India's largest platform for AI & Analytics leaders & professionals

Sign in

India's largest platform for AI & Analytics leaders & professionals
Become a Thought Leader
Become a 3AI Member

Sign in

3AI Digital Library

< Go Back

How cyber security can be enhanced by AI

3AI July 3, 2017

The worldwide cyber attack that began last Friday and goes by the name of “WannaCry” has highlighted the need for governments and businesses to strengthen their security infrastructure, in addition to calling attention to the need to mandate security updates and educate lawmakers about the intricacies of cyber security.

During the WannaCry attacks, hospitals had to turn away patients, and their ability to provide care was altered significantly. Even though the threat is widely acknowledged to be real by the information security community and anyone not living under a rock, and the stakes are higher than ever, most organizations and almost all healthcare providers are still using old-school cybersecurity technologies and retain their reactive security postures.

The WannaCry ransomware attack moved too quickly for security teams to respond, but a few organizations were able to spot the early indicators of the ransomware and contain it before the infection spread across their networks. While it wreaked havoc across the globe, there was nothing subtle about it. All of the signs of highly abnormal behavior on the networks were there, but the pace of the attack was far beyond the capacity of human teams contain it. The latest generation of AI technology enabled those few organizations to defend their networks at the first sign of threat.

Meanwhile, threats of similar – or perhaps worse – attacks have continued to surface. This was not the big one. This was a precursor of a far worse attack that will inevitably strike — and it is likely, unfortunately, that [the next] attack will not have a kill switch. This is an urgent call for action for all of us to get the fundamentals finally in place to enable us to withstand robustly this type of a crisis situation when the next one hits.

 Modern malware is now almost exclusively polymorphic and designed in such a way as to spread immediately upon intrusion into a network, infecting every sub-net and system it encounters in near real-time speed. Effective defense systems have to be able to respond to these threats in real time and take on an active reconnaissance posture to seek out these attacks during the infiltration phase. We now have defense systems that have applied artificial intelligence and advanced machine learning techniques and are able to detect and eradicate these new forms of malware before they become fully capable of executing a breach, but their adoption has not matched the early expectations.

As of today, the vast majority of businesses and institutions have not adopted nor installed these systems and they remain at high risk. The risk is exacerbated further by targets that are increasingly involved with life or death outcomes like hospitals and medical centers. All of the new forms of ransomware and extortionware will increasingly be aimed at high-leverage opportunities like insulin pumps, defibrillators, drug delivery systems and operating room robotics.

Network behavioral analytics that leverage artificial intelligence can stop malware like WannaCry and all of its strains before it can form into a breach. And new strains are coming. In fact, by the time this is published, it would not surprise me to see a similar attack in the headlines.

 

Aanlytics is Turning the Table on Security Threats

The more comprehensive, sensitive and greater volume of end user and customer data you store, the more tempting you are to someone wanting to do harm. That said, the same data attracting the threat can be used to thwart an attack. Analytics includes all events, activities, actions, and occurrences associated with a threat or attack:

  • User: authentication and access location, access date and time, user profiles, privileges, roles, travel and business itineraries, activity behaviors, normal working hours, typical data accessed, application usage
  • Device: type, software revision, security certificates, protocols
  • Network: locations, destinations, date and time, new and non-standard ports, code installation, log data, activity and bandwidth
  • Customer: customer database, credit/debit card numbers, purchase histories, authentication, addresses, personal data
  • Content: documents, files, email, application availability, intellectual property

The more log data you amass, the greater the opportunity to detect, diagnose and protect an organization from cyber-attacks by identifying anomalies within the data and correlating them to other events falling outside of expected behaviors, indicating a potential security breach. The challenge lies in analyzing large amounts of data to uncover unexpected patterns in a timely manner. That’s where analytics comes into play.

Leveraging Data Science & Analytics to Catch a Thief

Using data science, organizations can exercise real-time monitoring of network and user behaviors, identifying suspicious activity as it occurs. Organizations can model various network, user, application and service profiles to create intelligence-driven security measures capable of quickly identifying anomalies and correlating events indicating a threat or attack:

  • Traffic anomalies to, from or between data warehouses
  • Suspicious activity in high value or sensitive resources of your data network
  • Suspicious user behaviors such as varied access times, levels, location, information queries and destinations
  • Newly installed software or different protocols used to access sensitive information
  • Identify ports used to aggregate traffic for external offload of data
  • Unauthorized or dated devices accessing a network
  • Suspicious customer transactions

Analytics can be highly effective in identifying an attack not quite underway or recommending an action to counter an attack, thus minimizing or eliminating losses. Analytics makes use of large sets of data with timely analysis of disparate events to thwart both the smallest and largest scale attacks.

The Analytics Solution to Security Monitoring

If security monitoring is a data storage problem, then it requires a analytics solution capable of analyzing large amounts of data in real time. The natural place to look for that solution is within Apache Hadoop, and the ecosystem of dependent technologies. But although Hadoop does a good job performing analytics on large amounts of data, it was developed to provide batch analysis, not real-time streaming analytics required to detect security threats.

In contrast, the solution for real-time streaming analytics is Apache Storm, a free and open source real-time computation system. Storm functions similar to Hadoop, but was developed for real-time analytics. Storm is fast and scalable, supporting not only real-time analytics but machine learning as well, necessary to reduce the number of false positives found in security monitoring. Storm is commonly found in cloud solutions supporting antivirus programs, where large amounts of data is analyzed to identify threats, supporting quick data processing and anomaly detection.

The key is real-time analysis. Big data contains the activities and events signaling a potential threat, but it takes real-time analytics to make it an effective security tool, and the statistical analysis of data science tools to prevent security breaches.

When do you need to start? – Yesterday

Yesterday would have been a good time for companies and institutions to arm themselves against this pandemic. Tomorrow will be too late.

Related Posts

AIQRATIONS

    3AI Trending Articles

  • Left Shift Decisioning – a Paradigm Shift and a Key Differentiator for Banks in Recessionary Environment

    Featured Article: Author: Aditya Khandekar, President, Corridor Platforms India Left Shift – A software development concept The core concept of left shifting started from testing, where we shift the testing phase to earlier phases in the software life cycle. The goal is to test early, fix bugs close to source of issue and prevent backloading […]

  • IoT devices at risk from Amnesia:33

    A new series of vulnerabilities dubbed Amnesia:33 puts millions of IoT devices at risk of being compromised. Security researchers from Forescout disclosed the 33 vulnerabilities today. The flaws are found in four open-source TCP/IP libraries used in the firmware of products from over 150 vendors. According to the researchers’ estimates, millions of consumer and enterprise […]

  • A hacker broke into a Florida Water Treatment Plant

    A hacker broke into a Florida water treatment plant and ordered it to increase the amount of lye to extremely dangerous levels, officials said. . A hacker broke into a Florida water treatment plant and ordered it to increase the amount of lye in the water to extremely dangerous levels, officials said Monday. The plant […]

  • Automated Quality Excellence Framework for Data Science Modelling

    Featured Article: Author: Abhishek Sengupta, Walmart Global Tech India Introduction:  A necessary but often tedious task data scientists must perform as part of any project is quality assurance (QA) of their modules so as to prevent any unforeseen incidents during deployment. While Quality Assurance and Excellence is quite prevalent in Data Engineering, QE in Data […]