Artificial Intelligence (AI) has yet to reach a level of thinking, reasoning, and decision-making like humans can do, only digitally. Nonetheless, its benevolence is appreciated in efforts to streamline customer support, improve online shopping, provide auto-advisory, and more. The application of AI is thought to be endless. It would seem it may optimize just about anything. According to Cheddar, today I saw AI can be used to roll a joint more effectively. But let’s not get into that.
AI has been embraced by cybersecurity practitioners and solution providers to keep IT and application infrastructure running smoothly. It is effectively employed to predict vulnerabilities, exploit methods, and potentially identify malicious activity that presents a significant risk to an organization. With AI-based tools, security teams can scour and analyze hundreds (of thousands) of data points for patterns, far more thoroughly and quickly than human efforts. The hope is that with AI, they can identify sophisticated exploits before attackers can steal massive amounts of information or cause havoc. Some have dubbed it the ‘security’ silver bullet. But that it is not.
Not a Silver Bullet, Can Be Made to Sabotage Its Own Purpose
Recently, researchers in Australia found a way to trick Cylance’s AI-based anti-virus into tagging malware as benign. According to a Motherboard article, actors were able to subvert the machine-learning algorithm and cause it to falsely tag already known malware as “goodware.” This was achieved by applying a camouflage over the malware. Instead of altering application code, strings from a non-malicious file were appended to a malicious file, preventing the system from seeing that the malicious file is in fact malicious. There also have been cases where attackers attempt to disturb the machine learning-based defense systems with garbage data inputs. AI alone is not foolproof.
AI Algorithms are only as good as the code that governs them, the data used to teach them, the developer, and those monitoring and tuning. AI and machine learning have to be explicitly taught the rules for processing relevant data, and the dataset informing the AI needs to be of high quality.
Experts mention concerns about the accuracy of AI and machine learning: If the technology gets something wrong, it can actually negatively affect business efficiency. Today it is primarily a ‘postdictive’ technology – discovering events that have happened.
AI infrastructure can increase the vulnerable surface area at each data source integration point. Plan implementations carefully so as not to introduce a means for attackers to access your networked system.
Optimize Your Security Infrastructure with AI technologies
As you look to optimize your infrastructure, keep these key points in mind:.
- AI systems continuously learn unique patterns for each user, device, and network they defend. This can enable you to neutralize never-before-seen threats that subtly indicate unusual behavior, but doing so requires effective planning, monitoring, and management to ensure effectiveness.
- AI systems can be attacked, so hire a dedicated AI safety expert. Most cybersecurity experts often lack an understanding of how to anticipate and prevent attacks against intelligent systems.
- AI often does not keep you from the initial compromise. It generally detects that you were hacked, so its effectiveness is in reducing dwell time. It’s always behind an attack, not in real-time.
- With AI there is still dwell time, and it is still reliant upon non-deterministic guessing. AI tools may be better than static pattern matching tools, when a deterministic analysis approach is not available, but quality in resulting decisions is not a guarantee.
- Be mindful if the technology gets something wrong – or if people misinterpret a valid security alert – it can actually decrease business efficiency. Therefore, the efficiency AI delivers must be weighed against the chance of false positives, and its use must be well thought out before implementing.
Don't Throw the Baby Out with the Bath Water
Artificial intelligence is one element of your security toolset. As you incorporate AI, you should also update your server-side application security strategy. Apply technologies that protect all aspects of the composite application from the web to microservices, down-stream application components and controllers, and at the lowest level – application memory. After all, Gartner now calls memory protection “mandatory.” Ensure vulnerable applications are secured whether or not they are developed in house, and even when threats do not originate over the network.
Visit www.Virsec.com to learn how Virsec ensures application security against the most dangerous attacks for all high valued applications and critical infrastructure systems.
White paper: Why Web Application Firewalls Are Not Enough
2-minute Video: Virsec Overview: Protecting Against Advanced Cyberattacks