E-Handbook: How to put AI security to work in your organization Article 3 of 4

AI cybersecurity tools help spot threats before they cause harm

Security pros are increasingly using AI-based cybersecurity tools to stay one step ahead of hackers and minimize vulnerabilities before they can be exploited by bad actors.

With billions of devices connected to the internet, the cybersecurity threat landscape is getting more complicated. From phones and desktop machines to servers, cloud applications and IoT devices, never before have more targets been available to those looking to cause harm.

According to research firm Enterprise Strategy Group (ESG), between 390,000 and 1 million new malware variations emerge every day. The average organization deals with over 200,000 security events daily. It's estimated that, by 2021, there will be an astounding 3.5 million unfilled cybersecurity positions worldwide, according to research from Cybersecurity Ventures. This means that the threat landscape is not only getting more complicated, but it's getting harder to manage these threats.

The emergence of AI and machine learning is bringing new intelligent capabilities to the mix to help provide more proactive visibility, control and mitigation of cybersecurity attacks. According to the ESG report, companies are increasingly looking to AI cybersecurity tools. Over 12% of enterprises have extensively deployed AI-based security analytics as of 2017, and 55% of surveyed firms plan to deploy machine learning and AI approaches to cybersecurity.

Advanced threat detection

AI algorithms are particularly good at pattern detection. Machine learning-based systems train on the vast existing databases of viruses and malware and can model the properties and characteristics of malicious programs. Once trained on these patterns, these AI systems can observe network traffic, data exchanges and system behavior to identify malicious patterns that might be worth closer examination.

In this way, AI-enabled cybersecurity tools don't have to wait for the attack to occur before providing a response. So-called zero-day attacks, in which victim systems have no prior defense or awareness of the threat, can similarly be thwarted and prevented by smart cybersecurity software that learn from attacks on their own systems, as well as those from others in the network.

Similarly, AI cybersecurity tools can use their learning to determine patterns of attacks. The systems can categorize attacks based on threat level and adapt over time. They can determine whether the attacks originate from a specific location, target specific systems or fit specific categories. In this way, security researchers and security personnel can learn how to harden their environments to prevent future attacks and operate more proactively when faced with traffic from specific regions in the world or that target specific systems.

Proactive defense and threat mitigation

In addition to being better than humans or even traditional antivirus and antimalware systems at identifying and mitigating attacks, AI-enabled cybersecurity software can introduce new ways to defend and mitigate threats. Rather than simply shutting down servers or traffic in response to attacks, these systems can respond more creatively and adaptively to thwart attacks. In fact, the blunt response of shutting down systems in response to an attack might actually be the very thing that the attacker wants. From distributed denial-of-service attacks to attempts to harm critical infrastructure, the attacker wins by either overwhelming the system in question or by getting an overly aggressive response from security personnel.

Instead of these brute-force responses, AI cybersecurity tools learn how to thwart these attacks with adaptive responses that also minimize collateral damage. If an attack is trying to disrupt traffic, an AI-enabled cybersecurity tool might identify legitimate traffic from attacker traffic and split traffic to two different directions, keeping customers happy and keeping attackers at bay. If the system detects compromises to data or other infrastructure, it can apply backup data or systems so that any changes are reversed. The security tool can also respond in ways that the attacker can't easily predict, emulating human behaviors instead of scripted cybersecurity responses.

Improved auditing of systems and patching

On the more mundane side, AI-based software is able to regularly probe systems, devices and data for vulnerabilities and apply patches and fixes to that infrastructure to prevent attackers from using previously identified means of compromising systems. Security analysts are regularly overwhelmed with the sheer scale of architectures and devices they need to protect. They have to constantly be aware of updates and patches that need to be applied to address yesterday's security issues to prevent tomorrow's problems. However, this is a near-impossible task for human operators.

How AI could help companies build cybersecurity
incident response teams

While there are a number of automated systems that can be used to apply patches on a regular schedule or when updates are available, these are very much a one-size-fits-all approach and are subject to their own issues. Some updates can cause problems in functionality and need to be rolled back to prior versions. Others only work for specific devices or system configurations. AI-based cybersecurity tools more evenly and successfully apply patches to address security holes without introducing functionality problems. These AI-enabled systems can then continuously monitor systems, sources of patches and bug fixes, and additional sources to apply the right patches to the right systems at the right time.

Adapt to changing threats

Finally, with AI, systems are able to adapt to the continuously changing threat landscape. New devices, cloud applications, servers and systems introduce new threats that companies might not be aware of until the attacks occur. AI-based systems can creatively probe these systems to see what potential threats might emerge. This is a machine learning-enabled version of the penetration testing (pen testing) that software and hardware vendors regularly employ to make sure that their systems are as secure as possible.

Just as software quality assurance is increasingly being automated with AI capabilities, so too are penetration testing capabilities. AI-enabled solutions are increasingly emerging that provide continuous pen testing, as well as the ability for companies to respond to continuously evolving threats.

Dig Deeper on AI infrastructure

Business Analytics
Data Management