AI and machine learning will have significant impact on cybersecurity strategies
It’s that time of year again – the season to look over the past year’s cybercriminal activities, changes in technology, and advances in threat research to predict what’s on the cybersecurity horizon for the coming year. What better year than 2020 to hope for clear and far-seeing vision on the cyber front?
The following predictions reveal methods that cybercriminals will likely employ in the near future, along with important strategies that will help organizations protect against these oncoming attacks.
An important trend in AI is its evolution as a system. One goal of developing a security-focused AI has been to create an adaptive immune system for the network, similar to the one in the human body.
The first generation of AI was designed to use machine learning models to learn, correlate and then determine a specific course of action.
The second generation of AI leverages its increasingly sophisticated ability to detect patterns to enhance things like access control by distributing learning nodes across an environment.
The third generation of AI is where, rather than relying on a central, monolithic processing center, AI will interconnect its regional learner nodes so that locally collected data can be shared, correlated, and analyzed in a more distributed manner. This will be a very important development as organizations look to secure their expanding edge environments, especially once 5G is in place.
When enterprises deploy AI, they aren’t just enabling the automation of tasks but potentially enabling an automated system that can look for and discover attacks, not only after the fact, but even before they occur. Combining machine learning with statistical analysis will allow organizations to develop customized action planning and playbooks tied to AI to enhance threat detection and response.
These threat playbooks could uncover underlying patterns that enable the AI system to predict an attacker's next move. They can help forecast where the next attack is likely to occur, and even determine which threat actors are the most likely culprits. Once this information is added into an AI learning system, remote learning nodes will be able to provide advanced and proactive protection, where they not only detect a threat, but also forecast movements, proactively intervene, and coordinate with other nodes to simultaneously shut down all avenues of attack.
Machine learning is changing as well, right along with networking changes. In addition to using standard forms of threat intelligence pulled from feeds or derived from internal traffic and data analysis, machine learning will eventually rely on a flood of relevant information coming from new edge devices through local learning nodes.
By tracking and correlating this real-time information, an AI system will not only be able to generate a more complete view of the threat landscape, but also refine how local systems respond to local events. AI systems will also be able to see, correlate, track, and prepare for threats by sharing information across the network. Eventually, a federated learning system will allow data sets to be interconnected so that learning models can adapt to changing environments and event trends and so that an event detected at one point improves the intelligence of the entire system.
Opportunities for greater deterrence
Counterintelligence is a critical tool when attacking or defending an environment where moves are being carefully monitored. Defenders have a distinct advantage as they have access to the sorts of threat intelligence that cybercriminals generally do not, and which can also be augmented with machine learning and AI.
The use of increased deception technologies, however, could spark a counterintelligence retaliation by cyber adversaries. In this case, attackers will need to learn to differentiate between legitimate and deceptive traffic without getting caught simply for spying on traffic patterns. And organizations will be able to effectively counter this strategy by adding playbooks and more pervasive AI to their deception strategies. This will not only detect criminals looking to identify legitimate traffic from that generated by deception engines, but also improve the deceptive traffic so it becomes impossible to differentiate from legitimate transactions.
Eventually, organizations will be able to respond to any counterintelligence efforts before they happen, enabling them to maintain a position of superior control.
Privacy and access are among the requirements unique to cybersecurity that cybercrime doesn’t need to deal with, as it has no borders. Cybercriminals can strike anywhere and then hide in havens that provide them with protection. As a result, law enforcement organizations are not only establishing global command centers but have also begun connecting them to the private sector, so they are one step closer to seeing and responding to cybercriminals in real time.
A fabric of law enforcement as well combined with public and private sector relationships can help identify and respond to cybercriminals. Initiatives that foster a more unified approach to bridging the gaps between different international and local law enforcement agencies, governments, businesses, and security experts will help expedite the timely and secure exchange of information to protect critical infrastructure and other organizations against cybercrime.
A unified vision
Malicious actors have been capitalizing on the growing threat landscape. They continue to increase the sophistication of their attacks, including the use of precursors of AI technology. And for some time, forcing some cyberdefenders into a reactive approach to security.
But turnabout is fair play, and organizations are beginning to use the same kinds of tactics to protect their networks. As they begin to incorporate true integration, advanced AI, and actionable threat intelligence into their security architectures, organizations can create a broad, automated strategy that not only secures network segments but every new and emerging edge, from IoT to clouds, in 2020 and beyond.