Cyber security
Fending off attacks with AI
Cyber attacks are becoming increasingly difficult to detect and fend off. There are now initial approaches using artificial intelligence (AI) that can also detect previously hidden behaviors of attackers in networks.
The results in practice are promising, as Gérard Bauer, Vice President for the EMEA region at Vectra, reports.
Why is artificial intelligence playing an increasingly important role in cyber security?
GérardBauer: AI is used in many areas of cyber security because it can process and analyze complex data at a scale and speed that exceeds human capabilities. This enables the automated detection of new, hidden threats and attacks. The threat landscape is rapidly diversifying and the attack surface is growing exponentially. At the same time, cyber security is suffering from a lack of personnel and resources. AI saves security teams valuable time to prevent attacks and fix problems before they develop into serious compliance breaches. AI does not replace humans, but enables them to work more efficiently to reduce and manage cyber risks.
Which AI methods are used?
For pre-trained supervised models, the features selected from the data are just as important as the algorithms themselves. Here, security experts and data scientists work together to select, test and validate their security hypotheses, models and input data. Pre-trained algorithms are ready for immediate use.
Unsupervised learning, on the other hand, is untrained. It attempts to identify groups and patterns based on observations without pre-selecting attributes; algorithms such as Random Forest and K-Means Clustering can be used here. They are useful for detecting unique local phenomena and threats such as reconnaissance by attackers.
Are neural networks used?
Yes, although computationally expensive, deep learning based on neural networks is also used. Inspired by the biological structure and function of neurons in the brain, deep learning techniques use large networks of artificial neurons. These are organized in layers, with individual neurons connected by a series of weights that adapt in response to new incoming inputs. As the depth of the network increases, it becomes more difficult to train a model. Advances in this area are due to techniques and mathematical analysis. The choice and combination of algorithms ultimately influences the performance and effectiveness of the AI system in detecting threats.
What is the advantage over conventional methods?
Today's cyber attacks are complex, multi-stage operations that involve a variety of techniques and strategies to penetrate deeper and deeper into the network. AI tools are able to detect previously unknown attacks - without a hash signature, based on what attackers are doing, rather than what vulnerabilities, exploits or even legitimate tools they are using. For example, a previously unseen remote access Trojan (RAT) is detected by an AI model designed to look for RAT. Behavior-based approaches to attack detection have the added benefit of working with both plaintext and encrypted communication, as they do not require deep packet inspection.
The Vectra software dashboard allows cybersecurity experts to keep track of attacks. Artificial intelligence helps with detection.
© VectraWhat specific solutions do you offer?
We have developed a comprehensive suite of detection algorithms based on supervised and unsupervised learning as well as deep learning. They are optimized to identify a specific type of attacker behaviour throughout the lifecycle of an active attack: Command and Control*), Reconnaissance, Privilege Escalation & Cross Movement, and Data Manipulation & Exfiltration.
Each of these behaviors or phases provides multiple opportunities to detect the hidden attacker at work. The algorithms then assess the incidents according to risk and security relevance. In addition, the AI correlates the behavior over time back to the affected hosts. This makes it possible for security analysts to quickly, easily and in real time identify those hosts that require immediate attention. A final layer of AI correlates which hosts are involved in the overall attack campaign, providing a complete picture of the attack across the entire organization.
What are the benefits of this?
In live operation with customers, we have seen a 32-fold reduction in analysis time. When security analysts respond quickly and effectively, they can stop attacks before they become business-critical.
What about acceptance? Do users trust AI tools?
With AI software constantly adapting itself, it is difficult to understand how a result is ultimately achieved. It is therefore important that users have a certain level of basic knowledge.
And when it comes to purchasing a specific tool?
Here it is advisable to ask the AI manufacturers some insightful questions about their tools in advance. For example, which and how many machine learning algorithms a product uses and how these are categorized and updated. How long does it take for the recognition software to be ready for use? How many algorithms are needed for a learning phase and how long does it take? How are the algorithms trained, what is the source and origin of the training data?
In addition, a live evaluation on site can prove the effectiveness of the software. Knowledge and practical experience form a solid basis for building trust in an AI tool.
What are typical applications for such tools in the production environment?
There are a number of applications related to the use of AI to automate threat detection and response. For example, such AI tools can detect active but unknown and hidden threats within the corporate network that bypass security controls and defenses. To date, this has often been a blind spot. Another field of application is the detection of threats in the cloud and in the data center. This is because virtualization and the cloud present unique security challenges, including a high percentage of communications that are invisible to traditional security controls.
Ultimately, it's also about reducing the burden on the security team, which has to deal with a flood of alerts. Automation using AI has been proven to significantly increase the efficiency and effectiveness of security operations.
Can you give us a specific application example?
The Vetropack Group, a manufacturer of glass packaging, has chosen the AI platform 'Vectra Cognito' to protect its key assets and optimize security operations. The company realized that network perimeter security measures alone would not be able to cope with today's cyber threats. To quickly detect and stop cyber attackers before they damage or steal critical assets, visibility into the network was needed.
Today, the AI-based cyber security platform provides Vetropack with seamless, automated threat hunting and attacker detection in real time, supported by AI and continuously learning behavior models. The intelligent technology automatically prioritizes the highest-risk threats in the company-wide network, which spans offices, production sites and distribution centers in several European countries. This enables Vetropack to quickly and proactively stop cyber threats.
You might also be interested in
Quo vadis image processing?
Innovations in the fields of artificial intelligence and embedded vision as well as special processors and development environments for image processing open up a broader spectrum for the technology. An overview.
read more...Autonomous thanks to artificial intelligence
Machine vision for reliable quality assurance via plug & play and without a great deal of specialist knowledge - conventional image processing systems are generally a long way from this ideal. A German-Israeli start-up wants to change this.
read more...A direct comparison of solutions
The topic of machine learning raises a number of questions: Which data should be analyzed using which methods? What role does the user play in the data analysis process? And what about the real-time capability, explainability and reliability of the...
read more...The benefits of artificial intelligence for sensor technology
With the technologies and processes of deep learning, industrial sensor technology is on the verge of a far-reaching leap in functionality. Image-based sensors in particular are a field with great potential.
read more...Which gripper for which application?
Advances in the field of end-of-arm tooling (EoAT) make it possible: grippers and sensors are becoming increasingly intelligent and easier to operate. This expands the range of applications for collaborative robots and quickly pays for itself.
read more...Artificial intelligence requires computing power
The integration of AI in industrial applications is increasing the need for computing solutions that can cope with the complexity of the tasks involved. In addition to the CPU, processors specialized in AI algorithms and large amounts of data are...
read more...More usability through AI?
Flexible and cost-transparent booking of temporarily required resources - a promise that cloud providers often fail to keep: Although the offerings are comprehensive and powerful, they are just as confusing and lack transparency in terms of price. A...
read more...The arrival of AI in mechanical engineering
The number of real AI projects in mechanical and plant engineering is still very limited. This will soon change with a new generation of engineers and, above all, with the market launch of corresponding development tools.
read more...Computer-based vision for robotic systems
Computer-based vision is becoming increasingly important for robotic systems. But how can hard real-time applications and time-sensitive networking be combined with vision systems and artificial intelligence (AI)?
read more...