The world of information security is often defined as a battle between good vs. bad, with white-hat information security professionals taking on the black-hat cybercriminals. On the day-to-day battleground, capture the flag or capture the data is more apt to the challenge every infosec pro faces today.
Unlike our common adversary, who can compete around the clock, the infosec pro is limited to just a few hours a day trying to keep pace. The everyday working challenges of ensuring confidentiality, integrity and availability are undertaken, not to mention the glut of calls, emails, meetings and change requests, mean they simply cannot compete with their cybercriminal opponent.
Liken this battle to the classic 80’s Commodore 64 computer game Paradroid, by Andrew Braybook. The aim of the game was to travel decks of a spacecraft competing against hostile droids that were usually more sophisticated and better armed than your droid. Once identified, the battle took place within a battlezone.
The relevance is the player had limited resources so had to use quick decision-making to select which circuit to target and implement logic gates to multiply their defence or attack. At the end of the battle, if the player was successful, the hostile droid was defeated.
This virtual battlezone of the 1980s is similar to the modern-day networks that infosec pros are working with. Technology countermeasures are the logic gates that currently help defend networks, but organisations still need to make quick decisions to guide the technology. The good news is that they have a secret weapon to join our fight.
The rise of artificial intelligence
Global markets have been assisted in the past few years by trading robots, which use artificial intelligence (AI) that is so self-directed that few humans can predict what they will do next.
But AI still has a fundamental problem in that it is unable to improvise, and acts randomly or in a limited number of predetermined ways based on a finite number of programmed conditions.
This is currently an axiom until the availability of true AI, which is currently the concern of visionaries such as Hawking, Gates and Musk, and until that point human intervention will continue to be used to help predefine set conditions.
The requirement for machines to help with this daily challenge in infosec is often overlooked, but organisations do have the option of using technical forms of intelligence that can aid them.
We are on the verge of automated AI in business, and machine learning (ML) from data is now used in most businesses on big data sets with improved results.
Amazon recently announced a ML service that can be used to predict results from data, based on its own proven algorithms that are used to predict customer spending habits. This is so valuable that in a few years every organisation will have access to this or a similar service.
So how is this beneficial to infosec pros? They have battled for the past few years to gain better insight into threat behaviour and now need to utilise AI to help guide critical decision-making.
Threat modelling, threat prediction and threat analysis are all phrases that are used to define how infosec pros have tried to better understand the threat based on theory. The missing piece is great data and statistics that can be entrusted to back traditional research to give applied and proven theory.
Practice makes perfect
In information security, identifying and using known indicators from executing malware gives an advantage when facing a sophisticated threat, but on its own it is limited as the threat is metamorphic.
The requirement is to practice and identify tactics, techniques and procedures – and hire people who have the required security domain expertise, who can hack, who have access to or can mine for good data to understand winning techniques, and who are business savvy and great communicators.
This could currently be considered the Holy Grail of infosec, but perhaps may become the standard requirement in job profiles for all senior positions by 2020.
AI has a strong role to play in this battle against the cybercriminal and in future the requirement for technology to help counter the threat will only become more vital.
More advanced AI that can identify patterns, perform automated triage and take action every time against the adversary is consistently maturing and, in many guises, is already available in limited form.
Employees will continue to make mistakes and the biggest incidents in the future may be initialised by an employee, yet on their own they are not the only player that can counter this daily battle.
AI will be the catalyst to help the infosec pro more often than not win the battle against the cybercriminal. Strength in numbers, fast decision making, machine learning and the rich context provided by AI will ultimately help us win our future battles.
Sourced from Neil Thacker, Websense