Previous articles in this series provided a definition of Artificial Intelligence (AI) and a general overview of its use in Cybersecurity and described various types and subspecialties of AI systems and their respective functions.
Applications of Artificial Intelligence In Cybersecurity
Artificial Intelligence can be used in Cybersecurity in many ways, some of which have yet to be discovered. Just as other technologies are constantly and dynamically changing, so too is this field. AI has just started to make its debut for security applications, and there is a long way to go yet until it is fully adopted and deployed. AI is being used to solve some key problems in Cybersecurity. For example:
- Problem: Many Cyberattacks go unnoticed today. There are two primary reasons for this:
- IT Security teams are so overworked that they, through no fault of their own, let the real threat warnings and alerts fall through the cracks.
- Cyberattackers are becoming so sophisticated that many of the threat vectors they launch often evade detection by the security tools that have been deployed at the lines of defense.
Solution: Through the use of AI tools, many of these attacks are now detected, and by establishing a threshold of interoperability with other devices (such as Network Intrusion Devices, Firewalls, Routers, etc.) these kinds of threat vectors are now stopped in their tracks even before they gain entry into the IT and Network Infrastructure of an organization.
- Problem: The extreme shortage of skilled workers in the Cybersecurity industry poses a huge disadvantage to organizations and their IT security teams.
Solution: Artificial Intelligence can automate these kinds of job functions, allowing the IT Security team to focus in on more crucial areas of their job functions. Another added benefit is that depending upon the AI tool being used, many of today’s AI systems do not require any sort of human intervention. Once the systems have been programmed to handle certain kinds of tasks, they reliably deliver a high-quality, robust product. The graphic below clearly demonstrates how the use of AI can help augment an IT Security staff, based upon the number of labor hours that can be saved by automating specific tasks.
- Problem: Creating a bullet-proof Multi-Factor Authentication system. One of the hottest topics in Cybersecurity is Multi Factor Authentication, or “MFA” for short. With MFA, more than one layer of defense is used to protect IT and network assets. For example, rather than just a using a single password to gain access to shared resources, an individual must go through additional authentication steps to positively confirm their identity. This might include using Challenge/Response Questions, RSA tokens, Smart Cards, biometrics, etc. While MFA is very effective, there is still the fear that a Cyberattacker can break through any of them.
Solution: Serious consideration being given to using AI as an extra layer of authentication. AI can build a profile of the end user and allow for authentication based upon that person’s predictive behavior. In other words, AI can make a holistic judgement, based upon an infinite number of variables—in real time—to authenticate the end user’s identity.
- Problem: One of the oldest and still most widely used form of threat vectors that is used is that of Phishing. Many new variants are coming out today, especially Business Email Compromise (also known as “BEC”) and Ransomware. There are so many rampant Phishing scams today that it is nearly impossible for an IT Security staff to keep up with them. For example, it has been cited that 1 out of every 99 Email messages is Phishing-based. While that may not seem like a lot, consider the total number of messages that are sent in one day from just one business. This ratio can multiply at least 100X.
Solution: An AI tool can track these notorious Emails much faster than any human being can, at a rate of 10,000 messages at any given moment. Another advantage of using AI is that there are no geographic limitations in which it can detect Phishing Emails; it can virtually understand any language once is programmed to do so. And it can differentiate between a spoofed website and an authentic one in a matter of seconds. (Source 2)
Local vs. enterprise-level deployment of AI
At the present time, AI is being used to bolster the protection of certain aspects of the IT and Network Infrastructure, from both a hardware and software application standpoint. In other words, it is only being used in local instances, not at an enterprise (company-wide) level. Given the rapid advancement of AI technology, it is highly anticipated that protection at the enterprise level will become a reality in the very near future.
Next up: The next article in this series will explain how the unique functionalities of an Artificial Intelligence system make it very different from other Cybersecurity tools.
Ravi Das is a Cybersecurity Consultant and Business Development Specialist. He also does Cybersecurity Consulting through his private practice, RaviDas Tech, Inc. He is also studying for his Certificate In Cybersecurity through the ISC2.