Artificial Intelligence for Cybersecurity: Sharper Threat Intelligence, Faster Response
As today’s landscape of increasingly sophisticated cyber-attacks becomes murkier, organizations are moving cybersecurity and information practice closer to the front line of the business. With more instances of zero-day malware and highly complex cyber-attacks and breaches coming to the fore, traditional security approaches that focus on the concept of detection and response, and typically lack control and visibility, no longer suffice.
Organizations need to evolve to continuous visibility and verification to enable a security process of continual situational awareness and improvement. In order to achieve that, they need analytics to orient towards descriptive, diagnostic, predictive and prescriptive analytics (see Figure 1).
Figure 1: Analytics evolution for cybersecurity
Key next-gen cybersecurity capabilities required to tighten control
Understanding the changing cyber security threat landscape is as important as knowing what security events are happening or have taken place. By gathering contextual data from various existing sources, organizations will be able to derive a complete picture of their cybersecurity posture. . AI and ML driven user entity behaviour analysis can give further clarity through iterative models. This can help organizations make responsive decisions before they even know that decisions have to be made.
Besides leveraging machine learning, behavioural analysis (self-baselining), and a powerful adaptive risk model, organizations need some additional capabilities as below:
- Deterministic collective threat intelligence: Includes linear reputation based intelligence, and sophisticated deterministic intelligence scenarios.
- Intelligent rogue propagation discovery: Automatically discover, base-line and pivot off assets and rogue devices on the network.
- Adaptive risk model: Leverages the automatic baseline to adapt the risk model to enable dynamic organizations’ context.
- Predictive engine: Enables predictive analytical capability to perform threat and clandestine activity monitoring.
- Discovery: Helps build an asset profile of the systems, services and foot print that can be used for threat simulation.
- Situational awareness: Improves ability to achieve situational awareness.
- Predictive analysis: Helps forecast weaknesses in log coverage for threat determination.
- Accelerated advanced threat query and reporting: Includes specialized “accelerated” queries that provide lower time to perform investigation.
- Low and slow threats: Enables evaluation of low and slow clandestine activity for patterns.
- Field system discovery: Helps determine systems that exist in the field and how often they are used, to augment classification of field assets.
- Right sized threat: Customized for each individual LOB based on the unique business footprint. For instance, addressing threats to ERP, supply chain, etc.
Changing the economies of cybersecurity with an open source dynamic platform
The pace of cybersecurity change in modern times necessitates that organizations transition from a static prioritization/classification model to a dynamic one. In order to successfully implement such a model, the starting point is to ensure that the right data owner has the ownership of the data and that they understand how it can be classified in a dynamic way. This requires leveraging master data management principles and technologies such as the Internet of Things (IoT), Machine Learning and Artificial Intelligence to create an open source platform that supports multiple LOB workloads.
Such a platform would drive enriched threat intelligence feeds that can be integrated into the system to enable correlation of events with known bad actors. This would enhance threat research and analysis, as analysts working on the security monitoring team will gain access to collective threat intelligence feed and be able to conduct interactive research and analysis on current and emerging threats. While 100% protection is a myth, for organizations looking to bolster their cybersecurity posture, the focus must be to sharpen their capabilities around detection, remediation and response.