Tech Data Partners with Deep Instinct to Provide Deep Learning that Thwarts Cyberattacks

Posted by Yuda Saydun on May 15, 2019

Deep learning cybersecurity solution provides 100 percent prevention rate when a new virus or malware code is released.

CLEARWATER, Fla. (May 15, 2019)Tech Data (Nasdaq: TECD) today announced it has partnered with Deep Instinct, the first company to apply an end-to-end, deep learning framework purpose-built for cybersecurity. The deep learning cybersecurity platform provides enhanced protection by accurately predicting harmful known and unknown cyberattacks, terminating execution and preventing any possible damage. Through this partnership, Tech Data will offer Deep Instinct’s product line to customers in the U.S., Canada and Latin America.

“We believe artificial-intelligence (AI)-based deep learning tools are the next wave in advanced cyber protection,” said Alex Ryals, vice president of security solutions, Americas, at Tech Data. “Because these tools are autonomous and constantly learning, not only do they require fewer updates— but unlike typical machine learning tools, they also require no additional human intervention and feature engineering, which helps lower support and management costs. Providing options like Deep Instinct to our customers allows them to be on the cutting edge of security, while enabling them to concentrate on growing their businesses.”

Deep learning methods are based on the layers used in artificial neural networks and are modeled after how the human brain learns. Deep Instinct’s deep neural network learns to predict and prevent all types of cyber threats, both file-based and file-less, and its prediction capabilities become instinctive. As a result, both known and first-seen malware and advanced persistent threat (APT) attacks are predicted and prevented in zero time. The deep-learning-based model also achieves a much higher detection rate and lower false positive rate for new files, when compared with the best machine learning solutions available.

Deep Instinct is delivered with unmatched accuracy and speed anywhere in an enterprise ecosystem, leveraging the power of deep learning’s predictive capabilities to offer multi-layer protection across all endpoints, servers, mobile devices and operating systems (Windows, macOS, Android and ChromeOS). According to tests conducted by SE Labs, Deep Instinct had a 100 percent prevention and interception rate when a new virus or malware code was released, without interfering with system performance.

“Deep Instinct prevents cyber threats that others can’t find, and our deep-learning-based solutions are the only way security teams can prepare for both known and unknown cyber threats,” said Guy Caspi, CEO, at Deep Instinct. “As we embark on new routes to our market through this partnership, we trust Tech Data’s knowledge and ability to expand the reach of our offerings to security teams across the globe.”

Deep Instinct works with currently deployed products without interruption and is self-contained on endpoints so that it doesn’t need a network connection or human intervention to work. The solution also comes with a dashboard that allows technical teams to review and manage forensic events that have been prevented.

“We are excited by the prospect of Tech Data bringing AI-based deep learning tools to support security,” said Yuda Saydun, president of CyVent, an AI-driven solution provider and Tech Data channel partner. “Our customers are always looking for the best, most advanced solutions to support their security needs and based on what we have seen from Deep Instinct, our customers are going to appreciate the value this solution will bring to their organizations.”

Click to tweet: .@Tech_Data partners with @DeepInstinctSec to bring #DeepLearning to #cybersecurity. Learn more at http://investor.techdata.com/news-releases.

About Tech Data

Tech Data connects the world with the power of technology. Our end-to-end portfolio of products, services and solutions, highly specialized skills, and expertise in next-generation technologies enable channel partners to bring to market the products and solutions the world needs to connect, grow and advance. Tech Data is ranked No. 83 on the Fortune 500® and has been named one of Fortune’s World’s Most Admired Companies for 10 straight years. To find out more, visit www.techdata.com or follow us on Twitter, LinkedIn and Facebook.

About Deep Instinct

Deep Instinct is the first company to apply deep learning to cybersecurity. Deep learning is inspired by the brain’s ability to learn. Once a brain learns to identify an object, its identification becomes second nature. Similarly, as Deep Instinct’s artificial deep neural network brain learns to prevent any type of cyber threat, its prediction capabilities become instinctive. As a result, any kind of malware, known and new, first-seen malware, zero-days, ransomware and APT attacks from any kind are predicted and prevented in zero time with unmatched accuracy and speed anywhere in the enterprise—Network, EPP, Mobile—enabling a multi layered protection. To learn more, visit: http://www.deepinstinct.com.

