AI for Cyber Security
What this technology revolution may mean for you
A Brief Introduction, What is AI?
The term ‘Artificial Intelligence (AI)’ was coined in 1950, but since then it has grown in unimaginable ways.
AI can be defined as “an area of computer science that emphasizes the creation of intelligent machines that work and react like humans.”
In recent years it has found its way into many aspects of our lives including education, healthcare, and manufacturing. We use AI assistants such as Siri, Alexa, Google Assistant, and Cortana every day. They can recognize patterns, use the past to predict the future, and alert us when something unusual is happening.
Applications in Cyber Security
Artificial Intelligence also has much potential in the area of cyber security.
For commercial use, it’s being applied to remove ‘white-noise’ and filter out unwanted data in an attempt to make real threats more obvious. It can be helpful in implementing decoys to trap attackers and making it easier to identify who’s attempting to access your systems.
In our personal lives, its used for things like biometrics in 2-factor authentication, protecting our Internet-Of-Things(IOT) devices, and notifying us when unusual activity is occurring in our bank or credit card accounts.
The main focuses of applied AI are deception, detection, prediction, remediation, accessibility, and even adversarial AI.
In this blog series, we will explore the different applications of AI in cyber security, examining both the good and the bad of this technology. To get us started, this article will provide a brief introduction to each of these topic areas.
Detection, Prevention, & Remediation
Artificial Intelligence and Machine Learning can be used in the process of cyber Threat Detection and Response(TDR). In fact, over the past several years this has been the primary form of AI in cyber security. Certain AI algorithms are very good at recognizing when events are not matching expected results and can even assist in taking action to repair them.
It’s ability to detect threats as they are happening means it could potentially prevent attackers from gaining complete access to the system. Two common examples of this are detecting spam e-mails and combating malware through identification and blocking of attacks.
These are two examples of AI noticing when things have gone wrong, and attempting to prevent incidents before they happen. Certain implementations can be used to analyze user’s password habits and detect when bad passwords are being created, a method for preventing attacks before targeting has even occurred.
Simplification, Automation, & Accessibility
Another way AI has impacted the world of cyber security is its ability to simplify tasks that used to be done by hand.
A few such uses for automation are:
- The automation of updates to ensure they happen at the right time, complete successfully, and make intelligent corrections for any errors that occur.
- Automated collection and analysis of data to provide additional information and context to support investigations.
- Application of playbooks that respond to threats correlating data, executing tasks, and initiating response actions helping remediate potential issues in real time
One of the largest benefits of machine automation is consistency. AI can dramatically increase the consistency with which we investigate and respond to potential threats. This inherently reduces organizational risk by reducing the potential for human error & mistakes.
A newer and less well known application of AI geared toward simplification and accessibility is in the world of Natural Language Processing (NLP), which is the processing of human speech or text in a natural language, e.g. English, to remove complexity. This form of AI could help differently-abled people who have accessibility issues with their vision, hearing, or speech.
All of these are examples of ways in which the introduction of AI and Machine Learning have helped the cyber security workforce to become faster, smarter, and more efficient about their work.
Adversarial (Malicious) AI
AI technology is extremely powerful, but it’s important to keep in mind that if we have access to it, so do the attackers.
Black hat hackers can use AI to make their work faster and smarter too. Even companies with huge cyber security efforts can be bested by AI trained to target its weaknesses. Malicious AI can be a variety of different things from automated attacks that are designed to run and adapt without human interaction, to those which use false data to mislead other Machine Learning algorithms into making incorrect conclusions.
This AI, like that used for more benevolent purposes, is still in it’s developing stages, but it’s dangerous potential could change the way we view cyber security. It is very important that we learn how to leverage and adapt the tools we use to detect, prevent, and respond to attacks like these in the future.
These forms of applied AI, specifically when combined with enhancements in low cost computing power, have enabled significant progress since the introduction of AI in the 1950’s. Despite the progress we’ve made, there is no doubt that there is still plenty of work to be done as we move into the next decade and beyond.
Please stay tuned for the follow up articles as we dive further into AI and its impact on cyber security.
Thanks for reading!
If you like this content or have suggestions for other topics you’d like us to cover please let us know in the comments section below, we’d love to hear from you.