Today’s expanding attack surface makes it difficult to distinguish noise from signal and identifying which vulnerabilities pose the most considerable risk. According to experts, machine learning and artificial intelligence algorithms can instantaneously digest data from thousands of sources, connect all the dots and build potential threat visualization of the enterprise that focuses on the organization’s critical assets.
Artificial intelligence and machine learning have the capability to change the way cybersecurity is managed. The major contributing factor is real-time threat detection, and accurate prediction of emerging threats as attacks evolve. The malware files classified in the past can be utilized to model attack behaviors to better safeguard against new cyber threats. This task, when compared to humans, is pretty vast and would take a lot of time. While manual or rule-based tools are rigid, AI and ML models powered tools are dynamic that boosts up the process of finding and responding to threats and attacks.
Through the use of AI and analytics techniques, organizations can build models, automate network monitoring, identify threat actors in real-time. Artificial intelligence can also help in creating multiple real-time monitoring and reporting capabilities, where the technology will be integrated with the enterprise ecosystem to provide real-time alerts. AI can identify the class of malware and its criticality. Based on the malware observed, the system can intelligently create a contextualized remediation approach for enterprise users. This way, a sizable amount of the manual process is automated.
To elaborate, researchers from the University of the Aegean, Greece published a new research study in countering DDoS in SIP-based VoIP systems through ML. The algorithms fare well compared to non-ML detection. Among the algorithms, Random Forest and decision trees stand top when measured from an intrusion detection viewpoint. In addition, as the attack traffic rises, the intrusion detection rate drops. Ultimately, ML techniques outclass conventional attack detection techniques/methods. Even though ML models take considerable time to build, it is worth implementing in critical scenarios such as the above case in cybersecurity. It can also be extended to detect harmful applications such as SQL injection, phishing, malware, zero-day exploits, to name a few.
AI in Antivirus
Antivirus software is widely used as a way to combat malware and prevent computers from getting compromised. Antivirus products have also been one of the first users of advanced algorithms that emulate the processes of the human mind. In a method called behavioural analysis, antivirus technologies crackdown on viruses that aim to circumvent previous methods.
For instance, SonicWall’s Capture Client is a signature-less unified endpoint platform that uses a static artificial intelligence (AI) engine to determine if new files are threats before they can execute. The platform also has a behavioural AI engine to protect against file-less threats — for example, PowerShell scripts, macros within documents, lateral movement, etc. This continuous behavioural monitoring of the client helps create a complete profile of file activity, application and process activity, and network activity. It allows for protection against both file-based and fileless malware and delivers a 360-degree attack view with actionable intelligence relevant for investigations.
“We’ve been in machine learning before it was cool back in security space since 1999. Machine learning and AI truly protect against modern cyber warfare. AI can be used to identify activities that human oversight would mostly fail to catch. AI understands the big data coming from behavioural analysis,” told Debasish Mukherjee, Country Director – India & SAARC, SonicWall.
SonicWall’s firewall, with more than 1 million sensors deployed across 215 territories and countries, the company has one of the largest global footprints of active firewalls. The company also has a cloud-based, multi-engine SonicWall Capture Advanced Threat Protection (ATP) sandbox service that discovers and stops unknown, zero-day attacks, such as ransomware, at the gateway with automated remediation. “Automation helps to detect malicious behaviour across multiple vectors, rapidly eliminate threats with the fully-automated integrated response and to adapt their defences against the most advanced cyber-attacks,” Mukherjee added.
We also interacted with another popular antivirus company Avast, which has been using machine learning and AI to detect and block threats for many years now. Vince Steckler Software, CEO of Avast said, “AI offers us the opportunity to detect threats in real-time and anticipate emerging threats. We train our machines to learn from databases of known threats, to identify attack patterns of completely unknown threats. Avast has also heavily invested in developing AI algorithms to combat adversarial AI. We define DeepAttacks as ‘malicious content automatically generated by AI algorithms.”
Machine Learning introduces intelligence to an organization’s first level of defence against cyber threats, and it also enables users to deploy that intelligence across all the major categories of security tasks. ML technologies are used to process large quantities of data enabling them to make predictions and identify anomalies. It can also minimise the amount of time spent on routine tasks, which in turn enables them to use their resources more strategically.
“Cybersecurity systems utilize ML technologies to analyse patterns and prevent similar attacks. With machine learning, cybersecurity teams will become more proactive in preventing threats and responding to active attacks in real-time. All in all, ML makes cybersecurity simpler, more effective, and less expensive. However, the future of cybersecurity is about man and machine – using both their strengths. Machines will perform heavy tasks like data aggregation, pattern recognition, and providing insights, while humans will make key decisions,” Steckler further said.