 

Calculating ROI for Your Cybersecurity Project: How to Choose the Right Security Tools

Posted by Yuda Saydun on Feb 22, 2019

CyVent Cybersecurity ROICISOs and Board members face a balancing act as they look to build out strong security programs. What tools are truly worth the investment versus the costs of a damaging cyber attack? Though well-known, the potential repercussions of a data breach are still alarming. By some estimates, cybercrime damages are set to reach $6 trillion by 2021.

For both CISOs and Board members a thorough cybersecurity strategy is a critical way to address risk and promote business health and longevity. The risks at stake, in addition to regulatory scrutiny as well as compliance concerns - think GDPR - are motivating Boards to take a closer look, and they’re turning to CISOs for insight. The challenge for CISOs is selecting the best tools from a sea of offerings, and then working with the Board and senior execs to deploy them within the organization.

By calculating cybersecurity ROI, CISOs can quantify the value of a new security project to Board members, demonstrate how it aligns with the business’ overall strategic goals, and foster faster decision-making.

Calculating ROI for Cybersecurity

At a basic level, one way of calculating cybersecurity ROI involves taking the average cost of an incident and multiplying that number by how many incidents a business might experience in a given time frame. With an approximation of potential costs, companies can then assess whether the price of the solution and the reduction in incidents it will bring is worth the investment.

Of course, there are many more factors that come into play, which is why calculating cybersecurity ROI is notoriously challenging. The equation also has to represent issues at stake beyond dollars and cents, including potential loss of intellectual property, loss of reputation, and business disruption. There are numerous formulas for calculating cybersecurity ROI, and much research has been done on the subject. How to Measure Anything in Cybersecurity Risk by Douglas W. Hubbard and Richard Seiersen is a highly-recommended resource for an in-depth exploration.

The bottom line is that breaches are expensive. Calculating cybersecurity ROI starts a conversation about whether investing upfront to prevent a major disruption outweighs the small probability of a significant breach and its ensuing costs.

Benefits of Calculating Cybersecurity ROI

CISOs and boards benefit from calculating cybersecurity ROI as it helps them determine the value of an offering for their unique security environment. Many organizations already have upwards of twenty cyber tools in place. Why invest in another? Vendors regularly contact CISOs with solutions claiming to be the answer for new and emerging attack methods. Once the technical due diligence is done, determining ROI gives CISOs a method for evaluating a product, prioritizing among different options, determining what level of peace of mind it will bring, and what problems it will solve.

The next step for CISOs is to communicate their rationale to the board. Executives feel a growing responsibility for cybersecurity decisions, with regulatory, reputational, and business risk weighing heavily on their minds. The CISO’s voice is critical for communicating the reality of cyber risk and providing the leadership team with the information they need to make informed cybersecurity decisions. CISOs understand the board’s motivations and concerns and dedicate more time to craft a message that clearly articulates how cybersecurity fits into overall business strategy.

Embracing Security Tools with Proven ROI

No single cybersecurity solution can solve all of an organization’s security challenges. A layered approach is the best way to defend the entire attack surface. Recent advances in cybersecurity technology do offer powerful ROI and are resolving some of security professionals’ biggest challenges: the sheer volume and sophistication of attacks, the dwell time of many breaches, the high rates of false positives, the resources required for incident response, and the cyber skills gap.

Artificial intelligence (AI) and automation provide some of the highest cost savings opportunities in comparison to other technologies. Overall, AI is extremely adept at reducing the number of security incidents. As attackers begin to adopt AI, organizations that already have AI-based tools in place will be better able to stop them. In the immediate term, the rise of deep learning AI has already started to significantly move the needle towards preemption and the reduction of false positives, allowing security teams to focus on responding to only the most dangerous threats.

Automation streamlines the management of incidents that do penetrate a company’s defenses. When an attack is detected, workflows are already documented and automated, allowing IT teams to be more productive and efficient.

