Are hackers better at using AI than defenders? “There are three parts of any security strategy. You want to be able to detect, to prevent, and to respond,” says the Global Chief Technology Officer of Dell Technologies. “It turns out that in the 'detect' area, we are well underway. If you are using a security event information-management service or managed-security service provider, and they are not already using high degrees of advanced machine intelligence to detect threats, you already lost. The other two, however, are not in place yet. For instance, once that attack occurs and you are compromised, the speed in which you can respond today is primarily gated by human effort which is not fast enough because the attack is definitely coming from something that's enabled by machine intelligence, advanced automation.[1] Candidly, we still have a lot of work to do in this regard, because I think we have over-rotated towards the detection model,” he added. “So, it's a good news and a bad news story. We're better at detecting and we're probably moving at the same speed. But the response mechanisms, the reaction to them, are clearly not where they need to be today because they're mostly driven by human effort.”
The Chairman and CEO of Rapid7, which deals in security analytics and automation, agrees. “If you look at what's happening more broadly, it's that most of cybersecurity, believe it or not, is still incredibly manual in orientation,” he said. “In a manual environment where we are massively resource-constrained and things are escalating, we have to actually get better at doing two things: one, automating more things, but also, two, getting comfortable with which things humans should make the decisions of and which things computers are better suited to make decisions of. I would say that there's still a lack of trust, both on automation and AI, for some of the operational challenges.”
The large part of the problem, as both experts see it, is that attackers are using AI and automation on a less complex but still very effective scale that allows them to exploit flaws in security systems. “The level of automation is just pervasive,” said the expert. “The machine intelligence, the machine-learning technologies that allow them to process data to find vulnerabilities, that's fairly well utilized. Full-blown, autonomous systems, not so much yet. And the main reason for that is the bad guys actually have all the time in the world. They just need to find one gap. They don't need to respond at scale. You, on the other hand, have to react to every bad guy doing every theoretical attack, so it really has to be a mismatch on your side using automation and moving to more aggressive use of AI to automate the response processes, detection processes because of this mismatch of bad actors only having to find one vulnerability and you having to protect against everything.”
While many researchers warn that there is not a “big AI hacking brain that actually makes all the decisions,” many caution that hackers are increasingly using automation to avoid detection from AI security systems. What is worse is that the hackers are getting better and better at it, while their targets are not sufficiently improving their own protection measures. “The bad guys are crushing many of us in terms of automation,” said one reseacher. “They're getting much, much better at using intelligent systems and AI to do reconnaissance, which allows them to narrow down targets very effectively. They're usually using AI to decompose software to figure out where vulnerabilities exist extraordinarily effectively.”
When asked to offer advice at the conclusion of the event, one expert offered a simple idea, “Don't view AI in the security context as an added feature. You have to treat it as a core component of all things security, just like all things business process or all things application. Don't compartmentalize it into a specialist team that, in isolation, deals with ‘AI Develop’ and invest in the capability across the entire organization because it's a tool, and if you don't use it everywhere, you're basically leaving something on the table.”
So where do this technology and hackers come from? Many rogue nations develop and train in AI only to have that expertise pushed into the criminal realm. Artificial intelligence is set to revolutionize the world, empowering those nations that fully harness its potential. The US is still seen as the world AI leader, but China is catching up quickly. The race is central to the US-China rivalry and a critical facet of the economic and military competition that will define the decade.[2] And do not discount Russia. China and Russia often send their AI expertise to their 2nd and 3rd world country allies.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/3702558539639477516
[1] https://fortune.com/2021/11/09/cybersecurity-experts-ai-threats/
[2] https://www.bloomberg.com/news/videos/2021-10-20/china-s-race-for-ai-supremacy
Comments