The new IQ test: Technologists assess the potential of artificial intelligence – SC Magazine

AI may still seem like a far-flung concept, but in cybersecurity its already a reality.

Rather than focus on attack signatures, these AI solutions look for anomalous network behavior, flagging when a machine goes rogue or if user activity or traffic patterns appear unusual. A really simple example is someone with high privilege who attempts to get onto a system at a time of day or night that they never normally log in and potentially from a geolocation or a machine that they don't log in from, said Kelley.

Another example would be a really rapid transfer of a lot of data, especially if that data consists of the corporate crown jewels.

Such red-flags allow admins to quickly catch high-priority malware infections and network compromises before they can cause irreparable damage.

IBM calls this kind of machine learning cognitive with a little c' which the company was already practicing prior to Watson. Despite its diminutive designation, little c can have some big benefits for one's network.

A network really in its simplest form, is a data set, one that changes with every millisecond, said Justin Fier, director of cyber intelligence and analysis at U.K.-based cybersecurity company Darktrace, whose network threat detection solution was created by mathematicians and machine-learning specialists from the University of Cambridge. With machine learning, we can analyze that data in a more efficient way.

We're not looking for malicious behavior, we're looking for anomalous behavior, Fier continued, in an interview with SC Media. And that can sometimes turn into malicious behavior and intent, or it can turn into configuration errors or it could just be vulnerable protocols. But we're looking for the things that just stand out.

An advantage of these kinds of AI solutions is that they often run on unsupervised learning models meaning they do not need to be fed scores of data in advance to help its algorithms define what constitutes a true threat. Rather, they tend to self-learn through observation, making note of which machines are defying typical patterns a process that Fier said is the AI determining its own sense of self on the network.

While Fier said that basic compliance failures are the most commonly detected issue, he recalled one particular client that used biometric fingerprint scanners for security access, only to discover through anomaly detection that one of these devices had been connected to the Internet and subsequently breached.

To cover up his activity, the perpetrator modified and deleted various log files, but this unusual behavior was discovered as well. The solution even found irregularities in the network server that suggested the culprit moved fingerprint data from the biometric device to a company database, perhaps to establish an alibi. My belief is that somebody on the inside was probably getting get help from somebody on the outside, said Fier, noting that it was a significant find because insider threats are one of the hardest things to catch.

Another client, Catholic Charities of Santa Clara County, an affiliate of CatholicCharities USA that helps 54,000 local clients per year, used anomaly detection to thwart an attempted ransomware attack only weeks after commencing a test of the technology. The solution immediately flagged the event, after a receptionist opened a malicious email with a fake invoice attachment. I was able to respond right away, and disconnected the targeted device to prevent any further encryption or financial cost, saidWill Bailey, director of IT at the social services organization.

Little c's benefits extend beyond the network as well. Kelley cited the advent of application scanning tools that seek out problematic lines of code in websites and mobile software that could result in exploitation. And Fier noted a current Darktrace endeavor called Project Turing, whereby researchers are using AI to model how security analysts and investigators work in order to make their jobs more efficient.

More here:

The new IQ test: Technologists assess the potential of artificial intelligence - SC Magazine