The cybersecurity landscape is truly complex. At CyVent, our mission is to support CISOs as they select and sort through the different offerings on the market. Calculating cybersecurity ROI helps prepare for the coming environment where the fight will be AI vs AI and companies that do not have the appropriate AI talent and tools may be at a disadvantage.

If you have questions about the tools on the market, we’re here with guidance and advice. Get in touch with our team.

Cybersecurity in Crisis

Posted by Yuda Saydun on Nov 20, 2018

Responding to Cybersecurity Threats: How to Assess Your Tools and Cyber Strategy

76687265_l-1080x736Cybersecurity is in crisis. Cybersecurity threats are becoming increasingly sophisticated and pervasive. Bad actors have access to all the latest technology and tools, including artificial intelligence, for free or very little cost. They have endless time and resources to send out millions of cyberattacks – and need only a single successful attack to reap a windfall. It’s asymmetric warfare, and the attackers’ tools just keep improving.

In response, dozens of new cybersecurity providers seem to enter the market every day. Artificial intelligence, new tools and easy access to information mean that innovation keeps accelerating daily. With cybersecurity threats regularly making headlines, and pressure on companies to secure their data (and customers’ data) growing, new cybersecurity providers barely need to advertise to gain customers’ attention. For the same reasons, venture capitalists are eager to fund cybersecurity firms. The traditional big players in the market are rushing to upgrade their outdated packages. It’s a noisy marketplace, and companies trying to protect their data and systems are confused about how best to do so.

How Companies Are Addressing Cybersecurity Threats

Companies have responded to the crowded cybersecurity marketplace in different ways. Some just bury their heads in the sand, deciding to deal with incursions when they occur, or to hope that they’re too small to be worth targeting with a cyberattack. Others are spending way too much money on cybersecurity, experimenting with every new product that hits the market.

Many companies believe that they already have all the tools they need to combat cybersecurity threats, but haven’t properly patched their existing systems, which need regular updates to combat ever-changing cyber threats. On top of that, many companies experience dozens of little attacks every day, from all sides, and it’s hard to know where to put resources.

But burying your head in the sand or sticking with old tools that don’t counteract today’s cybersecurity threats is simply not an option. And throwing money at whatever strikes a chord isn’t an effective strategy, either.

What Is an Effective Strategy for Managing Cybersecurity Threats?

Resolving the cybersecurity crisis starts with an honest cyber vulnerability assessment, either by your internal experts or by outside experts.

Ultimately, this cyber vulnerability assessment should give you a map of where your company is in terms of cybersecurity. Next, you’ll need a map of where you’re going. Your experts should prepare a plan that:

  • Closes your cybersecurity gaps over time
  • Analyzes the financial risks of not closing gaps and prioritizes closing the gaps that put the company at the most risk
  • Includes a company cybersecurity policy that every employee is expected to follow (much like a dress code or conduct policy)

This cyber vulnerability assessment and plan give you a framework for cybersecurity decisions. Armed with an understanding of your risk profile, your budget, your weaknesses and the consequences of various breaches, your experts should be able to recommend cybersecurity investments that will provide the best ROI for your company. The key is to remain true to this framework, even as new cybersecurity threats rear their ugly heads. Certainly, you want to maintain some flexibility, with strategies adjusting as truly required. But stick with what you know to be important to your business, and let that lead your investment decisions.

Wondering about your ability to respond to cybersecurity threats? Schedule a free, confidential assessment today.

Why Artificial Intelligence Is the Future of Cybersecurity

Posted by Yuda Saydun on Aug 28, 2018

Updated on May 7, 2019

To thwart cyber attacks, the traditional approach has been to focus on the perimeter to repel intruders. But over time the perimeter has become a sieve. Today’s hackers easily break through it or find ways around it. In fact, a new study by RiskIQ estimates the cost cybercrime at $1,138,888 per minute. AI cybersecurity solutions directly address these challenges, which is why many now view the technology as the future of cybersecurity.

Going Beyond the Perimeter Is the Future of Cybersecurity

Focusing on defending the perimeter has been akin to wearing a Hazmat suit in a hostile environment: Any small perforation, and you were doomed to unexpected consequences at the hands of hackers who had the time and intellect to play games with your critical assets.

