saving your job.

There are other applications, too. AI could be used to find a personalized way to remind you to install a patch that makes it impossible to ignore, or more precisely find all of the application instances that need to be fixed. The bottom line is that AI is a powerful tool at our disposal to help avoid becoming the next big breach target.

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry's most knowledgeable IT security experts. Check out the INsecurity agenda here.

 

Rick Grinnell is Managing Partner at Glasswing Ventures, an early-stage venture capital firm dedicated to building the next generation of AI technology companies that connect consumers and enterprises and secure the ecosystem. As a venture capitalist and seasoned operator, ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Well, at least it isn't Mobby Dick!
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-9923
PUBLISHED: 2019-03-22
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
CVE-2019-9924
PUBLISHED: 2019-03-22
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
CVE-2019-9925
PUBLISHED: 2019-03-22
S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter.
CVE-2019-9927
PUBLISHED: 2019-03-22
Caret before 2019-02-22 allows Remote Code Execution.
CVE-2019-9936
PUBLISHED: 2019-03-22
In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.