Artificial Intelligence is bringing intuition to Cyber Security
Cyber Security is the protection of information assets, which are highly valuable to an organisation, writes a security expert.
In the early days of the internet, Cyber Security wasn’t of importance since most computers linked to the internet were part of academia, where trust played a major role. In addition, traditional networking wasn’t secure by design, and did not encompass elements of security.
As the internet grew, organisations started realising the efficiency and productivity the internet brought, and applications and software were developed. The vast repository of information, and ability to cause damage sitting anywhere in the world, led to a proliferation in the number of cyber attacks.
In October 2015, a lone hacker launched a devastating cyberattack on the telecoms operator, TalkTalk. The attack exposed 1.2 million email addresses, names and phone numbers, and 21,000 unique bank account numbers and sort codes. When the dust settled, TalkTalk had lost 100,000 customers, and consequently a third of their share price. It then emerged that the hacker was 16 years old, and had exploited a basic vulnerability in TalkTalks systems that was older than he was.
Such attacks are not uncommon, and prey on the inherent vulnerabilities in many technology companies. It has been observed that an average website is attacked in this way more than four times a month, and these attacks are becoming more frequent. Since 2005, data breaches have increased by 500 per cent (Gartner), with more records exposed than ever before.
Traditional Cyber Security solutions involved certain blacklists or signatures which contained information about attacks or threats. For an anti-virus software, this would involve signatures or updates if viruses known by the vendor. Similarly, for an intrusion detection system, rules and patterns of known attacks would be the basis for detecting intrusions.
However, these static systems can’t keep up with advanced attackers. Today, institutions are being attacked with sophisticated attacks which bypass traditional intrusion detection systems. Similarly polymorphic malware, change their form and evade detection mechanisms.
Take for illustration, an airport security check, known items such as water, gold, and metals are searched for and prevented from being taken in. However, nobody knew that the Galaxy Note 7 was dangerous, till an incident already happened. Each risky item must have first been let in, and then caused sufficient issues for security personnel to consider banning it.
This is similar to traditional intrusion detection systems which can only recognise certain things that aren’t allowed on the network. A better approach would rely on the intuition of security personnel to know what items are allowed in, and banning everything else. New threats would consequently not have the opportunity to cause damage before they are stopped.
Before now, such an approach has not been possible in Cyber Security. Although computers are excellent at performing easily definable tasks, they lack the sense of intuition that humans take for granted. The recent advances in artificial intelligence facilitate intuition in the world of cyber defence. Deep Learning techniques allow learning ‘good’ communication patens over time and can detect deviations from it.
Today, a lot of the workflows for organisations are completely digitised, and these are critical for the organisation to function. In addition, private data about individuals, and sensitive business data is stored on servers. A disruption in the network through a cyber attack or data breach could imply a massive financial impact due to lost productivity, fines and also reputation.
In addition, there has been a large shift in how organisation treated IT, from only having trusted computers on premise throughout, to the world of mobility and BYOD (Bring your own device) which opens a whole new set of challenge of managing a set of diverse devices which aren’t under the organisations control. The IT Security systems which handed previous systems, simply aren’t enough for the current environment of dynamic devices.
Cyber Security attacks are no longer just targeted towards corporates, but also various governments and countries. The next war is said to be an information and cyber war. Reports suggest that Russia interfered in the United Stated elections, and tried to influence it. The DNC (Democratic National Committee) was hacked and emails were leaked, this undermined Hillary Clinton’s position, and strengthened Donald Trump’s. Elections are sacred and sovereign, yet the recent events show how they can be influenced. Nations are now ramping up both defence and offensive cyber warfare capabilities.
One of the advancements in the cyber space is Active Cyber Defence, which is playing the attacker and learning his tactics. In some instances, it may also involve attacking back the perpetrator. Active Cyber Defence involves learning the motivations behind how an organisation becomes a target for an attacker. Decoy honey-net technologies are being developed which can actively divert an attacker to a sandboxed virtual environment, and understand the tactics and strategies of hackers, to contain damage, and develop countermeasures. The future of Cyber Security is intelligent defence by learning from the attacker.
Our company, Spherical Defence was recently selected for the UK Intelligence agency, GCHQ’s Cyber Security Accelerator. We’re building a Web Application Firewall (WAF) using Deep Learning, to detect advanced attacks for the financial services sector, and have achieved an intrusion detection score of 99.92 per cent. Traditional WAFs rely on rules and signatures, whereas our technology uses Artificial Intelligence to build a baseline of normal communication, and detect hacks.
Cyber Security companies across the world are coming up with innovative technologies that are solving different parts of the security puzzle. Start-Ups are solving problems ranging from intrusion Detection and Advanced Malware detection, to code obfuscation. Traditionally Cyber Security companies have been concentrated in Silicon Valley and Israel, however today geography is no barrier. Indian companies have come out with security products and are now going global. The rapidly growing landscape required innovation, and companies with strong intellectual property and revolutionary technology, can compete with incumbents.
For the past two decades, Cyber Security has relatively been the same. The recent advances in Machine Learning and Artificial Intelligence, have led to applications of these techniques to cyber security. These advances combined with the increased need for cyber defences have helped startups flourish.
The Cyber Security market is quite nascent in India, with a few companies and lots of potential. In addition, customer acquisition is much simpler and faster in India, than a place like the US or UK, where Proof of Concepts and Trials involve navigating a complex maze of hierarchy. This helps with the go-to-market strategy and leads to quick product validation and paying customers, which makes the startup shine in the global arena.
Dishant Shah is the Founder and CEO of Spherical Defence, a cyber security company born in Pune and now based in the UK.