With malware using AI for attacks, having AI and ML-based cybersecurity is no more just “nice to have,” but a necessary requirement
An AI-based malware that is gaining big attention is DeepLocker. This malware is developed by IBM to demonstrate how AI can be used to launch attacks on systems. It uses indicators like facial recognition, geo-location, and voice recognition to attack. As there can be many more such malware made by cyber criminals, large and small organizations are hugely investing in building AI systems. The advantage of using Artificial intelligence in cybersecurity is that it can identify possible threats, take precautions and issue immediate actions to resolve.
According to the report “Knowledge Gaps: AI and Machine Learning in Cybersecurity” that was released by Webroot this week, 72% of businesses that were studied in America and Japan, use and agree that AI and machine learning is a necessary part of their weapons for fighting cybersecurity risks.
The report also found that the primary reason businesses are turning to AI is because cybercriminals using this technology. 86% of companies believe that cybercriminals are using AI & ML to attack organizations. The solution to the attacks is also in AI, where it can analyze the malware, study its intensity and direction, and pre-empt an attack much before it reaches the app or platform.
Of all the companies studied that used AI, it was found that over half of the companies were not sure on how exactly the technology worked but was using it as they believed it was saving them. While 36% of studied organizations experienced a cyber-attack that caused damage in 2018, this apparently did not lead to any loss of faith in AI for security.
Some of the AI & ML tools used in cybersecurity include:
Targeted attack analytics (TAA) by Symantec
This tool is used to uncover silent and targeted attacks. The TAA tool was used by Symantec to counter the Dragonfly 2.0 attack in 2018. This attack had targeted energy companies and tried to gain access to their operational networks. TAA identifies suspicious activity in individual endpoints and then collates that information to determine whether any of its action indicates malicious activity.
Sophos’ Intercept X tool
Intercept X uses a deep learning neural network similar to a human brain. Before a file executes, the Intercept X conducts deep analysis in 20 milliseconds and determines if the file is benign or malicious. The Intercept X has been tested on third parties such as NSS labs and received high-scores.
Darktrace Antigena by Darktrace
Darktrace Antigena actually an active self-defense product. Antigena identifies suspicious activity and responds to them in real-time. With the help of underlying ML, Darktrace Antigena identifies and protects against unknown threats as they develop. Since it operates without human intervention, organizations can respond to threats quickly, without disrupting the normal pattern of business activity.
QRadar Advisor by IBM
IBM’s QRadar can detect suspicious behavior through integration with the User Behavior Analytics (UBA) App. It identifies the threat by applying cognitive reasoning. It connects threat entities such as malicious files, suspicious IP addresses, and rogue entities related to the incidents, and draws relationships.
Cognito by Vectra
Vectra’s Cognito platform uses AI to detect attackers in real time. It uses behavioral detection algorithms to collect metadata, logs and cloud events in the network and analyzes these behaviors. The platform then stores them to reveal hidden attackers in workloads and IoT devices.
AI systems are also made not just to learn new and different patterns, but also identify unique deviations to security analysts. Considering the pace at which AI is growing and being adopted, there is a very high likelihood that it will soon redefine the way we perceive and understand cybersecurity.