CIS608 - Week5 - Enhancing Cyber Security with Artificial Intelligence
Cyber attackers are using more and more sophisticated technologies and automated tools to launch their attacks on the targets. As soon as they find a vulnerability in network, application, or simply anywhere, within minutes to hours, they intrude, compromise and steal the data.
With this scenario, responding to attacks and time to remediation is essential for the organizations. This kind of quick response may not be possible with traditional methods. It may take several days for the IT/Security teams to collate the data, analyze traffic trends and to establish the type of data breach context. According to a research conducted in IT industry, suggests it take 146 days for them to react to any Cybersecurity threats.
For this reason, to address this time-critical challenge, IT industry is exploring Artificial Intelligence option. Using AI may be the best bet for organizations, especially for the companies deal with consumer data to protect their networks from Cyber attacks. AI and machine learning would drastically improve an organization’s detection and response capabilities. Leveraging algorithms that iteratively learn from data, helps to uncover threats without much intervention from human resources need to know “what to look for”. AI can tackle three specific use cases that are currently handled by IT security teams.
1. Identification of Threats
In the past, for the organizations, all they have to do is protecting the network and its endpoints.
Now the attack surface is expanded significantly in every organization, because of multiple applications, servers, cloud services and mobile applications and its devices, Bluetooth connectivities.
With the expanded attack surface adds to the existing problem of how to manage the volume, velocity, and complexity of data generated by these tools in an organization.
The data feeds from these disconnected devices should be gathered and analyzed, normalized, and remediation efforts prioritized. With the more tools, the more difficult the challenge.
Traditionally, this approach required legions of staff to comb through the huge amount of data to connect the dots and find latent threats. To do all these activities, it takes months, this may leave attackers more time to exploit the vulnerabilities and extract data.
Having said this, with the combination of AI and machine learning with few manual touch points can aggregate of data across different data feeds can quickly establish security threat contexts.
2. Risk Assessment
After having a security context is established, this has to be correlated with business criticality to determine the real risk to the organization. Machine learning and AI play a big role in driving the appropriate response to individual risks.
3. Remediation
With little Human-interaction, machine learning and AI systems can do internal security data analysis and correlate it with external threat data to point analysts to the lowest details of the issue.
Then based manual interaction can provide feedback to the system by tagging the most relevant threats. Over time, the system learns it from the manual inputs and adapts its monitoring and analysis based on human inputs, optimizing the likelihood of finding real cyber threats and minimizing false positives.
While machine learning and AI do the data assessment helps the security teams to focus on more advanced investigations of threats, instead of doing laborious data analysis.
This meeting of the minds, whereby AI is applied using a human-interactive approach holds a lot of promise for fighting, detecting, and responding to cyber risks.
With this scenario, responding to attacks and time to remediation is essential for the organizations. This kind of quick response may not be possible with traditional methods. It may take several days for the IT/Security teams to collate the data, analyze traffic trends and to establish the type of data breach context. According to a research conducted in IT industry, suggests it take 146 days for them to react to any Cybersecurity threats.
For this reason, to address this time-critical challenge, IT industry is exploring Artificial Intelligence option. Using AI may be the best bet for organizations, especially for the companies deal with consumer data to protect their networks from Cyber attacks. AI and machine learning would drastically improve an organization’s detection and response capabilities. Leveraging algorithms that iteratively learn from data, helps to uncover threats without much intervention from human resources need to know “what to look for”. AI can tackle three specific use cases that are currently handled by IT security teams.
1. Identification of Threats
In the past, for the organizations, all they have to do is protecting the network and its endpoints.
Now the attack surface is expanded significantly in every organization, because of multiple applications, servers, cloud services and mobile applications and its devices, Bluetooth connectivities.
With the expanded attack surface adds to the existing problem of how to manage the volume, velocity, and complexity of data generated by these tools in an organization.
The data feeds from these disconnected devices should be gathered and analyzed, normalized, and remediation efforts prioritized. With the more tools, the more difficult the challenge.
Traditionally, this approach required legions of staff to comb through the huge amount of data to connect the dots and find latent threats. To do all these activities, it takes months, this may leave attackers more time to exploit the vulnerabilities and extract data.
Having said this, with the combination of AI and machine learning with few manual touch points can aggregate of data across different data feeds can quickly establish security threat contexts.
2. Risk Assessment
After having a security context is established, this has to be correlated with business criticality to determine the real risk to the organization. Machine learning and AI play a big role in driving the appropriate response to individual risks.
3. Remediation
With little Human-interaction, machine learning and AI systems can do internal security data analysis and correlate it with external threat data to point analysts to the lowest details of the issue.
Then based manual interaction can provide feedback to the system by tagging the most relevant threats. Over time, the system learns it from the manual inputs and adapts its monitoring and analysis based on human inputs, optimizing the likelihood of finding real cyber threats and minimizing false positives.
While machine learning and AI do the data assessment helps the security teams to focus on more advanced investigations of threats, instead of doing laborious data analysis.
This meeting of the minds, whereby AI is applied using a human-interactive approach holds a lot of promise for fighting, detecting, and responding to cyber risks.
Reference:
George, Torsten.(01/11/2017). The Role of Artificial Intelligence in Cyber Security URL: https://www.securityweek.com/role-artificial-intelligence-cyber-security
Comments
Post a Comment