One AI To Rule Them All Maybe.
How AI Will Try to Support Cybersecurity Over the Next?Few Years
Let’s be honest there has been some development of artificial intelligence (AI) and machine learning (ML) technologies over the past decade that has had significantly impact in various industries, including the little corner I work in that is cybersecurity. When I originally was going to write something around AI I had several ways I was thinking of going, the cynical and gloom and doom way, the standard way everyone was, the happy go lucky or just plain tech or my snarky way. What was funny as I read a lot of articles, books and talked to my friends and peers and I opened word and started typing. I just hope this is interesting and good food for thought and discussion. There is NOTHING ground-breaking here just my thoughts and remarks. So, let’s jump in as cyber threats become increasingly sophisticated and pervasive (I read this a lot in articles, which is not strictly true as we see the same things happen time and time again), the need for advanced security solutions is more urgent than ever which is both true and false. In the coming years, AI will play a crucial role in supporting and enhancing cybersecurity measures which is what EVERY vendor is saying and trying to force AI into its product. This brain dump of mine explores the various ways AI/ML possibly will help support cybersecurity over the next 5 to 10 years, as well as the potential negative impacts the technology may have on the industry. This is a long way from the currently uses I see today which seems to be a more google query usage.
AI-Driven Threat Detection and Prevention
The Instant Identification of Security Threats
If done correctly AI has the potential to improve threat detection and prevention capabilities in environments. By continuously scanning and analysing vast amounts of data from various sources, AI can detect new and emerging threats in near real-time. This allows organisations to respond quickly to potential incidents, minimising the risk of damage and loss. Was roughly what I read in a few documents while researching this and honestly this is less about AI but more about ML. Which honestly is OK.
Can AI Lower Costs in Detect and Respond
AI and ML powered cybersecurity solutions not only increase the scope of threat detection and enhance security measures, but they also reduce the time and effort required to identify, investigate, and remediate incidents. Now saying this a friend and colleague of mine tested a prototype of a product that used AI to detect and inform and was well impressed. He showed me the product and I talked to the vendor and after a few days I asked my friend to look at anther product to look at the same data and he was taken back as he got same results. This product was based on the standard heuristics engine and found the same and more. This could lead to significant cost savings for organisations, as well as improved efficiency in their cybersecurity operations. This is where I hope the main impact will be for companies. But it is a long way off due to ML being its prime driver for technology.
Analysis of Cyber Attacks
AI can significantly enhance the efficiency of cybersecurity analysts by automating the process of analysing data logs and incident reports. This allows security experts to focus on mission-critical activities, such as remediation and prevention, while AI algorithms identify and prioritise potential threats.
Automated Real-time Response to Cyber Threats
As cyberattacks become more frequent and sophisticated, the need for rapid and automated responses to threats is essential. AI-driven cybersecurity solutions can provide real-time detection and response to incidents, helping to minimise the impact of breaches and prevent further damage.
Enhanced Vulnerability Management
AI and ML technologies can be used to analyse and identify suspicious patterns and vulnerabilities in networks and systems. By proactively identifying, communicating and containing these vulnerabilities, companies can significantly boost their overall security posture.
Data Handling
AI can monitor transactional data within an organisation's network and protect it from potential threats. This includes analysing user behaviour, identifying anomalies, and detecting malicious activities in real-time. Now this is not new, and some products have done this over the last 10 years but now I think it will be more AI driven and more datasets will be used for the analyse.
Network Monitoring and Security
AI can establish a baseline for an organisation's network traffic and use this information to evaluate and protect the network. Now saying this any malicious activity not detected becomes the baseline (Lets ignore this and believe your network is clean and safe) by continuously monitoring network activity, AI and lets not forget ML can detect and respond to deviations from normal behaviour, hopefully ensuring a more secure environment for businesses.
High Fidelity Detection
AI can establish a baseline for an organisation's network traffic like said above and all the assets within the environment and use this information to evaluate and protect the network. What I would expect is that AI would review the network, Threat intel, deception tooling and rollout decoys and deception technology into the environment. There are tools already that can connect to your Vulnerability scanner to rollout deception. For me high fidelity detection is a good area where AI/ML will be a good fit and put the network in a better place.
Higher Security Over Time
One of the key advantages of AI-driven cybersecurity solutions is their ability to learn and improve over time. As AI systems analyse and process more data, they become more adept at identifying and mitigating threats, resulting in increasingly effective security measures. This is what we are hoping for and is the larger picture.
领英推荐
Specific Applications of AI in Cybersecurity
The following are some specific applications of AI in the realm of cybersecurity:
The Main Pains in the Adoption of AI for Our Neck of the Woods.
Despite all of the amazing numerous perceived benefits and advancements AI could bring to cybersecurity, there are challenges and limitations associated with its implementation:
1.???Firstly, and what everyone knows it’s the high costs of AI and machine learning systems: AI-driven cybersecurity solutions can be expensive to implement, particularly for small and medium-sized businesses, saying that I think the cost could cripple a enterprise cyber budget and lots of data and Splunk/Azure/GCP/AWS costs will possibly kill any real deeper use of AI.
