I come from a military intelligence and cyber operations background, where an intelligence-led approach often contributed significantly to mission success. In this blog, I’ll focus on the role of intelligence and AI in cyber security, explaining why I believe it’ll become an important contributor to protecting organisations from cyber-attacks. AI will no doubt enhance cyber security, but conversely, it’s likely to broaden and complicate the threat landscape too.
AI and cybersecurity – a game of cat and mouse
AI opens up important functionalities in cyber security, including the ability to dynamically adapt to the sophisticated and contemporary threats, that we help organisations face on a daily basis. Recognising, learning and modelling behavioural patterns enhances security specialists’ ability to triage threats and remediate attacks rapidly. AI can reduce the dependency on human intervention, increasing efficiency, effectiveness and scalability. All of which enable the optimisation of security, human and tech resources.
However, AI brings a new set of challenges which can feel like an endless game of cat and mouse. Adversaries use AI technology and techniques to their own advantage to elude our enhanced defences. This includes developing ways to confuse AI security models to evade detection and circumnavigate threat responses. It also gives cybercriminals the opportunity to deliver greater and more complex attacks, such as AI-enabled evasive malware that appears trustworthy, and self-learning botnets. This is where PCs, servers, mobile devices, and internet of things devices are infected and controlled by a common type of malware.
Apply intelligence at each attack phase
Whether a tactical military operation, cyber security attack or counter attack, intelligence plays a fundamental role in shaping operations. If you want to understand your adversary’s intentions and motivations, their choice of attack, strengths and weaknesses, then intelligence can help articulate this and aid the decision-making process.
Each cyberattack consists of several phases, for example, reconnaissance, initial exploit, command and control, privilege escalation and data exfiltration. Certain types of behaviour and activities associated with each phase can be indicative that an attack is taking place, provided you’re looking for it.
This is where machine learning and AI play a part in spotting anomalous patterns and adapting as those patterns change. The ability to learn and identify such behaviours at each stage using intelligence has an invaluable role in minimising the impact, through early detection and rapid response times.
Machine-enabled, intelligence equipped humans on the hunt
With cyber attackers using increasingly sophisticated methods of attack, businesses must be on the front foot constantly. In practice, this means proactive monitoring, intrusion detection and incident response, all underpinned by threat intelligence and security analytics.
The priority here is understanding what ‘normal’ looks like and ensuring you can detect those abnormalities that tell you an attack is being planned. For example, this may be when the attacker is in the reconnaissance phase and simply spending time observing your environment, getting to understand it to exploit and compromise it.
By being proactive, expert analysts utilising end-point technology enriched by machine learning can conduct searches in an environment to establish and baseline normal behaviour. This facilitates ‘hunt’ missions on data flows to detect and respond to behavioural anomalies that traditional security devices wouldn’t recognise.
Our proactive stance involves expert cyberhunters getting to know our customers’ environments, monitoring them daily to spot and shut down potential vulnerabilities. Yes, these experts are using end-point technology with a degree of machine learning, to conduct searches and establish normal behaviour. However, this only facilitates their hunt missions to protect businesses.
AI can help bridge the cybersecurity skills gaps
With attacks increasing in volume, frequency and sophistication, it’s concerning how unprepared many businesses are in their ability to detect and respond to an attack. Limited budgets, constrained resources and a widening skills gap will only serve to compound the shortage of expertise. This is likely to be an area that businesses invest in AI to address the void. The shortage of expertise may prompt some businesses to invest more heavily in AI cybersecurity to address this gap.
This makes sense, but for all the reasons explained in this blog, while AI is a powerful enabler, we see it as working together with human intelligence. Therefore, people remain at the heart of our cybersecurity operations.