X-Industry

Improving Cyber Security With AI

Posted by Bill Schenkelberg on October 25, 2024 at 7:40am

13042220494?profile=RESIZE_400xWith everything turning digital, Cyber Security threats have been growing each day as the attack surface is massive and continuing to grow and evolve rapidly.  In response to this unprecedented challenge, Artificial Intelligence (AI) based tools for cyber security have emerged to help information security teams reduce breach risk and improve their security posture efficiently and effectively.

See:  https://redskyalliance.org/xindustry/ai-s-impact-on-cyber

AI is helping firms to become more resilient against cyber-attacks, making it easier and faster to recover the intelligence an organization’s vast data assets contain.  When cyber incidents occur, internal teams must consolidate information across potentially dozens of different IT systems to remedy the problem.  But unless that forensics process gets highly automated, the enterprise and its customers might wait days, weeks, or even months for important systems to fully come back online.  Such delays can cost the company millions of dollars and cause irreparable harm to its reputation.[1]

To ensure a prompter return to normal operations, companies are putting greater emphasis on backup and recovery.  Despite this heightened attention to resilience, the teams responsible for recovery too often lack the expertise or tools to identify which of an ever-growing barrage of daily alerts might signal an actual incident that requires immediate attention, and which ones are false alarms.

AI can help focus rapid-response troubleshooting in two ways.

  • AI systems are transparent and understandable, offering clear explanations for AI-generated decisions. This transparency helps overworked IT specialists identify the biggest and most immediate threats.
  • AI can unlock the power of collective intelligence, allowing those with the deepest cyber-recovery experience to share that knowledge in a manner that’s useful to IT professionals, especially ones who are navigating their first cyber-attack.

Ultimately, this new era of AI-enabled resiliency, with an emphasis on privacy and security embedded by design principles throughout the AI lifecycle, can help organizations restore operations and ensure that their most vital data assets are safely recovered.  As bad actors are intent on targeting their victims’ back-up data repositories, it becomes even more difficult to fully recover from an attack.

For enterprise resilience, AI represents the next stage beyond a related technology that has been in use for years: machine learning (ML).  ML can learn a company’s typical operational behavior, then flag any anomalies or deviations from the norm that might require further investigation.  These notifications often help security teams tasked with overseeing complex IT environments discover potential issues much faster.  Every enterprise will have a different definition of “normal.”  That makes it challenging for software vendors to train an out-of-the-box ML system to work perfectly across a broad spectrum of organizations.  As a result, ML can too often surface so-called “static noise,” or events that could resemble an attack but are just false alarms.  For example, a team could be working on a new project involving sensitive information.  Seeing a spike in users accessing high-priority data in a short period, the ML system assumes it’s a threat and alerts the security team.

AI systems add a new layer of intelligence to help reduce false signals by considering a much broader set of inputs than ML.  AI can cross-analyze individual events to identify potential linkages, distinguishing false alarms from more serious issues.   This collaborative approach enhances human capabilities rather than replacing them, aligning AI products with the needs and values of users.  This also helps recovery teams become more productive by focusing their attention on only the most critical vulnerabilities, ultimately improving overall security.

With AI, it is also now much easier to disseminate intelligence and deliver these insights in a natural language so that even non-technical users can understand highly complex topics.  Collaboration becomes paramount as partnerships with high ethical standards beget responsible AI practices, where software vendors infuse decades of experience into an underlying platform.

Customers can use an AI engine to mine this accrued database of real-world experience to troubleshoot problems faster.  Think of it as crowd-sourcing data recovery through a global community of legitimate businesses, ensuring that data gets anonymized, and the team can protect proprietary information.

Unlike past applications, if managed correctly, AI becomes more intelligent the more it’s used.  Technology begins to understand a company’s unique environment, offering more tailored outputs.  With knowledge of past events and issues, AI systems, through rigorous testing and quality assurance protocols, can begin to fix similar problems autonomously, only looping in a human employee for approval before execution.  

This article is shared at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC).  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com    

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://register.gotowebinar.com/register/5378972949933166424

[1] https://www.cybersecurityintelligence.com/blog/improving-cyber-security-with-ai-7967.html

Views: 8
Tags: tr-24-294-003, ai, improving cyber, ai systems, collective intelligence, machine learning, ml
E-mail me when people leave their comments –
Follow

You need to be a member of Red Sky Alliance to add comments!