Not only are perimeters fragile and the gap in available talent huge, but most IT teams are often so stretched for resources that they can’t keep up with the updates necessary to protect against the myriad attacks that can penetrate a company’s external defenses. WannaCry was just an example of that.

Over the years, computing speed has grown exponentially – with CPU multiplying by more than a million since 1991 – to the point where even a $5 Raspberry Pi Zero can now run deep learning algorithms. So it’s not a surprise that, in recent years, focus has shifted to using AI cybersecurity to complement traditional defenses in many ways and neutralize stealthy, unknown threats that may have already breached the perimeter before any irreparable damage to network or data is done.

Applying Artificial Intelligence in Cybersecurity

In AI cybersecurity programs, which are now being embedded in companies’ networks, endpoints and data are evolving into immune systems that allow internal defenses to shorten the dwell-time and pre-empt the devastation that can follow a breach.

While there is no need to abandon the perimeter, today’s smart CISOs are squarely focused on increasing their AI-driven pre-emption capabilities and boosting their own auto-immune systems. Artificial intelligence in cybersecurity is by no means perfect yet, but cybercriminals are already using automation and machine learning 24x7x365. In the never-ending cat-and-mouse game, AI is slated to continue gaining ground to build predictive capabilities and strengthen defenses for the foreseeable future.

If you would like to learn more about how AI is impacting the future of cybersecurity, click here to get in touch with our team.

Why Artificial Intelligence Is the Future of Cybersecurity

Posted by Yuda Saydun on Aug 28, 2018

Screen-Shot-2018-08-28-at-3.25.37-PMTo thwart cyber attacks, the traditional approach has been to focus on the perimeter to repel intruders. But over time the perimeter has become a sieve. Today’s hackers easily break through it or find ways around it. In fact, a new study by RiskIQ estimates the cost cybercrime at $856,000 per minute. AI cybersecurity solutions directly address these challenges, which is why many now view the technology as the future of cybersecurity.

Going Beyond the Perimeter Is the Future of Cybersecurity

Focusing on defending the perimeter has been akin to wearing a Hazmat suit in a hostile environment: Any small perforation, and you were doomed to unexpected consequences at the hands of hackers who had the time and intellect to play games with your critical assets.

Not only are perimeters fragile and the gap in available talent huge, but most IT teams are often so stretched for resources that they can’t keep up with the updates necessary to protect against the myriad attacks that can penetrate a company’s external defenses. WannaCry was just an example of that.

Over the years, computing speed has grown exponentially –multiplying more than 3,000x since 1991 – to the point where even a $5 Raspberry Pi can now run deep learning algorithms. So it’s not a surprise that, in recent years, focus has shifted to using AI cybersecurity to complement traditional defenses in many ways and neutralize stealthy, unknown threats that may have already breached the perimeter before any irreparable damage to network or data is done.

Applying Artificial Intelligence in Cybersecurity

In AI cybersecurity programs, which are now being embedded in companies’ networks, endpoints and data are evolving into immune systems that allow internal defenses to shorten the dwell-time and pre-empt the devastation that can follow a breach.

While there is no need to abandon the perimeter, today’s smart CISOs are squarely focused on increasing their AI-driven pre-emption capabilities and boosting their own auto-immune systems. Artificial intelligence in cybersecurity is by no means perfect yet, but cybercriminals are already using automation and machine learning 24x7x365. In the never-ending cat-and-mouse game, AI is slated to continue gaining ground to build predictive capabilities and strengthen defenses for the foreseeable future.

To learn more about how AI is impacting the future of cybersecurity, download this white paper from Darktrace: Machine Learning in Cybersecurity.

 

CyVent signs Partnership Agreement with 24By7Security

Posted by Yuda Saydun on Aug 9, 2018

24by7-partnership-224By7Security, Inc., a Cybersecurity advisory and consulting services firm, today announced that CyVent, an Artificial Intelligence-driven solution provider, has become a strategic partner, with the two companies offering complementary services to clients with a view to defending clients with end-to-end cybersecurity and cyber resilience services. By leveraging the unique capabilities of both companies, this partnership will make available to customers customizable high-quality cybersecurity services and sophisticated cybersecurity products and solutions at very competitive costs. It is particularly strategic that the two Cybersecurity companies announce their partnership from Las Vegas in this week of important Cybersecurity conferences like  DEFCON, Black Hat and BSides taking place here.

In a world where cyber threats endanger reputations, operations and intellectual property, CyVent provides some of the most advanced artificial intelligence-driven solutions.Their suite of cutting-edge security products including Cyberbit,  Darktrace, Minerva Labs, QRadar,  BigFix,  Guardium, MobileFirst and Cisco, among others, helps clients accelerate and automate their security capabilities.

24By7Security, Inc. is a premier Cybersecurity consulting services firm with a wide range of Cybersecurity services as part of their portfolio. These services include security risk assessments, vulnerability assessments, part time Chief Information Security Officer (CISO) services, social engineering testing, developing policies and procedures, end-to-end cyber incident response management, and Cybersecurity training for all industries.

“The alliance between 24By7Security and CyVent will ensure our clients success by helping them manage cyber risk, build resilience and better protect their critical assets,” said Yuda Saydun, President of Cyvent. He expects to provide unbiased advice to clients and help them simplify their selection process by leveraging 24By7Security’s deep expertise in consulting and experience in security risk assessments.

“We look forward to enriching our service offerings by being able to offer clients not only our team’s deep know-how and experience, but also the opportunity of evaluating a rich, diverse portfolio of security products and assisting them in identifying the most suitable mix of security infrastructure for their organizations,” said Sanjay Deo, President of 24By7Security, Inc. 

If you would like more information on how CyVent can help your business address its security needs, click here to get in touch with our team.

Source: http://www.kfmbfm.com/story/38849606/cyvent-signs-partnership-agreement-with-24by7security

ICS Cybersecurity: Using AI in Operational Technology Security

Posted by Yuda Saydun on Jun 18, 2018

Updated on May 7, 2019

Recent headlines have been abuzz with ICS experts warning of grid vulnerability to hacking. Digital threat actors have become exceptionally skilled at infiltrating every type of computer network. Industrial Control Systems (ICS) are no different: While ICS networks were generally thought to be more secure due to not communicating outside of the corporate network or on the internet, attackers have managed to compromise them and steal valuable production data.

Some of the most effective tools for ICS cybersecurity are the emerging technologies in Machine Learning and Artificial Intelligence. By combining real-time data monitoring with orchestration and automated response, AI/ML solutions are proving their value when compared to legacy systems and human-intervention driven response times.

A Real-World Example of Using AI for ICS Network Security

At the 2017 Black Hat Europe conference, security research firm CyberX demonstrated how data exfiltration was possible from a supposedly air-gapped ICS network. By delivering a payload of specific ladder logic code into Programmable Logic Controllers, the attack was programmed to send out copies of data through encoded radio signals which can be received by AM radios and analyzed by special-purpose software. As the communication channel is outside the TCP/IP stack, there is no encryption to safeguard the data once it’s captured.

How does AI respond to this threat? In this case, Machine Learning can be used to craft an algorithm which establishes a “normal” state and monitors traffic and configurations to compare against that state. This baseline can include network traffic, equipment settings, and even the source code of PLCs. With its continuous heartbeat checks, the algorithm can detect when the system deviates from the baseline and immediately alert security staff of the change.

Another real-world example involving operational technology security comes very recently from the ransomware attack on Norsk Hyrdo, one of the world’s largest aluminum producers based in Norway. The ransomware infected multiple systems across the organization in a number of locations.The company’s production environments were forced to stop production or change to manual systems. The ransomware supported the changing of administrator passwords, and as the majority of servers were under the same domain, the attack could spread more rapidly than if there had been a combination of network segmentation and separately administered domains. In the case of Norsk, an AI cybersecurity layer would have been able to spot irregularities in system access and lockdown channels before the hackers could manipulate the permissions.

AI and ICS Cybersecurity: Adding Value to Existing Systems

Where does AI fit into your existing ICS network security program? You already have the ICS equipment sectioned off on its own VLAN(s), firewalled, monitored, and protected by IDS/IPS, SIEMs, and other security tools. Where does it make sense to insert AI/ML into the equation?

