When AI enters the maze of cybersecurity
Broadly, the focus was on how to secure the cyberspace, protecting the digital services and infrastructures that nations and citizens have come to depend upon, implementing the right tools to protect data, “a strategic asset” as put it Juri Luik, Estonia’s Minister of Defence who came to testify how his country had been the first in Europe to suffer a full-out cyberattack from its Russian neighbour.
“Unlike in the past, the defence sector depends on the civilian sector that is driving the technology, innovation is led by the private sector and the state has to adjust to that. All states shall invest in cybersecurity as national borders do not exist in the cyberspace where everything is merged into one battlefield”, Luik said during a plenary session titled “Innovation and Cybersecurity”.
“It is not just a technical matter for tech junkies, but it impacts politics too” he added, mentioning last year’s European-level cyber defence exercises focusing on situational awareness, crisis response mechanisms and strategic communication.
Florence Parly, France’s Minister of the Armed Forces joined Luik on stage to highlight the necessary cooperation between all the European states on cybersecurity. “Everything is connected, the IoT collects data, analyse it and with this hyperconnectivity, all our society and e-lifestyle is threatened by invisible untraceable enemies” Parly said. “The digital space is structuring the battlefield, at home and abroad, and if we don’t innovate and invest in research for cybersecurity, others will do it in our place. But I won’t let this happen”, she added before discussing the need for reorganizing Europe’s numerical resilience, to better anticipate threats, protect our networks and fight back when necessary.
As cyber-sovereignty as become a major stake, the French Minister of the Armed Forces unveiled plans for the French army to invest 1.6 billion Euros for cyber-defence between 2019 and 2015, increasing the ranks of its cyber-soldiers from 3,000 today to 4,000 by 2025. She also announced the creation of a European kernel of cyber-defence to share incoming threats in real time.
A plethora of encryption and network traffic monitoring solutions were on display, but among the 350 exhibitors were also companies offering cyber security testing environments and so-called ethical hackers ready to safely hack into your system and disclose your network’s vulnerabilities.
In the European context, security consulting company Yes We Hack claims to offer the first Bug Bounty platform in Europe. One that allows companies to crowd-source their security tests, relying on so-called “white hats” or ethical hackers who’ve agreed to follow responsible vulnerability disclosure procedures, abiding by the rules, principles and legislation of the European economic area.
Yes We Hack’s Bounty Factory helps companies create a Bug Bounty Program (BBP) which rewards individual hackers for finding bugs in code (software, web sites, network protocols etc.).
“All our servers are situated in France and our encrypted data is hosted by French cloud provider OVH in compliance with European laws” highlighted Nicolas Diaz, Communication Consultant at Yes We Hack during an interview with eeNews Europe. With its Bounty Factory and its 3700+ registered ethical hackers, the company can offer continuous testing while federating and ranking the white-hats, also raising their profiles for would-be recruiters in cybersecurity.
One hot trend at the conference was the use of Artificial Intelligence (AI) to counter cyber-attacks or stop malware in its track. In a talk titled “Connected Intelligence”, Trend Micro’s technical director Renaud Bidou gave us his vision for 2020, arguing that learning from experience, more bugs and more patches would follow, opening room for new worms exploiting unpatched vulnerabilities. “What will never change is that there will always be bugs, patches, and users will click” (on links to malware or compromised documents), he said.
“Hackers will be hackers and someone will eventually enter your system, this will never change. What’s new is that the surface attack will be less controllable as it expands, from contained servers to workstations, laptops, smartphones, connected watches, homes, smart factories and the pervasive cloud” Bidou noted.
“But the good thing is that we can now use AI to secure the connected world and detect on-the-fly suspicious unknown threats. Tomorrow, smart security won’t be good enough, we need intelligent security.”
Describing a successful phishing scenario where a hacker could impersonate a colleague with all his credentials, say the CFO, asking by direct email to the CEO an unusual money transfer, Bidou said that even such an attack could be automatically thwarted by an AI algorithm, modelling all human behaviours in the company as well as the traffic patterns on the network to identify any deviation from standard behaviours. “An AI-driven security system could email back to the CFO and check if he really made that request, it could also warn the CEO” Bidou put as an example.
“In 2020, data will overload our traditional analysis capabilities, but AI takes its value from data and it will have plenty of it from IoT. So let’s take advantage of this context to make security more reliable”.
Asked if AI would also benefit hackers in the arms race, Bidou noted that AI was already being used by hackers to scavenge data on social networks and identify the profiles that would be the most susceptible to phishing. “That way, they augment their chances to successful phishing. Some adverts on the web are even compromised and monitored in order to identify the most gullible profiles”, the technical director told eeNews Europe.
On the exhibition floor, a spokesperson for PhishMe somehow agreed that with increasing encryption and security checks at endpoints, phishing based on social engineering remains the surest way to get administration credentials and compromise a network. On its website, the company reports that more than 90% of breaches can be attributed to successful phishing campaigns. Hence, it proposes to train employees and partners so they become part of the cybersecurity solution. PhishMe does that by organizing innocuous phishing campaigns (taking the unapologetic clicking end-user to awareness campaigns about phishing).
Now, could hackers step up their game with AI to analyse and understand how colleagues communicate and what language patterns they use, so their phishing campaigns would be more successful? The possibility exists, though it may take a long time before such efforts pay-off, as humans are unique in understanding the specific social traits and forms of expression of their collaborators, argued the PhishMe representative.
Going back to the use of AI for cybersecurity, American company Vectra leverages artificial intelligence to automate security operations, identifying threats by detecting abnormal data traffic across the network, starting at endpoints. Whether it is to exfiltrate data or encrypt it with ransomware, hackers need first to compromise an endpoint and scan for the protective measures in place. Vectra’s Cognito tool analyses the behaviour of every piece of equipment and of all users across the network and identifies any deviation from standard. The tool automates the hunt for cyber attackers and can instantly prioritize the highest-risk threats, triggering immediate response such as endpoint isolation if need be. “80% of the algorithms they use are pre-trained for certain patterns but 20% of them learn on the go in the network so detection can be customised to the environment were Cognito operates”, explained David Clarys from distribution partner Exclusive Networks. The AI algorithms and the data analysis are centralized in a dedicated Vectra appliance. Last year, the company reported a triple-digit revenue growth, quarter on quarter.
Likewise, Cambridge startup Darktrace leverages unsupervised machine learning to detect data anomalies and threats across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. The company likes to describe its security solution, the Enterprise Immune System, as a set of AI algorithms that does not require previous experience of a threat or pattern of activity in order to understand that it is potentially threatening. The Enterprise Immune System works automatically, without prior knowledge or signatures, detecting and fighting back against subtle, stealthy attacks inside the network, in real time. On its website, the company claims its unique, unsupervised machine learning has already identified over 63,500 previously unknown threats in over 5,000 networks, including zero-days, insider threats and subtle, stealthy attacks.
Related articles:
Intel produces white paper, benchmark on Meltdown, Spectre
Liverpool cyber-attack sparks debate
Research claims cyber-attack vulnerability to rise after UK quits EU
AI scrutinizes gesture biometrics to secure smartphones
Infineon preparing post-quantum cryptography for cars, infrastructure
UK issues security guidelines for driverless car designers
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
