India's largest platform and marketplace for AI & Analytics leaders & professionals

Sign in

India's largest platform and marketplace for AI & Analytics leaders & professionals

3AI Digital Library

How cyber security can be enhanced by AI

3AI July 3, 2017

The worldwide cyber attack that began last Friday and goes by the name of “WannaCry” has highlighted the need for governments and businesses to strengthen their security infrastructure, in addition to calling attention to the need to mandate security updates and educate lawmakers about the intricacies of cyber security.

During the WannaCry attacks, hospitals had to turn away patients, and their ability to provide care was altered significantly. Even though the threat is widely acknowledged to be real by the information security community and anyone not living under a rock, and the stakes are higher than ever, most organizations and almost all healthcare providers are still using old-school cybersecurity technologies and retain their reactive security postures.

The WannaCry ransomware attack moved too quickly for security teams to respond, but a few organizations were able to spot the early indicators of the ransomware and contain it before the infection spread across their networks. While it wreaked havoc across the globe, there was nothing subtle about it. All of the signs of highly abnormal behavior on the networks were there, but the pace of the attack was far beyond the capacity of human teams contain it. The latest generation of AI technology enabled those few organizations to defend their networks at the first sign of threat.

Meanwhile, threats of similar – or perhaps worse – attacks have continued to surface. This was not the big one. This was a precursor of a far worse attack that will inevitably strike — and it is likely, unfortunately, that [the next] attack will not have a kill switch. This is an urgent call for action for all of us to get the fundamentals finally in place to enable us to withstand robustly this type of a crisis situation when the next one hits.

 Modern malware is now almost exclusively polymorphic and designed in such a way as to spread immediately upon intrusion into a network, infecting every sub-net and system it encounters in near real-time speed. Effective defense systems have to be able to respond to these threats in real time and take on an active reconnaissance posture to seek out these attacks during the infiltration phase. We now have defense systems that have applied artificial intelligence and advanced machine learning techniques and are able to detect and eradicate these new forms of malware before they become fully capable of executing a breach, but their adoption has not matched the early expectations.

As of today, the vast majority of businesses and institutions have not adopted nor installed these systems and they remain at high risk. The risk is exacerbated further by targets that are increasingly involved with life or death outcomes like hospitals and medical centers. All of the new forms of ransomware and extortionware will increasingly be aimed at high-leverage opportunities like insulin pumps, defibrillators, drug delivery systems and operating room robotics.

Network behavioral analytics that leverage artificial intelligence can stop malware like WannaCry and all of its strains before it can form into a breach. And new strains are coming. In fact, by the time this is published, it would not surprise me to see a similar attack in the headlines.

 

Aanlytics is Turning the Table on Security Threats

The more comprehensive, sensitive and greater volume of end user and customer data you store, the more tempting you are to someone wanting to do harm. That said, the same data attracting the threat can be used to thwart an attack. Analytics includes all events, activities, actions, and occurrences associated with a threat or attack:

  • User: authentication and access location, access date and time, user profiles, privileges, roles, travel and business itineraries, activity behaviors, normal working hours, typical data accessed, application usage
  • Device: type, software revision, security certificates, protocols
  • Network: locations, destinations, date and time, new and non-standard ports, code installation, log data, activity and bandwidth
  • Customer: customer database, credit/debit card numbers, purchase histories, authentication, addresses, personal data
  • Content: documents, files, email, application availability, intellectual property

The more log data you amass, the greater the opportunity to detect, diagnose and protect an organization from cyber-attacks by identifying anomalies within the data and correlating them to other events falling outside of expected behaviors, indicating a potential security breach. The challenge lies in analyzing large amounts of data to uncover unexpected patterns in a timely manner. That’s where analytics comes into play.

Leveraging Data Science & Analytics to Catch a Thief

Using data science, organizations can exercise real-time monitoring of network and user behaviors, identifying suspicious activity as it occurs. Organizations can model various network, user, application and service profiles to create intelligence-driven security measures capable of quickly identifying anomalies and correlating events indicating a threat or attack:

  • Traffic anomalies to, from or between data warehouses
  • Suspicious activity in high value or sensitive resources of your data network
  • Suspicious user behaviors such as varied access times, levels, location, information queries and destinations
  • Newly installed software or different protocols used to access sensitive information
  • Identify ports used to aggregate traffic for external offload of data
  • Unauthorized or dated devices accessing a network
  • Suspicious customer transactions

Analytics can be highly effective in identifying an attack not quite underway or recommending an action to counter an attack, thus minimizing or eliminating losses. Analytics makes use of large sets of data with timely analysis of disparate events to thwart both the smallest and largest scale attacks.

The Analytics Solution to Security Monitoring

If security monitoring is a data storage problem, then it requires a analytics solution capable of analyzing large amounts of data in real time. The natural place to look for that solution is within Apache Hadoop, and the ecosystem of dependent technologies. But although Hadoop does a good job performing analytics on large amounts of data, it was developed to provide batch analysis, not real-time streaming analytics required to detect security threats.

In contrast, the solution for real-time streaming analytics is Apache Storm, a free and open source real-time computation system. Storm functions similar to Hadoop, but was developed for real-time analytics. Storm is fast and scalable, supporting not only real-time analytics but machine learning as well, necessary to reduce the number of false positives found in security monitoring. Storm is commonly found in cloud solutions supporting antivirus programs, where large amounts of data is analyzed to identify threats, supporting quick data processing and anomaly detection.

The key is real-time analysis. Big data contains the activities and events signaling a potential threat, but it takes real-time analytics to make it an effective security tool, and the statistical analysis of data science tools to prevent security breaches.

When do you need to start? – Yesterday

Yesterday would have been a good time for companies and institutions to arm themselves against this pandemic. Tomorrow will be too late.

Related Posts

AIQRATIONS

    3AI Trending Articles

  • AI revolution in SMB-Challenges and Way Forward

    Featured Article: Author: Raj Sadasivam, Jana Analysis As most of us would agree, we are on the cusp of the third major revolution in the history of mankind. The invention of letter press in the 15th century by Gutenberg was the first and the internet revolution in the 1990s being the second. Now the world […]

  • How AI is supercharging Metaverse

    Featured Article: Author: Dr. Anish Agarwal, Global Head of Analytics, Dr. Reddy’s Laboratories The Metaverse is one of the most significant rising technologies right now. Some will say you have to travel in time to know about it. But the metaverse has given a huge platform to people to hypothetically get into the imaginary world. […]

  • Reimagine and Redefine the Enterprise of the Future with Generative AI Technologies

    Featured Article: Author: Jayachandran Ramachandran, Senior Vice President – Artificial Intelligence Labs Course5 Intelligence There are multiple inflection points in the history of the computation industry since the invention of computers in 1945. Some of the seminal moments are the advent of mainframe technology, personal computing, graphical user interface, Internet, mobile tech, cloud tech, artificial […]

  • How Artificial Intelligence technology is transforming Retail

    Featured Article: Author: Joginder Chhabra, DS Group Retailing Industry worldwide including India is going significant transformation with increased focus on e commerce and hybrid retail business models since last decade. The new age retailers are increasingly strategizing to engage shoppers directly due to which the traditional business models adopted by retailers are under significant pressure. […]