Bring the noise: How AI can improve cyber security

Beleaguered enterprises are struggling to keep pace with cyber threats, and small and medium-sized businesses are hit hardest of all due to limited resources.

A recent survey by the Federation of Small Business (FSB) found 66% of those questioned had been a victim of cybercrime over the past two years, and only 4% had an incident response plan in place in anticipation of an attack.

For many, cyber security takes them into unfamiliar territory and depletes the time spent on core business activities.

This has seen an over-reliance upon point solutions, poor attention to patching and updates, and a failure to apply strategic business-specific security controls.

To make matters worse, the potential attack surface is only set to widen as the Internet of Things sees sensors and IP-enabled tech insinuate themselves into every niche of society, even the small business.

>See also: Artificial intelligence: advancements, abilities and limitations

A badly configured humble kettle could open up a conduit onto a business network, for instance. Yet the current situation finds many SMEs ill-prepared for any change in the threat spectrum, being unable to monitor, detect and respond to an attack – begging the question, how will they cope with yet more holes in the network?

What is needed is some form of automation coupled with artificial intelligence; a system that has visibility of the network and can monitor activity and alert the business to enable security resources to be focused as and where needed, thereby conserving spend, but which is specific to the business.

High-level data processing has been available for some time in the form of security incident and event management (SIEM) systems that, when combined with a security operations centre (SOC), can correlate data and issue alerts.

But these systems can be costly and complex to deploy and manage, with reports estimating it takes up to six personnel to run a SOC 24/7.

Even then, the information derived from these tools needs to be correctly interpreted and actioned upon. And few SMEs have data scientists on the pay roll.

For this reason, AI is beginning to receive more attention. It takes complex event processing and performs pattern analyses, using machine learning, to improve success rates.

In the context of a SOC, AI can be used to extract hidden correlations and detect complex attack vectors, as well as by assisting analysts looking for traditional attack patterns by offering multiple filtering options.

It can then assess the potential for these events to scale-up and evolve into attacks. Threat feeds are assessed in the context of the business, so that criteria such as geography, sector and compliance requirements are used as parameters externally, while internal elements, such as business strategy and the risk profile, are included to create an overarching view –allowing the threat to be assessed against the risk appetite of the business before determining a response.

As opposed to a traditional SOC, an AI SOC demonstrates machine learning and uses deep threat intelligence. It can drill down further for data and use advanced penetrative techniques to mine information from dynamic data sources such as those associated with social media and even off-grid in the dark web.

This can give the business advance warning of an impending attack in real-time as data can be collated, sifted and interpreted using predictive data analytics to forecast likely event outcomes.

The FSB survey found that the most common form of attack against the SME were phishing attacks experienced by 49% of respondents, with 37% experiencing the more targeted spear phishing attack.

These can readily be spotted and filtered using automated software. Trickier and more difficult to anticipate are denial of service attacks, aimed at crippling websites, and ransomware attacks, which use DDoS attacks or malware to demand a release fee.

Both are on the increase in the SME sector, with the FSB survey reporting five percent of respondents had experienced a DoS attack and 4% ransomware.

By the time a DoS has been executed, the business is already caught off guard and is potentially in a capacity war, forced to scale up resource to fend off the attack.

Yet, with sufficient warning, the SME can use a DoS solution to throttle the attack. The key is getting that information in advance for it to become actionable intelligence and that can only be achieved by applying AI in the form of complex algorithms that can spot rogue activity.

For instance, DoS attacks are highly organised in nature and are often planned on forums hosted on the dark web. Tap into those conversations by using the parameters referred to above and you can create a window into underground activity that can trigger an alert when the noise merits it.

Real-time SOC services are now emerging that can deliver this type of capability to the SME and it doesn’t need to cost. Outsourcing can provide the SME with access to the technology, the AI, and the personnel needed to man the operation, thereby giving the sector access to high-level security services using economies of scale for the first time.

>See also: How artificial intelligence will impact the role of security pros

When selecting a supplier, it’s the intelligence that you need to look for, so in addition to the usual requirements such as SIEM, event logging and data analytics, it’s beneficial to look at the managed services on offer.

Ask how data is captured and correlated and analysed and by whom? Can it dovetail with your day-to-day business operations to provide business intelligence?

Finally, bear in mind that the threat spectrum is constantly evolving. Cyber security sees security solutions and attackers pitted against one another in a never-ending arms race.

If we now have AI security solutions, businesses should expect to see malicious AI systems in the future.

Researchers are now modelling how a malevolent AI system could develop, and have concluded that current cyber security practices are woefully inadequate.

Sourced from James Henry, UK southern manager, Auriga

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics