Advancing security: AI, ML applications make cybersecurity framework agile, & intelligent
Cybersecurity threats are getting more complex and sophisticated each passing day. Modern cyber attackers’ tactics, techniques, and procedures (TTPs) have become both rapid and abundant while advanced threats such as ransomware, cryptojacking, phishing, and software supply chain attacks are on an explosive rise. Over 670,000 cases related to cyber security threats were reported in India in the first half of 2022, as per the Indian Computer Emergency Response Team (CERT-In). Rapid adoption of new technology in the workplace coupled with a global workforce and remote working are resulting in an increase in attack vectors within an organisation.
In an effort to stand up to these challenges, businesses task their CISOs with developing, maintaining, and constantly updating their cybersecurity strategies and solutions. To ensure a robust cybersecurity framework, CISOs should deploy appropriate tools that thwart cyberattacks.. However, an ever-evolving threat landscape calls for multi-layered approach for maintaining safety and security rather than a reactive one.
The emerging threat landscape requires AI-powered cyber solutions:
As the threat perception rises and threat actors increase, it is critical for enterprises to leverage the power of AI (artificial intelligence) and machine learning (ML) to build a robust cybersecurity framework. Cybersecurity solutions powered by AI & ML are not only able to monitor and mitigate the threats, but they also help with operational efficiency by automating tasks. This also helps in ensuring advanced-level protection at an affordable cost.
While AI is designed to give computers the responsive capability of the human mind, the ML discipline falls under the umbrella of AI. It continuously analyzes data to find existing patterns of behavior to form decisions and conclusions and, ultimately, detect novel malware.
The Indian government is taking various measures to enable rising adoption of AI, ML and other emerging technologies in cybersecurity and other industries. In 2020, the Indian government earmarked $477 million for Digital India to boost AI, IoT, big data, cybersecurity, ML and robotics. Programmes by the Ministry of Electronics and Information Technology (MeitY), NASSCOM and the Defence Research & Development Organization (DRDO) have also laid the groundwork for putting Indian on the AI map.
Apart from the development and research, the global shortage of skilled manpower in cybersecurity is glaring. According to the Cybersecurity Workforce Study, over 2.7 million cybersecurity roles remained unfilled in 2021.
In India, the challenge of this skill gap is also daunting. Industry body ISACA has recently reported that around 60 per cent of Indian organisations have unfilled cybersecurity positions owing to lack of adequate manpower.
Amid such shortage of manpower, it is critical for enterprises to automate most of the cybersecurity tasks to support their security posture.
Leveraging AI can help overworked teams to scale up protective services and to automate and orchestrate complex, time-consuming response actions.
The key benefits of using AI-powered cybersecurity solutions are:
- Automated Attack Vector Processing – AI is able to process millions of vectors every second and combat emerging attacks by detecting new patterns in real-time.
- Zero-Trust Security Approach – Human patterns are predictable and disparate data sets without AI are simply not useful nor actionable. AI helps build the complete threat analysis needed to sustain a working zero-trust model.
- Threat Operations Management – AI technology can augment cybersecurity teams by automating the interpretation of attack signals, prioritizing alerts and incidents, and adapting responses based on the scale and speed of the attacker.
Analog Players in a Digital World
Legacy anti-virus (AV) and anti-malware (AM) solutions provide limited protection to enterprises amid growing sophistication of cyberattacks. These legacy systems are signature-based, designed to flag known threats but blind to zero-day attacks. This allows a gap to appear between the initial use of the malware and the existence of a new signature to block it. Such shortcomings make these solutions less capable of thwarting modern-day malware, such as the ones used in ransomware attacks.
Moreover, these threat actors have become are incredibly skillful at creating novel malware. VirusTotal reports that it receives 2 million new samples every day. In 2021 alone, they reported that over a million samples signed with legitimate certificates were found to be suspicious. Only able to defend against known threats, legacy AV and AM are simply unable to keep up with the barrage of novel malware, ransomware, incoming zero-day vulnerabilities, or new hacker tradecraft.
Therefore, engaging with a full-stake cybersecurity solutions partner which can guide and devise a robust cybersecurity framework is preferable.
Usage of AI & ML is Critical in the Current Cybersecurity Arms Race
Artificial intelligence and machine learning can be leveraged very effectively against modern threats and their capabilities go far beyond the identification and flagging of known threats. AI ML-powered solutions are capable of identifying threat patterns, diagnosing new threat vectors and predicting impending attacks based on the emerging trends. Therefore, the application of AI and ML is invaluable in bolstering an organization’s cybersecurity strategy.
Preventative Strategies & Response – With AI and ML, a security solution can autonomously detect and prevent malicious files and processes early in the attack lifecycle. This helps in identifying malware attacks and mitigating such risks through appropriate measures. Such proactive threat remediation reduces the attack surface and lowers the burden on the organization’s IT team.
Accelerated threat hunting– AI and Machine learning, coupled with strong monitoring capabilities, provide SOC analysts with deep visibility into what actually happened on a device during a cybersecurity incident. Such insight helps the cybersecurity experts the exact cause of the attack, its emanating point and other related information. As it replaces the long, manual triage process, analysts are able to know the relationships between events and need no further investigation through forensic tools.
Better Security Strategy – A security solution backed with AI offers users the ability to select the level of protection they want to automate. Wherever enterprises require automation to various cybersecurity systems, AI, ML-powered solutions will execute the same. In case a more permission-based system is allowed, such a system can also be devised.
(The author is Mr. Diwakar Dayal, Managing Director & Country Manager for SentinelOne, India & SAARC and the views expressed in this article are his own)