A few weeks ago, ITrust was present at the 16th edition of one of the most awaited cybersecurity event in Europe – Les Assises de la securite. During the conferences, the notable intervention of Guillaume Poupard made its impression on us with an optimistic message directed to the cyber-ecosystem.
Despite rising threats, the CEO of the French Network and information Security Agency clearly stated: "We already know how to fight against these risks. What’s left now is to engage a significant effort in preparing for the worst so that they do not occur”.
Why must we strive for prevention? Because, in this game of fatal blows, cybercriminals will not hesitate to divert existing technologies in achieving the upper hand, much like the members of the Lannister House. In deciding who will take over the Iron Throne, being one step ahead of these plot masters is quintessential.
Amongst others, a technique that is held dear by nowadays black hats is the APT (or the Advanced Persistent Threat). Sneaky and stealthy, this attack targets a specific entity, either an organization for business reasons or a state for political reasons. An APT requires a high degree of concealment over a long period of time.
The goal of such an attack is to place customized malicious code on one or more computers in order to perform specific tasks, all the while remaining hidden. Then, the malware is finally activated at the instant it will do the most damage. Sounds familiar? Kind of reminds us of the wildfire attack that Cersei unleashed on the Sept of Baelor in King’s Landing.
When talking about APTs, we cannot neglect the mathematical approach in their detection. According to Cédric Villani, mathematician and winner of the prestigious Fields medal, mathematics have a lot in common with cybersecurity. During his speech, he noted that this area relies on 3 pylons: « techniques, men and processes » that are all parallel with the main elements we find in mathematics.
Mathematical algorithms might just be one of the solutions in detecting APTs. More specifically, learning algorithms, belonging to the field of artificial intelligence, are effective in the fight against these relentless cyber-threats. When we speak of AI, many imagine a world of science fiction. In reality, intelligent automation is already improving current technologies such as online shopping, surveillance systems and many others.
In the area of cybersecurity, we can access artificial intelligence using many technologies, but perhaps the most striking is machine learning. Indeed, ML algorithms allow computers to learn and make predictions based on already existing data. This clear view of the AS IS is the equivalent of Bran’s visions of the past. The question now arises: will this be enough? Many have already noticed that traditional detection methods (systems based on virus signatures) can no longer ensure a proactive defense.
If we were to pair it off with the Red Lady’s insights of the future, wouldn’t the result be an ultimate AI to fight against the Machiavellian approach of the Lannisters?
Master the art of cyber-plotting
Many clustering and classification algorithms can be used to quickly and correctly answer this crucial question: "Is this file healthy or malicious?"
Now, if a million files needed to be analyzed, the first thing to do is to identify any unusual behavior and generate alerts for the operator to see. That being said, this cybersecurity analyst has just to determine (or not) if the generated alert is a malicious one. The decision is then taken into account by the system next time it encounters the same type of alert. This is what we call machine learning.
But what’s so great about that? Well, for starters, ML gets a very low false positives rate for new malicious software such as ransomware and other malware exploiting 0-day vulnerabilities. To sum up, the fundamental principle of automated learning is to recognize the trends of past experiences and make predictions based on the latter.
This means that security solutions can react more effectively and more quickly to new invisible cyber threats, compared to older techniques and cyber automated detection systems that were used before. So, yes, we do believe that artificial intelligence is the right solution against APTs, where attackers take special care to remain undetected for indefinite periods of time. Perhaps if the Sept of Baelor had an AI on his side, Cersei wouldn’t have had his way with him.
Man against machine
Blurring the boundaries between man and machine, artificial intelligence is a very important cyber-weapon, but let us be clear about something: it cannot fight all by itself against cyber-threats.
ML algorithms are, overall, more accurate in assessing potential threats within large amounts of data, as opposed to their human counterparts. But, as mentioned in the previous paragraphs, machine learning systems, even though they record a low rate of false positives, some can still slip by. The decision of a human is thus needed in order to sort the algorithms in place.
In conclusion, the only way to remain one step ahead of cyber attackers is to couple the AI with a human approach. Bran and the Red Lady might be effective, but with an ally such as John Snow on their side, they could finally complete the triangle and fight against the petty strategies of the Lannisters and other foes.
ITrust has understood this and fights the war against the cybercriminals of today with the help of Reveelium, its behavioral analysis solution capable of detecting APTs, viruses and unknown attacks.
(About the author; Cristina Ion is community manager at ITrust. This post originally appeared on her blog, which can be viewed here)
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access