As threats multiply and become increasingly complex, new artificial intelligence solutions help to proactively safeguard IT systems in real time. However, technological progress also helps cyber criminals.
From ransomware to cryptomining and advanced persistent threats, hackers really are striving to outdo one another. Cybercrime and particularly phishing soared during the Covid-19 crisis, putting the issue back in the spotlight. However, these threats become increasingly complex and unpredictable and traditional security systems – such as antivirus and antimalware software and firewalls – are found wanting.
“Detecting a potential threat and being able to react quickly can make all the difference”
These solutions generally involve playing catch-up with hackers by creating a signature and a vaccine for each new threat. Signature-based intrusion detection systems do not therefore protect users from “zero-day” attacks – vulnerabilities that have not yet been publicly announced or patched.
Artificial intelligence is a game changer in this respect, as it has been in many other fields. Self-learning technologies (such as machine learning or deep learning) adopt a statistical approach by examining files thoroughly before giving them a confidence score.
AI also harnesses behaviour analysis to detect faint signals. An employee logging into the company IT system at 3 am from another country may seem suspicious, but it may go unnoticed by traditional firewall rules.
According to Loredana Mancini, Business Development Director at Axians Cybersecurity, the VINCI Energies ICT brand, “detecting a potential threat and being able to react quickly can make all the difference when it comes to cybersecurity, an area where prevention is better than the cure”.
In addition to this pre-emptive approach, AI can reverse-engineer viruses. To use a medical analogy, reverse engineering entails finding DNA shared by all malicious codes to help the immune system act faster.
AI also automatically issues notifications for suspected incidents, relieving cyber defence teams of unrewarding and repetitive supervisory tasks. Security orchestration, automation and response (SOAR) solutions are the first step in the incident response process within security operations centres (SOC).
But AI is a double-edged sword and can also be put to wrong use. For example, regarding privacy, “the ability to analyse and correlate data can lead to the disclosure of personal information that was not intended for public release”. This raises privacy concerns, particularly in relation to General Data Protection Regulation (GDPR) compliance.
As Loredana Mancini points out, “AI can also be used by hackers to learn from the past to create more complex attacks that automatically reconfigure our models.” The protection system can turn on the company it is meant to protect and act as an attack vector by injecting poisoned data into the AI engine. Standardisation groups are working on securing such solutions.
The Business Development Director at Axians Cybersecurity concludes, “it is always important to remember that a system’s security hinges on every link in the chain. If any of these links are weak or broken, the security of the entire system is compromised.”