InfoSecBulletin Cybersecurity for mankind
Okta, who provides authentication services to many large companies including FedEx, Sonos and T-Mobile, confirmed that they have previously been hacked, falling victim to a data breach.
With the potential to cause a number of issues for not only Okta, but for the companies it services, many businesses are now on high alert, keen to protect their data.
Cyber crime presents a major risk to global prosperity in the Fourth Industrial Revolution. As these attacks grow in volume, artificial intelligence (AI) not only supports under-resourced analysts but also provides a wide range of protection from malicious attacks.
Here, we look at five ways AI can help prevent different types of cyber attacks.
AI fighting spam and phishing
Phishing, a type of cyber attack where the crook tries to impersonate a person or company to deceive the victim, is a major threat facing businesses. By basing algorithms on understanding and recognising patterns from enormous piles of data, companies can create a system that can identify unusual behaviour and anomalies. By using data analysis and this algorithm, AI can identify spam and phishing emails by taking into account the message content and context when looking for anomalies and warning signals.
Leading AI cyber company, Darktrace, can help prevent such attacks with its Darktrace for Email solution. This solution analyses links and attachments in connection with all email communications across the business. When phishing attacks occur, its Antigena solution will recognise that neither the recipient nor anyone in their peer group has visited the suspect domain before.
Many cyber criminals use the domain name system (DNS) to access valuable customer and business information. By analysing trillions of DNS queries to better understand where the bad actors hide, machine learning (ML) and AI can protect companies from these types of attacks. DNS poisoning is done when an attacker intercepts a DNS request and sends a fabricated (poisoned) response to the client. This is an acute problem facing businesses as there are more than 30,000 DNS poisoning attacks daily and 70% of all cyber attacks involve the DNS layer.
DNSFilter offers AI-powered DNS security. Its DNS Filtering solution blocks online threats and inappropriate content. The solution uses DNS to categorise and then block or allow access to various websites. DNS filtering is considered edge-layer protection because it provides security at the outermost security layer—the internet.
Using AI to identify advanced malware
Malware is an actively growing threat to cybersecurity, but AI empowers company defense strategies to grow with it. As each sample of malware passes through the model, the AI becomes stronger. Deep learning AI has enabled companies to optimise their malware protection strategies by increasing the quantity and accuracy of the data it analyses.
Secured access service edge (SASE) leader, Netskope, has developed a comprehensive, multi-layered threat protection system to scan its customers’ network traffic. AI/ML is used to power multiple engines in the inline fast scan, as well as static and dynamic analysis-based deep scan to help identify malware.
Authentication is central to cybersecurity and the evolution to multi-factor authentication (MFA) has helped better secure access. As cyber criminals evolve their tactics, AI plays a crucial role in improving authentication processes. Traditional authentication processes execute its threat protection at the log in stage, AI systems can detect and respond to threats throughout a user’s session. For example, if the user suddenly moves to a new location and device, or attempts to access financial information that isn’t relevant to their work, they’ll be prompted to verify their identity.
Implement risk-based authentication company, OneLogin, offers an AI-Powered SmartFactor Authentication that streamlines visibility into login attempts in real-time, enabling users to act quickly and address high-risk activities, easily define risk thresholds and automatically adjust authentication requirements.
Breach risk prediction and AI
AI systems have the ability to predict how and where organisations are most likely to be breached, so that they can plan for resource and tool allocation towards areas of weakness. Prescriptive insights derived from AI analysis can help organisations configure and enhance controls and processes to most effectively improve their cyber resilience.
SentinelOne, a pioneer in autonomous security, takes risk prediction a step further with its WatchTower solution. This service extends visibility and actionability to novel attacker techniques, global APT campaigns, and emerging cyber crimes with intelligence-driven, cross-platform threat hunting. As SentinelOne’s threat researchers track threat actors in the wild, their intelligence sources are curated, contextualised, and prioritised by WatchTower to deliver user-relevant and timely insights.
