AI and the new threat landscape
Mark Beaumont: Artificial intelligence searching for network anomalies
The cyber security threat landscape is changing faster than businesses and their security teams can keep up. The challenge is compounded by the a genuine skills shortage when it comes to cyber security experts, with some reports estimating a global shortfall of around 20 million security personnel by 2021.
According to Mark Beaumont, Darktrace’s country manager for Australia, this skills shortage and the changing nature of cyber threats is why machine learning and artificial intelligence are the natural go-to’s for companies looking to upgrade their cyber resilience and response to attacks.
“The problem is that there’s no static threat when it comes to cybersecurity,” he said. “And most technologies that deal with cybersecurity are rules-based and depend on detecting signatures of threats.”
Mr Beaumont said that this means security teams need to be pre-emptive about every possible attack, which is an impossible challenge.
With the nature of attacks changing, and the teams that deal with threats being short-staffed, the way forward for businesses wanting to enhance their threat posture is to use machine learning and artificial intelligence to detect changes in the network when they are attack, and to raise a flag with the cybersecurity team, or for the AI software to automatically take steps to stop the attack in its tracks.
“We are not looking for something that is bad on a rule basis,” he said. “We are using unsupervised machine learning to look for deviations from the norm.”
He said that the trick to using machine learning and AI is in getting the alerts right. “There’s a lot of noise about AI at the moment, with people are throwing around the term, but the proof is in how accurately you can generate alerts without also generating too much noise, and the burden that false alerts create for the cybersecurity team.”
Emerging new threats
Phishing, malware and whaling are all threats that companies have to deal with on a daily basis, but new threats are emerging from the booming cryptocurrency trend and the increasing sophistication of attackers’ toolkits, he said.
Mr Beaumont said that security policies and procedures are still playing catch up with these new threat vectors, coupled with the fact that bitcoin mining isn’t technically illegal.
The issue that companies have with bitcoin mining is that it can bring a corporate network to its knees because of the sheer compute power needed to solve the hashes which will generate new currency for the miner.
“There’s one prime example from the world of bitcoin mining that we like to share,” he said. “We plugged our technology into a bank network and saw a whole lot of activity that did not look normal.”
After an investigation, it was determined that an employee had placed servers into the floor of the data centre and connected them to the network, generating anomalous traffic.
The servers were being used to mine for cryptocurrency, and were creating a draw that was creating a burden on the network. The servers were removed, and things returned to normal.
He also said that the first traces of artificial intelligence being used by malicious actors are starting to appear. In the future, these AI attacks could learn from the behaviour of the network about what normal traffic looks like and then attempts to hide its activities from conventional security tools through this camouflage.
“The key issue is that to detect these attacks, you need artificial intelligence to fight the illegal AI. Conventional manual methods just won’t work.”
The emerging threat landscape is one where the normal ways of combatting attacks just isn’t good enough. Coupled with the skills shortage, and organisations need to look to new ways of defending themselves against bad actors and associated cyber threats.
The new world of using artificial intelligence and machine learning could be just the shot in the arm that cybersecurity teams need.
Darktrace is a valued supporter of InnovationAus.com, and was a strategic partner of the ‘Cyber Security: The Collaborative Imperative’ forum held in Sydney on May 15.