While businesses and services are expanding into cyberspace with minimum improvement in the traditional cybersecurity techniques, cybercriminals are revolutionizing cyber-attacks with artificial intelligence. Cyber threats are getting novel by the day and leaving under-resourced security operations analysts only to catch up. According to Sridhar Muppidi, Technology Security Chief at IBM, he alluded that security professionals are inundated with too many things to do, too much data, very little time, and too few skills. It is as though cybersecurity professionals are left to tackle ever-growing cyber-threats with their hands tied behind their backs while the threats continuously outsmart the traditional security techniques.
However, machine learning can curate threat intelligence from millions of data emanating from research papers and new stories. This can help provide rapid insights that will reduce response time. After being trained with the right data—tested for bias and robust in taking on novel cyber-threats—artificial intelligence through machine learning can provide accuracy in threat detection, accelerate cyber-attack investigation and automate mitigation response. Machine learning based on behavioral biometrics will help evaluate the risk of a specific user for a specific session.
There have been several instances when machine learning got cybersecurity analysts ahead of cyber-threats. To mention a few, a good example is Wimbledon 2017, in which behavioral biometrics and other security technologies enabled security analysts to quickly and efficiently identify and address the real threats hidden in nearly 200 million events which were experienced during the tournament. Another success story is when Sogeti Luxembourg used IBM QRadar Advisor with Watson to reduce the time for threat investigation and root-cause determination from three hours to three minutes. The development of machine learning will be an immeasurable advantage to cybersecurity professionals.
Advantages of Machine Learning to Cybersecurity
Its integration with traditional cybersecurity techniques will give rise to progressive methods and technologies that will greatly improve the solution to the following cybersecurity challenges:
Threat Hunting: Threat hunting is expensive and time-consuming when done manually with traditional security techniques. They use signatures or indicators of compromise to identify threats. They have proved to be ineffective at hunting threats, especially the ones that have not been encountered previously, thereby resulting in many unnoticed cyber-attacks. Traditional security techniques have amplified the reactive nature of current cybersecurity in predicting threats before they occur, especially considering the fact that cyber-attackers use different programs like Virtual Private Network (VPN), Proxy Servers, Tor browser, etc., to help them go anonymous and undetected. However, with machine learning, models can be created to develop profiles of every application within an organization’s network by processing large volumes of endpoint data–and this will make cybersecurity proactive.
Spear Phishing: Spear phishing is a form of targeted email phishing that utilizes social engineering of the victims to create provocative emails that cause the victims to take actions that install the malware in the victims’ systems, which then either blocks access to some files on the system or holds the data thereon hostage for ransom. Machine learning can be harnessed in creating better spam filters that are more effective in identifying and blocking unwanted emails. As well, it can be used to create artificial intelligent chatbots that are sensitive to pattern recognition, which can be used to intercept targeted phishing attempts and other attacks in extension.
Traditional vulnerability management methods wait for attackers to exploit high-risk vulnerabilities in network systems before counteracting them. However, machine learning techniques like User and Entity Behaviour Analytics (UEBA) can analyze the baseline behavior of users’ accounts, endpoint data, and servers to identify atypical behaviors that may signal a potential unknown attack. They will help fish out vulnerabilities before they are officially reported and patched, as well as provide insights into what values would improve the effectiveness of security infrastructure.
Monitoring data centers is indispensable in cybersecurity. Security operations professionals have, as a matter of fact, concluded that monitoring backup, power, cooling filters, internal temperatures, bandwidth usage, etc., of security infrastructure, will greatly improve cybersecurity. Google reported that after implementing machine learning technology within its data center in 2016, there was a 40% reduction in the cooling cost of the facility and a 15% reduction in power consumption.
Firewalls are amongst the most important tools available for protecting networks from attacks: When improved, they can block known malicious IP addresses and websites. In fact, they can be made more effective in blocking malicious traffic while allowing legitimate ones through. With machine learning, large volumes of data can be analyzed easily in real time for patterns that could indicate a potential security breach.
Network Segmentation: Network segmentation has been recommended as one of the ways to mitigate cyber-attacks. In effect, machine learning can help design security policies that will enable security professionals to identify legitimate networks and those that should be inspected further for malicious behavior. And given that many organizations lack exact naming conventions, machine learning will reduce the amount of time required to determine what set of workloads belong to a given application. It will improve network security through learning network traffic patterns and recommending both functional groupings of workloads and security policy.
Intrusion Detection Systems: Intrusion detection systems (IDSs) are essential to guard against cyber-attacks; they alert security professionals of potentially malicious activity in a network, especially the one that is instigated outside the network. Machine learning can bolster intrusion detection systems to be more effective at identifying and responding to malicious activities in a network while eliminating the false positives that traditional intrusion detection systems produce, which lead to unnecessary alerts and waste of time and resources.
From all indications, the advantages that machine learning will give to cybersecurity cannot be overemphasized. It will bridge the barrier that cybersecurity experts need to overcome due to the geographical distance between IT systems and infrastructures, thereby making monitoring of incidents across regions more successful. Besides, it will give rise to AI cyber-technologies that are capable of improving their “understanding” of cybersecurity threats and risks by consuming billions of data that are being produced so far. Then they will be effective at curating risk analysis and analyzing the relationship between threats from malicious files and suspicious IP addresses, thereby reducing the time security analysts need to make critical decisions and remediate threats.