Artificial Intelligence in Cybersecurity: The Double-edged Sword

Artificial Intelligence (AI) has and is permeating all facets of our daily lives – whether we realize it or not – autonomous vehicles, robots at Denny’s/ Domino’s and alike.? Similarly, AI has and will continue to have a direct and indirect impact on cybersecurity. As businesses, governments and government services continue to digitalize their operations and service delivery, they become more susceptible to cyber threats, with these threats/attacks themselves becoming more sophisticated. As such, cybersecurity solutions are leveraging AI to help mitigate these growing cyber risks.

Some of the ways AI assist in cybersecurity measures and countermeasures include:

Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR):? AI-powered EDRs/XDRs installed on endpoints, including laptops, smart phones, servers and more, have moved away from traditional signature based detections, to behavioural, machine learning and Threat Intelligence models, all leveraging AI. This is the only way to identify and detect zero-day and nation state attacks where the traditional signature base detections are ineffective.

Email Security: Natural Language Processing (NLP)-enabled AI models, are able to examine incoming emails, evaluate their content and intent and flag dubious messages before they ever get into a user's inbox.

Network Detection and Response (NDR) Solutions: AI systems also track and analyze user behaviour and network traffic across an organization’s network, establishing a baseline of "normal" activity.

Next Gen Firewalls:? Firewalls with AI capabilities can identify unknown, previously undiscovered attacks by examining user behaviour and traffic patterns, which increases their ability to adapt to complex intrusion techniques and zero-day threats.

Is All AI Good?

While AI has enabled blue teamers (defenders) to identify, detect and respond to threats, it is not yet a perfect science and definitely not the silver bullet most solution vendors would want us to believe. A lot of tech providers claim to utilize AI, however, AI is only as good as the underlying models, algorithms and data. Instead, a lot of solutions use general anomalous algorithms which result in enormous false positives which in turn result in analyst paralysis where security personnel spend enormous portions of their day chasing after their own tails. It is imperative that organizations understand what they are buying before they actually buy.

AI in the Hands of the Adversary

Just as AI has the power to transform and assist with detecting threats, it also has the power to destroy – or in the cyber world, to quickly identify and exploit vulnerabilities.? Cyber criminals/threat actors have been and are harnessing AI to successfully bypass security defenses and gain access to mission critical data and systems. It is therefore becoming a war of attrition between good and bad AI – with bad AI winning on many fronts.

AI will continue to evolve – whether bad or good AI will prevail, it is left to be seen.

Contact us for more information.

Diagon Consulting Ltd webpage: https://cyber.diagonconsulting.com/

Written by: Brett Ramirez and Sebastian Ramsawak