Fortinet has unveiled predictions from the FortiGuard Labs team about the threat landscape for 2020 and beyond. These predictions reveal methods that Fortinet anticipates cybercriminals will employ in the near future, along with important strategies that will help organisations protect against these oncoming attacks.
“Much of the success of cyber adversaries has been due to the ability to take advantage of the expanding attack surface and the resulting security gaps due to digital transformation” said Derek Manky, Chief, Security Insights & Global Threat Alliances, Fortinet. “Most recently, their attack methodologies have become more sophisticated by integrating the precursors of AI and swarm technology. Luckily, this trajectory is about to shift, if more organisations use the same sorts of strategies to defend their networks that criminals are using to target them. This requires a unified approach that is broad, integrated and automated to enable protection and visibility across network segments as well as various edges, from IoT to dynamic-clouds.”
Changing the trajectory of cyberattacks
Cyberattack methodologies have become more sophisticated in recent years magnifying their effectiveness and speed. This trend looks likely to continue unless more organisations make a shift as to how they think about their security strategies. With the volume, velocity and sophistication of today’s global threat landscape, organisations must be able to respond in real time at machine speed to effectively counter aggressive attacks. Advances in artificial intelligence and threat intelligence will be vital in this fight.
The evolution of AI as a system
One of the objectives of developing security-focused artificial intelligence (AI) over time has been to create an adaptive immune system for the network similar to the one in the human body. The first generation of AI was designed to use machine learning models to learn, correlate and then determine a specific course of action. The second generation of AI leverages its increasingly sophisticated ability to detect patterns to significantly enhance things like access control by distributing learning nodes across an environment. The third generation of AI is where rather than relying on a central, monolithic processing centre, AI will interconnect its regional learner nodes so that locally collected data can be shared, correlated and analysed in a more distributed manner. This will be a very important development as organisations look to secure their expanding edge environments.
Federated machine learning
In addition to leveraging traditional forms of threat intelligence pulled from feeds or derived from internal traffic and data analysis, machine learning will eventually rely on a flood of relevant information coming from new edge devices to local learning nodes. By tracking and correlating this real-time information, an AI system will not only be able to generate a more complete view of the threat landscape, but also refine how local systems can respond to local events. AI systems will be able to see, correlate, track and prepare for threats by sharing information across the network. Eventually, a federated learning system will allow data sets to be interconnected so that learning models can adapt to changing environments and event trends and so that an event at one point improves the intelligence of the entire system.
Combining AI and playbooks to predict attacks
Investing in AI not only allows organisations to automate tasks, but it can also enable an automated system that can look for and discover attacks, after the fact and before they occur. Combining machine learning with statistical analysis will allow organisations to develop customised action planning tied to AI to enhance threat detection and response. These threat playbooks could uncover underlying patterns that enable the AI system to predict an attacker’s next move, forecast where the next attack is likely to occur and even determine which threat actors are the most likely culprits. If this information is added into an AI learning system, remote learning nodes will be able to provide advanced and proactive protection, where they not only detect a threat, but also forecast movements, proactively intervene and coordinate with other nodes to simultaneously shut down all avenues of attack.
The opportunity in counterintelligence and deception
One of the most critical resources in the world of espionage is counterintelligence and the same is true when attacking or defending an environment where moves are being carefully monitored. Defenders have a distinct advantage with access to the sorts of threat intelligence that cybercriminals generally do not, which can be augmented with machine learning and AI. The use of increased deception technologies could spark a counterintelligence retaliation by cyber adversaries. In this case, attackers will need to learn to differentiate between legitimate and deceptive traffic without getting caught simply for spying on traffic patterns. Organisations will be able to effectively counter this strategy by adding playbooks and more pervasive AI to their deception strategies. This strategy will not only detect criminals looking to identify legitimate traffic, but also improve the deceptive traffic so it becomes impossible to differentiate from legitimate transactions. Eventually, organisations could respond to any counterintelligence efforts before they happen, enabling them to maintain a position of superior control.