Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

5/10/2017
10:30 AM
Derek Manky
Derek Manky
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Extreme Makeover: AI & Network Cybersecurity

In the future, artificial intelligence will constantly adapt to the growing attack surface. Today, we are still connecting the dots.

Traditional network architectures are incapable of meeting the demands of new digital paradigms involving enormous volumes of raw and processed data moving between our devices, our work, community and home networks. In this two-part series, we explore how next-gen network technology can use artificial intelligence and machine learning to become more flexible and automated.

Security strategies need to undergo a radical evolution. Tomorrow’s security devices will need to see and interoperate with each other to recognize changes in the networked environment, anticipate new risks and automatically update and enforce policies. The devices must be able to monitor and share critical information and synchronize responses to detected threats.

Sound futuristic? Not really. One nascent technology that has been getting a lot of attention recently lays the foundation for such an automated approach. It’s called Intent-Based Network Security (IBNS). IBNS provides pervasive visibility across the entire distributed network, and enables integrated security solutions to automatically adapt to changing network configurations and shifting business needs with a synchronized response to threats.

These solutions can also dynamically partition network segments, isolate affected devices and remove malware. New security measures and countermeasures can also be provisioned or updated automatically as new devices, workloads, and services are deployed or moved from anywhere to anywhere in the network, from endpoints to the cloud. Tightly integrated and automated security enables a comprehensive threat response far greater than the sum of the individual security solutions protecting the network.

Artificial intelligence and machine learning are becoming significant allies in cybersecurity. Machine learning will be bolstered by data-heavy Internet of Things devices and predictive applications to help safeguard the network. But securing these “things” and that data, which are ripe targets or entry points for attackers, is a challenge in its own right.

The Quality of Intelligence
One of the biggest challenges of using AI and machine learning lies in the caliber of intelligence. Cyber threat intelligence today is highly prone to false positives due to the volatile nature of the IoT. Threats can change within seconds; a machine can be clean one second, infected the next and back to clean again, full cycle, in very low latency.

Enhancing the quality of threat intelligence is critically important as IT teams pass more control to artificial intelligence to do the work that humans otherwise would do. This is a trust exercise, and therein lies the unique challenge. We as an industry cannot pass full control to machine automation, but we need to balance operational control with critical exercise that can escalate up to humans. This working relationship will truly make AI and machine learning applications for cybersecurity defense effective.

Because a cybersecurity skills gap persists, products and services must be built with greater automation to correlate threat intelligence to determine the level of risk and to automatically synchronize a coordinated response to threats. Often, by the time administrators try to tackle a problem themselves, it is often too late, causing an even bigger issue, or more work to be done. This can be handled automatically using direct intelligence sharing between detection and prevention products, or with assisted mitigation, which is a combination of people and technology working together. Automation can also allow security teams to put more time back into business-critical efforts instead of some of the more routine cybersecurity management efforts.

In the future, AI in cybersecurity will constantly adapt to the growing attack surface. Today, we are connecting the dots, sharing data and applying that data to systems. Humans are making these complex decisions, which require intelligent correlation through human intelligence. In the future, a mature AI system could be capable of making complex decisions on its own.

What is not attainable is full automation; that is, passing 100 percent of control to the machines to make all decisions at any time. Humans and machines must work together.

In part two, Artificial Intelligence: Cybersecurity Friend or Foe?, we highlight the flipside to the AI coin, and how cybercriminals are using it to build smarter malware.

Related Content:

Derek Manky formulates security strategy with more than 15 years of cyber security experience behind him. His ultimate goal to make a positive impact in the global war on cybercrime. Manky provides thought leadership to industry, and has presented research and strategy ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
Stephen Ward, VP, ThreatConnect,  7/1/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15350
PUBLISHED: 2020-07-07
RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64_decode() uses an output buffer estimation function to compute the required buffer capacity and validate against the provided buffer size. The base64_estimate_decode_size() function calculates the expected decoded ...
CVE-2019-19935
PUBLISHED: 2020-07-07
Froala Editor before 3.0.6 allows XSS.
CVE-2020-11882
PUBLISHED: 2020-07-07
The O2 Business application 1.2.0 for Android exposes the canvasm.myo2.SplashActivity activity to other applications. The purpose of this activity is to handle deeplinks that can be delivered either via links or by directly calling the activity. However, the deeplink format is not properly validated...
CVE-2020-15028
PUBLISHED: 2020-07-07
NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Map.php xo parameter.
CVE-2020-15029
PUBLISHED: 2020-07-07
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php sn parameter.