Threat detection and the evolution of AI-powered security solutions – Help Net Security

Ashvin Kamaraju is a true industry leader. As CTO and VP of Engineering, he drives the technology strategy for Thales Cloud Protection & Licensing, leading a researchers and technologists that develop the strategic vision for data protection products and services. In this interview, he discusses automation, artificial intelligence, machine learning and the challenges related to detecting evolving threats.

Discovering an unknown cyber-threat is like trying to find a needle in a haystack. With this enlarged target surface area and a growing number of active hackers, automation and specifically machine learning can be important in aiding this issue through its ability to provide CISOs with the insights they need.

Consequently, it enables an opportunity for CISOs to more effectively deploy their human analysts against potential cyber-attacks and data breaches. However, just because an organization has an automation/AI system in place, this doesnt mean its secure. Countering cyber-threats is a constant game of cat and mouse and hackers always want to get the maximum reward from the minimum effort, tweaking known attack methods as soon as these are detected by the AI. CTOs therefore need to make sure that the AI system is routinely exercised and fed new data and that the algorithms are trained to understand the new data.

The first thing to note is AI should not be confused with machine learning. What most people associate with AI is actually machine learning algorithms with no human level intelligence. AI is based on heuristics whereas machine learning requires a lot of data and algorithms that must be trained to learn the data and provide insights that will help to make decisions.

While the insights provided by AI/machine learning algorithms are very valuable, they are dependent on the data used. If the data has anomalies or is not representative of the entire scope of the problem domains, there will be bias in the insights. These must then be reviewed by an expert team in place to add technical and contextual awareness to the data. AI is here to stay, as data sets become more and more complex, but it will only be effective when added with human intelligence.

AI is beneficial to organizations if it can be used effectively, in addition to human intelligence, not in lieu of. Due to the rapid rise of the amount of data out there, and with the growing number of threat businesses now face, AI and machine learning will play an increasingly important role for those that embrace it.

However, it requires constant investment, not necessarily from a cost perspective, but from a time aspect, as it needs to be kept up-to-date with fresh data to adapt to the changing threat landscape. Organizations need to decide if they have the capabilities to use AI in the right way, or it can soon become an expensive mistake.

Cyber-attacks are getting harder to detect with the evolution of technology to more closely align with how business operates creating new issues. The adoption of mobile phones, tablets, and IoT devices as part of digital transformation strategies is increasing the threat landscape by opening companies up to connect with more people outside their organization.

As the attack surface area expands, and thousands more hackers get in on the action, IT experts are being forced to deal with protecting near-infinite amounts of data and multiple entry points where hackers can get in. Where hacking once took dedication and expertise, with zero-day attacks targeting mostly unknown vulnerabilities, anyone can launch a DDoS attack with hacking toolkits and thousands of tutorials freely available online.

So, to defend themselves going into the future, AI can play a key part. With a new, evolved role in cybersecurity, experts and researchers can leverage AI to identify and counteract sophisticated cyber-attacks with minimal human intervention in the first instance. However, AI will always need that human intelligence to provide the context of the data that it is evaluating and has flagged as potentially malicious.

Any new CISO walking into a large enterprise could be forgiven for potentially feeling daunted at the responsibility for protecting that companys assets. Several questions would spring to mind, from where to start to what to protect. Here are six simple steps to get them started:

1. Know the where and the what of your data Prior to implementing any long-term security strategy, CISOs must first conduct a data sweep. Auditing all data within the perimeter helps identify not only what it has collected, but where theyre holding their most sensitive data. Its impossible to protect data if they dont know where it is.

2. Securing sensitive data is the key Technology such as encryption will provide a key layer of defense for the data, rendering it useless even if its hackers access it. Whether its stored in their own servers, in a public cloud, or a hybrid environment security-minded tools like encryption must be implemented.

3. Protect the data encryption keys Encrypting data creates an encryption key a unique tool used to unlock the data, making it only accessible to those who have access to the key. Safe storage of these keys is crucial and needs to be done offsite to ensure they arent located in the same place as the data, putting both at risk.

4. Forget single-factor authentication The next step is to employ strong multi-factor authentication, ensuring authorized parties can access only the data they need. Two-factor authentication requires an extra layer of information to verify the users password, such as entering a specific code they receive through their smartphone. Since passwords can be hacked easily, two-factor authentication is necessary for a successful security strategy. Multi-factor authentication takes this a step further by requiring additional context such as a device ID, location or IP address.

5. Up-to-date software Vendors are constantly patching their software and hardware to prevent cyber criminals from exploiting bugs and other vulnerabilities that emerge. For many companies, they have relied on software that isnt regularly patched or simply hasnt updated new patches soon enough. Companies must install the most recent patches or risk becoming a victim of hackers.

6. Evaluate and go again After implementing the above, the process must be repeated for all new data that comes into the system. GDPR-led compliance is a continual process and applies to future data as much as it does to what is just entering the system and what is already there. Making a database unattractive to hackers is central to a good cybersecurity strategy. Done correctly, these processes will make data relevant only to those allowed to access it.

Follow this link:
Threat detection and the evolution of AI-powered security solutions - Help Net Security