Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Beyond the Hype: AI, ML, and Deep Learning in Cybersecurity (Part 3)

DZone's Guide to

Beyond the Hype: AI, ML, and Deep Learning in Cybersecurity (Part 3)

Learn how intelligent algorithms based on deep learning can be used to solve many important problems in cybersecurity.

· AI Zone ·
Free Resource

Insight for I&O leaders on deploying AIOps platforms to enhance performance monitoring today. Read the Guide.

This is the final piece of my three-part blog on the topic human intelligence vs. AI, and how AI is being used successfully to address various problems in cybersecurity.

In the first part of the blog, I offered a definition of intelligence and its three components: a store of knowledge, mechanisms to acquire knowledge, and the ability to use knowledge for problem-solving. We differentiated between the notions of general AI (which does not exist today) and narrow AI (which certainly does). In Part 2, we reviewed the relationship between the terms AI, machine learning, expert systems, and deep learning, and looked at several narrow AI systems in domains outside of cybersecurity.

Now, let's look at the application of AI in cybersecurity.

The Cybersecurity Problem

The cybersecurity challenge can be defined as maintaining the confidentiality, availability, and integrity of our computer systems. There are three major areas of cyber-defense:

  1. Vulnerability assessment.
  2. Setup and management of effective security controls.
  3. Security incident handling and response.

In recent years, cybersecurity has become a hyper-dimensional problem of extreme scale. With the "computerization" of our businesses, the number and variety of vulnerabilities has exploded. New and novel ways of compromising computer systems are discovered every day by security researchers and the adversary. The picture below shows an abstract view of the attack surface of a typical enterprise — tens or thousands of places where things can go wrong (x-axis) times the thousands of potent attack vectors and breach methods (y-axis).

Let's example a point on this point on this attack surface — say, line of business apps (x-axis) and shared passwords (y-axis). This is the idea that perhaps an enterprise user's Yahoo or LinkedIn password is the same as their password for one of the enterprise apps. So, if Yahoo or LinkedIn was breached and the passwords were stolen (and were not properly salted), then you have a problem: 1M ways for the adversary to get in.

Generally, defenders have no idea what this password-sharing risk vector looks like for their business. At this time you better hope your two-factor defenses are properly configured and working.

Attackers exploit multiple points on this attack surface to breach your network, propagate across to their target systems, escalate their access privileges, finally compromise, exfiltrate, or destroy your information. For a 10,000-person organization, we estimate over 100 million time-varying factors in the attack surface picture. For larger companies, we estimate that the breach risk tensor is a function of tens of billions of time-varying signals. And that is not it: your effective risk model is also a function of the threat model and the effectiveness of your and your third-party suppliers' mitigations across the attack surface.

This is not a human-scale problem anymore. There is simply too much data to analyze by hand.

To stay unbreached, these vulnerabilities have to be discovered and then addressed, and that typically involves reconfiguration or patching of system(s), user training, and/or putting into place additional security products, people, and processes. Defenders struggle with the relentless pace of new vulnerabilities being discovered, prioritization of open vulnerabilities, and managing the large number of point solutions needed to address the different areas of your attack surface.

Finally, in spite of our best efforts, attacks slip through. The number of daily security alarms that need to be handled by security operations has been growing steadily. Alarm handling involves getting data from multiple point systems, which is tedious and time-consuming. Most organizations lack the number of trained personnel needed to handle the volume of security alarms that go off daily.

AI in Cybersecurity

Now, imagine if you had a properly trained, self-learning system capable of autonomously and continuously gathering data from a wide variety of sources about your enterprise, and performing correlation of patterns across hundreds of dimensions in order to surface the following categories of intelligence:

  1. Understand every relevant detail (configuration, usage, etc.) of your extended enterprise inventory — all devices, users, and applications, on-prem and off.
  2. Deep context around business criticality of each asset and user.
  3. Up-to-date knowledge of global and industry-specific threats — AKA what is fashionable with the adversary on a daily and weekly basis.
  4. Intimate understanding of the various security products and processes you have deployed as part of your overall breach risk mitigation plan.
  5. Compute your effective risk taking into account all the information in items 1-4 above, and predict how and where you are most likely to be breached.
  6. Provide prescriptive insights on how you might best configure and enhance your security controls and processes to improve your cyber-resilience, without negatively impacting business operations.
  7. Provide maximal context for the prioritized and efficient handling of security alarms and incidents with impact minimization. inform tactical response to incidents, but also surface root causes and prescribe strategic mitigations for the underlying vulnerability.
  8. Explain its calculations and recommendations at all times by providing different visualizations and reports that contain relevant information for all stakeholders involved — users, business unit owners, security operations, CISO, auditors, CIO, CEO, and board members.

This is essentially what we are doing at Balbix. Our objective is to provide you with the world's best predictive breach risk platform that utilizes deep learning and other advanced AI algorithms to surface relevant security and risk information. This intelligence can super-charge many of your workflows and operations.

TrueSight is an AIOps platform, powered by machine learning and analytics, that elevates IT operations to address multi-cloud complexity and the speed of digital transformation.

Topics:
ai ,machine learning ,deep learning ,cybersecurity

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}