2.???Reliance on a lot of large data sets: Any AI systems will depend on vast quantities of data to function effectively, which can be a challenge for organisations with limited resources or access to such data.
3.???Clean data as bad data will create bad results and a loss of confidence in the technology.
4.???Of course, the misuse by cybercriminals: As AI becomes more widespread, there is a risk that cybercriminals will exploit the technology to automate and enhance their attacks. Well to late for that they are already using the technology and as history as shown tools work both ways for good and bad.
5.???Not sure how I feel if this is a AI risk: While AI-driven biometric authentication systems can offer improved security, they also present potential risks if the biometric data falls into the wrong hands. This is more about putting the right controls in place than AI.
6.???The Largest Challenge in my view is adaptation to specific use cases. Making sure that AI-driven cybersecurity solutions function accurately and effectively for specific use cases will be challenging for multiple of reasons, Bad data sets, lack of understanding of AI, as the threat and risk landscape continues to evolve can we.
The Sword of Damocles (AI) in Cybersecurity
At is heart the of any technology there is the potential to revolutionise our the field of cybersecurity using AI or ML, offering possibilities, numerous benefits and advancements. However, we have seen that same technology we security have used can also be weaponised by malicious actors, using AI to automate and enhance their attacks. This definitely presents unique set of challenges and opportunities for businesses, users, and security professionals alike.
AI Misuse by everyone including malicious actors
As AI and ML becomes more integrated into cybersecurity systems, there is a growing concern that threat actors will attempt to manipulate or exploit AI technologies for their own malicious purposes. This includes poisoning AI algorithms with false data to produce inaccurate results, using AI to develop mutating malware that hopefully evades detection at a rapid pace, or even targeting the data used to train AI systems to compromise their effectiveness. But even in companies there are the same problems of using bad data to train AI which will impact your results.
The Complacency and Overreliance on AI
As we see the rise of AI happens in our small but profitable industry it could possibly start an increasing reliance on AI-driven cybersecurity solutions could possibly lead to human complacency, resulting in security professionals becoming less vigilant in their efforts to detect and prevent security incidents. It will be vital for organisations to maintain a balance between AI-driven automation and human oversight to ensure the continued effectiveness of their security measures.
One AI to rule them all
As we see the emergence of AI continues to shape our modest yet very lucrative cybersecurity, it will give rise to a complex environment characterised by numerous AI tools and a huge level of entanglement of data. This will create the necessary of having a central godlike AI to oversee all other product AIs, helping us determine where to focus, supervise, or delve deeper and hopefully not drown in data. There is also a growing concern in our industry that we might or will witness a decline in experienced security professionals, as companies may become convinced that AI alone can provide all the intelligence required. SIGH!
My last thoughts on AI
As AI and ML technologies continue to advance and they should, the impact on our field of cybersecurity will become increasingly interesting and significant. Companies and security professionals must stay abreast of the latest developments in AI-driven security solutions and remain vigilant in their efforts to protect against evolving cyber threats.
As I write this and read all kinds of articles and talk to my peers and friends, we all expect to see AI playing an even more prominent role in supporting and enhancing cybersecurity measures, and more use in in the dark side as well as by malicious actors to launch more sophisticated, targeted and better-informed attacks. We know there will be different ways to use AI good, bad and ugly, by staying involved, informed and adapting to the ever-changing landscape of AI and cybersecurity, CISOs and companies will better protect their networks, systems, and data from the ever-present threat of cyberattacks by smartly combining AI/ML and people together. But it will all come down to what I call budget-based security (Cost), AI and space is not cheap.
Residential Real Estate Risk Manager
1 年As I learn more about AI I'm continually reminded of the andon chord in lean and the principles of jidoka: a human should always be able to control the automation (and even that doesn't scale well). The differences with AI are speed and proliferation. AIs will eventually battle like superheroes on a city street at rush hour and the likelihood of collateral damage is high.
Executive RA Leader | Med Device | SaMD | Combination Devices
1 年Indeed, I agree with you that Machine Learning will be a significant component to the success of AI in this space. While Cybersecurity is not my "wheel house", I like how you addressed the need for organizations to maintain a balance between AI-driven automation and human oversight. Addressing the "Trust Deficit"; that sheer reliance on AI algorithms without that engagement will certainly reduce the effectiveness of what AI can do (minus that annoying problem of AI "hallucinations").
Cyber Security Strategist
1 年I've been in many discussions about this. And as someone who was working the other side of the aisle so to speak I would argue that as much good as AI can do for a defender, it can be easily undone by an adversary. So this now becomes a war of ai's. Whoever has the best AI wins for at least has a clear advantage. When we bring quantum computing into this the game will change completely. Imagine China having AI computing capabilities that are able to overwhelm systems from a security perspective and enter systems, modify configurations modify data, fairly easily implicate people. We have entered an extraordinarily dangerous stage of civilization and AI is not helping it from my perspective.