Password Security
March 23, 2023
The Double-Edged Sword of AI in Cybersecurity
June 27, 2023Using AI in cyber security
It's finally happening. Anyone who has been working in this industry for a while knows, that this isn’t the first time AI has been mentioned alongside the realms of cyber security. We didn’t really bite, in reality most of these felt like a product of an overambitious marketing team, jumping onto the advertising hype wagon after the slightest hint of artificial intelligence related work conducted by their development teams. Don’t get me wrong, some of these performed really well, simply it just wasn’t really artificial intelligence.
This has changed in the last few years, and now we have some companies who truly utilize artificial intelligence within their product range, but before we mention these, let's dive into some promising concepts and developments that are coming into a realistic scope when it comes to utilizing artificial intelligence in cyber security.
AI powered threat detection and analysis in the live environment
Speed and accuracy would be the key benefits of this. If the data bandwidth allows it, artificial intelligence is capable of analysing large amounts of data in real time. Our approach would be to train a model that's “aware” of the environment, and using detected variables it can simulate scenarios where the outcome would be a potential threat. Log the steps required to achieve this, and then apply pattern recognition in the live environment. If implemented correctly, this ever evolving model is a serious tool to use. With a slightly different approach to each, this can be applied to software, hardware and user behaviour as well.
AI in phishing detection and prevention
Again speed is the key, because the dataset which would be analysed is relatively small (e-mails, messages). The context and the metadata can be analysed at blazing speed. The context is also run through some natural language processing algorithms, which can analyse tone, sentiment and potentially lower the false positives. Compared to non-AI driven systems, these systems adapt themselves to situations and new types of attacks.
Malware detection and analysis
As we can already see in the latest GPT models and others, AI can understand and explain code to some extent. Paired with some clever reverse engineering tools, these models can recognise malware faster than humans do, and essentially guide the researchers, reverse engineers to analyse the malware way faster.
Artificial Intelligence driven chatbots
We have already implemented this as an experiment within our environment. Using a GPT model from OpenAI, fine tuned with our own datasets, we created Alice. It is still in a testing phase, but the results are already quite promising. The core concept behind this is to serve as quick help, who is available 24/7 to everyone who is looking for some guidance around IT and cyber security, before our client is passed onto a real person. Check out this project HERE
Security Orchestration, Automation, and Response (SOAR) with AI
Various data feeds from existing security tools can be bootstrapped into AI models, to generate more efficient, automated workflows. Potentially saving time and reducing human errors with their implementations. Truly we have some trust issues at the moment with these, due to their critical nature, this is well justified but nevertheless there is progress in the pipeline.
Secure Development Lifecycle (SDLC) Integration
Detecting vulnerable code in the stage of its conception, really enforces the !!!!!secure by design approach in software development. This reduces potential remediation costs and improves software quality during code creation. This will be a love or hate relationship, just as Github copilot has with the community currently. Wait until you find out what else they have been working on.
Companies utilising AI in cyber security (successfully)
Darktrace
With over 130 patents to date, develops award-winning products and concepts in the realm of cyber security by leveraging AI. Their product evolution is driven by continuous data feeds and fine-tuning of their AI models. Darktrace's unsupervised machine learning approach enables threat detection at scale, real-time analysis of potential undocumented vulnerabilities and autonomous response capabilities.
Crowdstrike
They use artificial intelligence and machine learning to enhance their cloud-native endpoint security platform. The system focuses on threat detection, incident response and threat intelligence. They are also capable of analysing massive amounts of data, 2 trillion events a day !!!!!!!!and respond adequately. By analysing malware behaviour in real time, they don’t rely on the usual malware signature framework as most of the industry is.
Github + Github Copilot X
Github Copilot has been around for a while now, built on OpenAI’s Codex model. It represents a significant leap in the software development workflow. No... you still need to know how to write code, but if you know what you are doing, it considerably speeds up things. Github is working on the next iteration of Copilot based on GPT4, which will integrate more deeply with the IDE and I assume it will come bundled with Vscode by default at some point. It outlines features as voice integration, compliance checking, generally reducing manual tasks even more, and generally guiding towards the secure by design methodology.
IBM Watson X
Cognitive security unites the power of artificial intelligence and human intellect. Utilizing Watson® for Cyber Security's cognitive computing provides a sophisticated kind of AI that employs multiple AI techniques, such as machine learning algorithms and deep learning networks, which continually improve and become more intelligent over time.
Google has been harnessing the power of machine learning to enhance email filtering and its been doing this for 18 years!!!! By employing advanced algorithms, Google's system has continuously evolved to accurately identify and sort incoming messages for users. These machine learning techniques have been instrumental in distinguishing between spam, promotional content, and legitimate correspondence, ensuring a more organized and secure inbox experience. As a result, users can focus on important emails while being protected from potential threats and unwanted content.