Artificial Intelligence and Machine Learning continue to trend upwards in popularity and varied use cases worldwide. One of these use cases is also ensuring security of workloads and infrastructure. Traditional approaches of security are giving way to the era of AI and ML. Along with automation, IT admins are relying on these powerful tools to
- Identify threats: Ensure new threats and attacks are identified quickly,
- Take action: Action is taken on identified threats across the network and
- Use the cloud: Leverage knowledge of threats across geographies
How can brand new attacks be identified?
Most innovations, in any industry, are an evolution of existing technologies. Take the automobile industry, for example. The technology in the cars of today bear little resemblance to the cars that were invented almost a 100 years ago now. Today’s automobiles have evolved to use microprocessors and semiconductor chips in them that make them akin to nothing that could have been envisioned even 50 years ago. However, there are still basic parameters that remain the same, such as the number of tyres in the car, the axles, the steering wheel, etc. As humans, we have learnt to distinguish between vehicles enough to identify a car when we see one. Machine Learning is making the machine learn this as well. Feed a computer enough images of cars and with a few complex algorithms, it can differentiate a car from a bicycle. Threat detection and threat prevention engines today apply similar strategies to detect new threats. Having been fed a diet of different attacks, machine learning algorithms can identify the signature of a new threat when it sees one. The better the quality of the algorithm, the better the chance of identifying a threat in time for preventive action to be taken. Now that the attack vector has been identified, what next?
Take action, automatically
Not taking action on identifying an attack is like being a sitting duck watching a hunter take aim at you. There is only going to be one result. On the other hand, with the number of attacks on the increase, a single duck can’t do much when it has hundreds of hunters aiming at it from all directions. The duck needs help. The help can arrive in the form a bulletproof armour that fends off all bullets, perhaps! In the world of computer networks, the bulletproof vests can vary from simple firewall rules blocking all attacks or they can be point protection from different attacks. By this I mean that some attacks can be isolated to a small segment of the network. Security policies will need to be applied to appropriately isolate that section and ensure that there would be no collateral to other segments. In other words, it is important to mitigate lateral propagation of threats. Intelligent automation and Artificial Intelligence can bring this theory to fruition. The ability to apply knowledge of threats at different attack points is critical. The intelligence to identify and apply appropriate policies is not incumbent on manual intervention any more. Effective use of AI alleviates the job that was reliant on manual intervention and prone to errors. Now, how about applying the learning from the network in, say, Bengaluru, to one that is running in Miami?
Use the cloud
This is where the multicloud and hybrid cloud architectures find appeal. The ability to share learning’s and threats identified in one location with another by leveraging the ubiquitous nature of the cloud architectures, IT admins and CISOs can ensure that uniform security posture is mentioned irrespective of the origin of the threat. Inevitably almost, all enterprises have a presence in one or more public cloud environments. These Infrastructure as a Service (IaaS) providers also provide threat feeds that their customers can leverage. These feeds, in conjunction with effective and efficient sharing of the threats identified in their own data centers situated across the globe will result in an improved quality of sleep for the IT admins and heads of companies! Again, there is intelligence to be applied by humans in the design of the network and in the application of AI to this sharing of threat information. AI can’t completely obfuscate human intervention, not yet anyway.
For security personnel anywhere, the challenge is to always stay a step ahead of the bad guys and the technology industry is no exception. Using the helpful tools of AI and ML, admins can augment their security posture. The bad guys are using them to innovate on the attack front. Ignoring them in defending against such attacks is at the company’s own peril.
What applications do you see in AI and ML in enhancing the security of an organisation? Do share your thoughts!