Chau Dang, Sr Product Manager at NVIDIA details five ways that Artificial Intelligence (AI) can detect and prevent security threats.
In recent years, cyber attacks have continued to grow in cost and complexity. According to the 2021 IBM Security Cost of a Data Breach Report, the average cost of a data breach has increased from US$3.86M in 2020 to US$4.24M in 2021. Adversaries are enhancing their attacks with the power of AI and the only way to counter these attacks is to deploy AI in cybersecurity defence. ABI research found that investments in cybersecurity infrastructure have increased at a rate of 8.3% each year and are expected to be as high as US$145.78B in 2025. Here are five ways AI can help detect and prevent security threats as they happen: screen more data, flag nuanced activities, secure applications in your network, detect behavioural anomalies and stop zero day threats like never before.
1) Screen more data than humanly possible
In the past, a security operations team typically only investigated a breach after it was confirmed or at least suspected. This made sense when threats were more limited and a few humans could reasonably react to all the antivirus and firewall alerts. But now, all data on all servers and all traffic on every network connection is potentially a threat. On average, it takes 287 days to identify and contain a data breach. AI-powered cybersecurity can help cut down on detection time by doing real-time data inspection. We have the technology to review and analyse terabytes of data each day to detect malware, hacking attempts, data exfiltration, or evidence of a successful or ongoing attack by leveraging parallel computing and unsupervised learning techniques.
2) Catch suspicious behaviour, not just suspicious bits
Old-school threats came in fixed, recognisable forms that didn’t change once released into the wild. The vast majority of organisations would be protected as long as they regularly updated their security software signatures. Now, advanced malware modifies itself and hackers’ toolkits let bad actors create novel malware daily or even hourly. New exploits and viruses often attack data centres before the security companies can distribute updated signatures. These zero-day attacks haven’t been seen before, so they don’t show up in any threat databases. Instead of only scanning for known signatures, AI-powered security can detect these threats by finding suspicious behaviour. AI can be trained to recognise suspicious application behaviour or traffic patterns to detect new attacks, even if the specific attacks have never been seen before. Organisations have to protect against an alarming variety of initial attack vectors. In 2021, the most frequent type was compromised credentials, which made up 20% of breaches, followed by phishing at 17% and cloud misconfiguration at 15%. Compromised business email was less frequent, but the most expensive to contain, costing US$5.01M.
3) Identify bugs, vulnerabilities and mistakes in applications and networks
AI has the power to improve security by finding and resolving problems beyond malware and leaked sensitive data. It can scan application, server and network logs to identify misconfigurations, outdated software, or improper settings. AI can also scan application code before deployment or chip designs prior to tapeout to help find vulnerabilities before the products go into use. These capabilities don’t find threats or viruses but eliminate system, application and network vulnerabilities, making hacks and attacks less likely to succeed. Securing applications is more important during an era of remote work because containing breaches is now much more expensive. IBM found that at organisations where remote work was a factor in the breach, the average total cost of the data breach was 24.2% more than when remote work was not a factor.
4) Identify machines acting as humans and humans acting as machines
Users authenticate themselves to access applications and the various application, web, database and middleware servers also authenticate themselves to other machines to share data. But what happens if a botnet learns to emulate human employees? What if an adversary pretends to be a trusted server? AI-powered security learns normal traffic and data access patterns and can rapidly detect whether machines are impersonating legitimate users (machines as humans). It can also detect when adversaries are impersonating trusted machines to gain access to sensitive data (humans as machines). Social engineering only occurs in 2% of breaches, but can be very expensive when it’s successful, costing businesses US$4.47M to contain.
5) Identify never-before-seen or zero-day threats
Traditional security software references a database of known malware signatures that should be blocked from getting into the data centre. The problem today is that the databases of malware signatures and sensitive information cannot be updated quickly enough to keep up with new malware creation or self-modifying malware. Likewise, a fixed list of sensitive data that must be prevented from leaking out of the organisation will always be out of date. AI-powered security can identify zero-day attacks by recognising suspicious patterns of behaviour or network traffic without relying on fixed signature databases. And AI can recognise categories or types of sensitive information instead of noticing only information that matches rigid, predefined lists.
As the amount of data, attack surface and number of threats continues to grow, AI technology is the only plausible response. AI-powered data science provides the scale to cover all the relevant machines and network traffic along with the adaptability to recognise many new threats and vulnerabilities that InfoSec teams and their software tools haven’t seen before.
Not only is using AI beneficial when there is a lack of training data, but there’s also a correlation between data-breach cost and security automation. Maturity of implementation has been on an upward trend and we see that organisations that have fully deployed security AI, on average, spend US$3.81M less on data breach containment.
By Chau Dang, Sr Product Manager at NVIDIA