Terry Greer-King at Sonicwall describes how AI-powered cyber-security is setting the pace as threats evolve in real-time
The last 12 months has seen an exponential growth in the volume and sophistication of cyber-crime. Whether it be ransomware, social engineering, or credential compromise, hackers are more determined than ever to target businesses and institutions as the pandemic leaves them more vulnerable than ever.
Businesses are doing everything they can to combat cyber-attacks, but it’s difficult to foresee what new campaigns will arise and how they’ll work. It’s even more difficult to predict what the next significant threat will be. The Zeus trojan and Locky ransomware were once major threats, but now it’s various botnets, the Trickbot trojan, and various ransomware families like Ryuk, Cerber and SamSam.
It is difficult to defend your company against unknown threats and, now that cyber-threats can evolve in a blink of an eye, traditional defences are no longer fit for purpose. It’s clear that rapidly adapting, AI-powered cyber-security systems are the future.
With a record-breaking year for ransomware, this technology could come at no better time. In the first half of 2021, ransomware attacks skyrocketed to 304.7 million, smashing 2020’s total number of attacks (304.6 million) in just six months — a 151% year-over-year increase.
In today’s climate, AI is opening up new possibilities for cyber-security, analysing massive quantities of data to speed up response times and augment under-resourced security teams.
Cyber-security AI is trained by consuming billions of data points, using machine learning and deep-learning techniques to improve its knowledge and “understand” ever changing cyber-security threats. Darktrace, and their recent IPO, exemplify just how popular cyber-security AI is becoming to detect sophisticated online attacks.
Given the diverse and increasing number of threats, companies need to ensure that they conduct full risk assessments, develop a security plan that includes incident response and business continuity contingencies, and deploy trusted cyber-security solutions to ease the burden on staff.
A remodelling of old security methods must be applied across all sectors, as many industries now need enhanced technological assistance that wasn’t required before the demands of the pandemic.
Gathering insights and using advanced reasoning, AI can identify the relationships between threats, such as malicious files, suspicious IP addresses or insiders. This analysis takes seconds or minutes, allowing security analysts to respond to threats up to 60 times faster, and saving valuable time for overstretched IT teams to focus on other key areas.
AI eliminates time-consuming research tasks and provides curated analysis of risks, reducing the amount of time security analysts take to make the critical decisions and launch an orchestrated response to thwart real threats.
The new frontier: machine learning
One leading technology in the AI cyber-security space is Real-Time Deep Memory Inspection (RTDMI). RTDMI uses machine learning to detect never-before-seen malware and forces it to reveal its weaponry in an airtight sandbox environment, preventing even the most nefarious zero-day threats and unknown malware.
RTDMI expands on traditional sandboxing techniques: most legacy sandboxing technology can only analyse and prevent known threats. However, AI cyber-security can deliver real-time inspection of suspicious files that firewalls don’t have a known signature to check against, and update their systems in order to prevent against them.
Using dynamic analysis, RTDMI allows suspicious files to execute in a custom virtualized environment without the suspicious file being aware of the observation. Then, when the suspicious file unveils code that exhibits characteristics of being malicious, RTDMI detects it and acts accordingly.
The malware is observed in memory at a near-real-time speed, so this helps organisations identify and block never-before-seen attacks that are so new they cannot be stopped by static controls and traditional approaches.
Following a year of 304.6 million cyber-attacks reported worldwide, RTDMI technology discovered 185,845 of these never-before-seen malware variants in the first half of 2021 — a 54% year-to-date increase over 2020.
RTDMI also is proven to proactively detect and block unknown mass-market malware, including malicious Office and PDF file types. This is all down to RTDMI’s machine-learning capabilities, which means it is constantly improving against the ever-increasing sophistication of malware and ransomware techniques.
But uncovering new kinds of malware isn’t the only way machine learning can be deployed to boost cyber-security: an AI-based network-monitoring tool can also track what users do on a daily basis, building a picture of their typical behaviour. By analysing this information, AI can detect anomalies and react accordingly.
Staying ahead of the threat
Moving forward, if the cyber-security world is to withstand the rise of smarter threats, old and new technologies must adapt their functionalities towards AI. With the increasing intelligence of cyber-criminals, human capabilities cannot cut it alone. As data moves faster and beyond the human periphery, an increasing emphasis on machines acting as the most viable solution to defend against cyber-attacks will be seen.
But while AI and machine learning do provide benefits for cyber-security, it’s important for organisations to realise that these tools aren’t a replacement for human security staff.
It’s possible for a machine learning-based security tool to be programmed incorrectly, for example, resulting in unexpected — or even obvious — things being missed by automated processes. If the tool misses a particular kind of cyber-attack because it hasn’t been coded to take certain parameters into account, that’s going to lead to problems.
Similarly, a report by Europol has warned that artificial intelligence is one of the emerging technologies that could make cyber-attacks more dangerous and more difficult to spot than ever before. It’s even possible that cyber-criminals have already started using these techniques to help conduct hacking campaigns and malware attacks.
The need to detect malware threats at real-time speed is crucial. As AI evolves, businesses must keep up with the increasing intelligence of cyber-criminals.
Terry Greer-King, VP EMEA at Sonicwall
Main image courtesy of iStockPhoto.com