3 ways artificial intelligence can improve your cyber security today


Although they are in their infancy, cyber security systems based on artificial intelligence (AI) have great potential for combatting cybercrime. By using AI, we can now design, train and test intelligent cyber systems that are more robust, adaptive and responsive than humans could ever hope to be.

Let’s look at a few scenarios where AI can be applied today to improve cyber security:

Autonomous red teaming

Red teams are teams of white – or “good” — hackers who study the vulnerability of software systems by hacking them for testing, with the aim to make systems more robust and secure. However, red teams are highly skilled and in short supply. Also, increasingly, the software systems of the organizations are growing in complexity.

Applying AI solutions backed by experience-based reinforcement learning can address the skill gap and complexity by building a consistent evaluation process. This process learns from experiences working with other skilled testers and can train and augment new or semi-skilled testers by giving them a wide variety of test scenarios.

A system’s knowledge can be generalized and applied to different contexts and scale to build intelligent and adaptable solutions.  Machines still rely on humans to analyze complex relationships between different domains for vulnerability assessment in edge cases and cannot be currently relied upon to discover these relationships. But a mixed initiative of machines collaborating with humans to build models can help address people’s anxiety and concerns, while leveraging the machine’s capabilities.

Predictive maintenance scheduling

It can be difficult for any organization to keep IT operations running smoothly, minimize downtime and design maintenance schedules to keep their patches, backup, system upgrades and so forth up-to-date — and at the same time maintain effectiveness and a security posture to meet business objectives. An organization’s needs vary from one group to another and may be constantly in flux dealing with intelligent adversaries who are actively looking at ways to penetrate the organization’s systems. Predictive maintenance scheduling can help cyber teams react proactively to de-weaponize threats.

AI can design self-adapting, customized, dynamic solutions that help outmaneuver adversaries and intelligent threats. Gaming domains have shown that AI solutions are very efficient at designing solutions for complex policy-based adversarial scenarios. Maintenance schedules are like policies.  Machines can learn to update policies on their own based on data and experiences, and advise humans on better actions — with explainable AI supporting the rationale. Optimization metrics like uptime, downtime and utilization can help check how systems are performing and provide feedback so systems can adapt, learn and change their behaviors.

AI solutions can aid in providing seamless, adaptive solutions addressing the perpetual challenge of response times.  The challenge even exists in stimulations, as learning of this kind is largely online. Security experts are wary of letting machines take complete control if there is ambiguity around the decision-making approach. Setting boundaries on the extent a machine can act or make decisions can limit the solution scope but still widen its current application and accelerate response times.

Real time monitoring and analytics

In addition to assisting in cyber solutions that counter difficulties in maintaining 24×7 capabilities, AI can help cyber teams develop a tailored knowledge bank for their organization – alleviating issues from the lack of experienced and qualified personnel and the volume of potential incidents overwhelming human capacity. AI-capable solutions can help security analysts readily examine a broad range of threat data and gain actionable insights to make decisions quickly.

Working manually, security analysts today consider only 20 to 30 percent of the value of their data. AI adds another layer of insight with natural language processing (NLP) capabilities. Unstructured data in threat feeds, security blogs, research papers, forums, websites and bulletins are rapidly expanding. AI can assist security experts in sifting through all of the internal and external sources of information required to analyze sophisticated threats.

AI-based solutions can automate the collection of an organization’s data, for example, from networks and firewalls, systems and applications to help detects anomalies, uncover advanced threats and remove false positives. AI can consolidate data from log events as well as network flow data from thousands of devices, endpoints and applications distributed throughout a network. The prescriptive data from AI-based simulations can show how new threats can penetrate the current system. By identifying the end-to-end chain of events associated with a single potential incident, analysts can prioritize threats more accurately based on severity and impact while reducing false positives.  Cyber analysts can then use an advanced security analytics engine to normalize and correlate this data and identify security offenses requiring investigation or build cyber risk simulation models that can feed into predictive maintenance schedules.

Revolutionary capabilities

AI-based cybersecurity solutions promise revolutionary capabilities tailored to an organization’s specific needs. A lot of research is currently underway to create labeled data for the domain, which will assist in implementing these solutions further. With cybercrime becoming more organized and sophisticated, it is imperative for organizations to deploy highly adaptive prevention, detection and response capabilities which is now possible by leveraging and trusting AI.

Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.