India's largest platform and marketplace for AI & Analytics leaders & professionals

Sign in

India's largest platform and marketplace for AI & Analytics leaders & professionals

3AI Digital Library

How cyber security can be enhanced by AI

3AI July 3, 2017

The worldwide cyber attack that began last Friday and goes by the name of “WannaCry” has highlighted the need for governments and businesses to strengthen their security infrastructure, in addition to calling attention to the need to mandate security updates and educate lawmakers about the intricacies of cyber security.

During the WannaCry attacks, hospitals had to turn away patients, and their ability to provide care was altered significantly. Even though the threat is widely acknowledged to be real by the information security community and anyone not living under a rock, and the stakes are higher than ever, most organizations and almost all healthcare providers are still using old-school cybersecurity technologies and retain their reactive security postures.

The WannaCry ransomware attack moved too quickly for security teams to respond, but a few organizations were able to spot the early indicators of the ransomware and contain it before the infection spread across their networks. While it wreaked havoc across the globe, there was nothing subtle about it. All of the signs of highly abnormal behavior on the networks were there, but the pace of the attack was far beyond the capacity of human teams contain it. The latest generation of AI technology enabled those few organizations to defend their networks at the first sign of threat.

Meanwhile, threats of similar – or perhaps worse – attacks have continued to surface. This was not the big one. This was a precursor of a far worse attack that will inevitably strike — and it is likely, unfortunately, that [the next] attack will not have a kill switch. This is an urgent call for action for all of us to get the fundamentals finally in place to enable us to withstand robustly this type of a crisis situation when the next one hits.

 Modern malware is now almost exclusively polymorphic and designed in such a way as to spread immediately upon intrusion into a network, infecting every sub-net and system it encounters in near real-time speed. Effective defense systems have to be able to respond to these threats in real time and take on an active reconnaissance posture to seek out these attacks during the infiltration phase. We now have defense systems that have applied artificial intelligence and advanced machine learning techniques and are able to detect and eradicate these new forms of malware before they become fully capable of executing a breach, but their adoption has not matched the early expectations.

As of today, the vast majority of businesses and institutions have not adopted nor installed these systems and they remain at high risk. The risk is exacerbated further by targets that are increasingly involved with life or death outcomes like hospitals and medical centers. All of the new forms of ransomware and extortionware will increasingly be aimed at high-leverage opportunities like insulin pumps, defibrillators, drug delivery systems and operating room robotics.

Network behavioral analytics that leverage artificial intelligence can stop malware like WannaCry and all of its strains before it can form into a breach. And new strains are coming. In fact, by the time this is published, it would not surprise me to see a similar attack in the headlines.

 

Aanlytics is Turning the Table on Security Threats

The more comprehensive, sensitive and greater volume of end user and customer data you store, the more tempting you are to someone wanting to do harm. That said, the same data attracting the threat can be used to thwart an attack. Analytics includes all events, activities, actions, and occurrences associated with a threat or attack:

  • User: authentication and access location, access date and time, user profiles, privileges, roles, travel and business itineraries, activity behaviors, normal working hours, typical data accessed, application usage
  • Device: type, software revision, security certificates, protocols
  • Network: locations, destinations, date and time, new and non-standard ports, code installation, log data, activity and bandwidth
  • Customer: customer database, credit/debit card numbers, purchase histories, authentication, addresses, personal data
  • Content: documents, files, email, application availability, intellectual property

The more log data you amass, the greater the opportunity to detect, diagnose and protect an organization from cyber-attacks by identifying anomalies within the data and correlating them to other events falling outside of expected behaviors, indicating a potential security breach. The challenge lies in analyzing large amounts of data to uncover unexpected patterns in a timely manner. That’s where analytics comes into play.

Leveraging Data Science & Analytics to Catch a Thief

Using data science, organizations can exercise real-time monitoring of network and user behaviors, identifying suspicious activity as it occurs. Organizations can model various network, user, application and service profiles to create intelligence-driven security measures capable of quickly identifying anomalies and correlating events indicating a threat or attack:

  • Traffic anomalies to, from or between data warehouses
  • Suspicious activity in high value or sensitive resources of your data network
  • Suspicious user behaviors such as varied access times, levels, location, information queries and destinations
  • Newly installed software or different protocols used to access sensitive information
  • Identify ports used to aggregate traffic for external offload of data
  • Unauthorized or dated devices accessing a network
  • Suspicious customer transactions

Analytics can be highly effective in identifying an attack not quite underway or recommending an action to counter an attack, thus minimizing or eliminating losses. Analytics makes use of large sets of data with timely analysis of disparate events to thwart both the smallest and largest scale attacks.

The Analytics Solution to Security Monitoring

If security monitoring is a data storage problem, then it requires a analytics solution capable of analyzing large amounts of data in real time. The natural place to look for that solution is within Apache Hadoop, and the ecosystem of dependent technologies. But although Hadoop does a good job performing analytics on large amounts of data, it was developed to provide batch analysis, not real-time streaming analytics required to detect security threats.

In contrast, the solution for real-time streaming analytics is Apache Storm, a free and open source real-time computation system. Storm functions similar to Hadoop, but was developed for real-time analytics. Storm is fast and scalable, supporting not only real-time analytics but machine learning as well, necessary to reduce the number of false positives found in security monitoring. Storm is commonly found in cloud solutions supporting antivirus programs, where large amounts of data is analyzed to identify threats, supporting quick data processing and anomaly detection.

The key is real-time analysis. Big data contains the activities and events signaling a potential threat, but it takes real-time analytics to make it an effective security tool, and the statistical analysis of data science tools to prevent security breaches.

When do you need to start? – Yesterday

Yesterday would have been a good time for companies and institutions to arm themselves against this pandemic. Tomorrow will be too late.

Related Posts

AIQRATIONS

    3AI Trending Articles

  • Future of HR redefined by AI

    Artificial intelligence is transforming our lives at home and at work. At home, you may be one of the 1.8 million people who use Amazon’s Alexa to control the lights, unlock your car, and receive the latest stock quotes for the companies in your portfolio. In total, Alexa is touted as having more than 3,000 skills […]

  • How Augmented Analytics is Transforming the Analytics Ecosystem

    Author:  Sidharth Sivasailam, Vice President – Products, Course5 Intelligence | LinkedIn – https://www.linkedin.com/in/sidharthsiva/ The world of Business Analytics is at an inflection point. Trillions of bytes of data are being generated every day; however, companies continue to struggle with harmonizing this data, analyzing the data of various shapes and sizes they are storing, determining what’s […]

  • Artificial Intelligence (AI) and Business Intelligence (BI) Revolutionize Legacy System Modernization: A Data-Driven Approach.

    Featured Article Author: Pankaj Zanke, Sapient Legacy systems, which many organizations rely on, often become technological burdens for the same organization. Built with old technologies, tools, and architecture, they need help keeping up with modern business’s latest technological needs. Scaling and integration issues and security issues also affect agility and innovation. However, how they are […]

  • How Data & Analytics can be leveraged in executive search? – A case study

    Featured Article: Author: Pavana B, CxSearch Global Partners In today’s fast paced business environment, hiring CXO’s and other senior leadership talent is one of the most critical and difficult decisions companies must make. Hiring a C-level executive has a significant impact on the company’s growth and vision, regardless of size. Due to the limited availability […]