Cyber actors are continually evolving, changing and strengthening their attack methods but also changing their attack vectors and targets. As we’ve seen during the rise of remote work due to the pandemic, cybercriminals are about as opportunistic as they come. They will use almost anything available to attack their targets. And that means cybersecurity teams must be just as stealthy. They must work to stay ahead of bad actors and never let their guard down.
By Derek Manky, Chief of Security Insights & Global Threat Alliances, FortiGuard Labs
Doing this requires the use of AI – there’s just no way that humans alone can keep up, especially as cybercriminals also make increasing use of AI, automation, and machine learning for their nefarious activities.
The evolution of AI is critical for future defense against evolving attacks. This will include using local learning nodes powered by machine learning as part of an integrated system, similar to the human nervous system. AI-enhanced technologies that can see, anticipate, and counter-attacks will need to become reality in the future, because cyberattacks of the future will occur in microseconds. The primary role of humans will be to ensure that security systems have been fed enough intelligence to not only actively counter live attacks but actually anticipate those attacks so that they don’t happen in the first place.
AI is being used on both sides
We have observed bad actors using AI and machine learning to their advantage. They’re building platforms to deliver malicious payloads at unheard-of speeds and scale. And no industry or organization is immune to these attacks. So, think of the adage about fighting fire with fire. When you’ve got bad actors using AI, the only way to combat their efforts will be to also use AI.
But that means AI in cybersecurity will need to continuously evolve, as well – faster and farther than ever before. Combined with rich media services and increasingly intelligent endpoint devices, 5G will soon be able to create dynamic, ad hoc edge networks that will fundamentally change how data is generated, distributed, and used. Add billions of semi-intelligent IoT devices and dynamic edge routing resources, and we are on the verge of another dramatic shift that will impact how we work and live.
Using AI and ML for maximum impact
To stay ahead of bad actors, organizations must adopt a proactive, strategic approach that relies on threat intelligence that’s timely, accurate, and actionable. Strategic and tactical information gathered from a global threat intelligence network—and analyzed with sandboxing and AI/ML techniques—enables an organization to transition to a proactive security posture. To achieve this, organizations should look for solutions that train their systems using all three learning modes of ML—supervised, unsupervised, and reinforcement learning—as such systems will become increasingly accurate over time.
Joining AI-enhanced security systems with real-time, reliable threat intelligence and networking technologies creates a security-driven network approach that can function as one unified system. A system of this kind is designed to match pace with and secure these increasingly complex and dynamic networks–and relies on tiers of security. It starts with systems woven throughout the network, such as segmentation, behavioral analytics, and zero-trust network access. These systems work non-stop to ensure that the traffic coming into and moving across the network is free of threats.
An additional piece of the puzzle is a distributed security system that replaces traditional sensors with learning nodes. This system is not only able to gather threat information but also function as the first line of defense. It does so by using stored knowledge supplemented by machine learning to detect a threat and provide a coarse-grain response.
The role of humans
By adopting technologies that automate tasks or use AI-driven security operations, CISOs are able to hire a broad range of cybersecurity professionals while reducing the learning curve needed for new or junior staff to become highly effective in the security operations center. Using next-generation cybersecurity technologies enables integrated, enhanced user interfaces that take advantage of the automation of tasks. This allows new and junior staff to be effective sooner, thereby reducing the need for senior-level staff oversight.
In addition, these technologies can help fill holes left by the cybersecurity skills gap. This provides for more meaningful and high-value work across the range of cyber professionals and can also increase staff retention.
The future of security is AI
The networks being built today are extremely complex. They require a level of awareness and response to defend users, devices, and data that humans simply cannot achieve, no matter how experienced, skilled or intelligent. Cyber assailants are using increasingly complex and sophisticated threats powered by AI and machine learning. AI-enhanced systems, coupled with humans who continue to train and refine those systems, are essential for protecting our digital society going forward.
About the Author
As chief of security insights and global threat alliances at FortiGuard Labs, Derek Manky formulates security strategy with more than 15 years of cybersecurity experience. His ultimate goal is to make a positive impact on the global war on cybercrime. Manky provides thought leadership to the industry and has presented research and strategy worldwide at premier security conferences. As a cybersecurity expert, his work has included meetings with leading political figures and key policy stakeholders, including law enforcement, who help define the future of cybersecurity. He is actively involved with several global threat intelligence initiatives, including NATO NICP, INTERPOL Expert Working Group, the Cyber Threat Alliance (CTA) working committee, and FIRST, all in an effort to shape the future of actionable threat intelligence and proactive security strategy.
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.