The biggest advantage of implanting an AI solution for ICS cybersecurity is its real-time response and orchestration. AI tools don’t need to wait for security staff to make a decision. They don’t see a black and white picture of firewall rules which often miss malware traffic flying under the radar, masquerading as “normal” network signals. Machine algorithms can detect abnormal data exchanges and immediately respond to the threat, long before a SOC resource would be alerted. Some AI offerings can even monitor devices that don’t communicate over TCP/IP, creating powerful visibility into non-networked equipment.

A particularly interesting tool to protect industrial control systems is Cyberbit’s ScadaShield, a layered solution to provide full stack ICS network detection, visibility, smart analytics, forensics and response. ScadaShield performs continuous monitoring and detection across the entire attack surface for both IT and OT components and can be combined with SOC automation to trigger workflows that accelerate root cause identification and mitigation.

Large-scale processes operating at critical power generation, electrical transmission, water treatment, and refining sites, as well as major manufacturing plants are more at risk than ever.  The good news is that new developments in Artificial Intelligence and Machine Learning have created new ways to protect these systems and improve ICS cybersecurity.

If you haven’t already done so, this is a good time to consider adding an AI/ML solution to your security perimeter to take your prevention and response times to the next level. Click here to contact us if you would like to learn more about artificial intelligence in cyber security.

PHOTO CREDIT: UNSPLASH | RAMÓN SALINERO

Artificial Intelligence and ICS Cybersecurity: Filling Gaps in Operational Technology Security

Posted by Yuda Saydun on Jun 18, 2018

ramon-salinero-271002-unsplash-1080x720Recent headlines have been abuzz with ICS experts warning of grid vulnerability to hacking. Digital threat actors have become exceptionally skilled at infiltrating every type of computer network. Industrial Control Systems (ICS) are no different: While ICS networks were generally thought to be more secure due to not communicating outside of the corporate network or on the internet, attackers have managed to compromise them and steal valuable production data.

Some of the most effective tools for ICS cybersecurity are the emerging technologies in Machine Learning and Artificial Intelligence. By combining real-time data monitoring with orchestration and automated response, AI/ML solutions are proving their value when compared to legacy systems and human-intervention driven response times.

A Real-World Example of Using AI for ICS Network Security

At the last Black Hat Europe conference, security research firm CyberX demonstrated how data exfiltration was possible from a supposedly air-gapped ICS network. By delivering a payload of specific ladder logic code into Programmable Logic Controllers, the attack was programmed to send out copies of data through encoded radio signals which can be received by AM radios and analyzed by special-purpose software. As the communication channel is outside the TCP/IP stack, there is no encryption to safeguard the data once it’s captured.

How does AI respond to this threat? In this case, Machine Learning can be used to craft an algorithm which establishes a “normal” state and monitors traffic and configurations to compare against that state. This baseline can include network traffic, equipment settings, and even the source code of PLCs. With its continuous heartbeat checks, the algorithm can detect when the system deviates from the baseline and immediately alert security staff of the change.

Another real-world example involving operational technology security comes very recently from the ransomware attack on Atlanta’s municipal infrastructure, which involved encrypting city files, locking access to online services, and blocking the city from processing court cases and warrants. This is just the latest in a string of attacks on American cities. Previously, hackers gained access to Dallas’s tornado warning system and set off sirens in the middle of the night. In the case of Atlanta, an AI cybersecurity layer would have been able to spot irregularities in system access and lockdown channels before the hackers could manipulate the permissions.

AI and ICS Cybersecurity: Adding Value to Existing Systems

Where does AI fit into your existing ICS network security program? You already have the ICS equipment sectioned off on its own VLAN(s), firewalled, monitored, and protected by IDS/IPS, SIEMs, and other security tools. Where does it make sense to insert AI/ML into the equation?

The biggest advantage of implanting an AI solution for ICS cybersecurity is its real-time response and orchestration. AI tools don’t need to wait for security staff to make a decision. They don’t see a black and white picture of firewall rules which often miss malware traffic flying under the radar, masquerading as “normal” network signals. Machine algorithms can detect abnormal data exchanges and immediately respond to the threat, long before a SOC resource would be alerted. Some AI offerings can even monitor devices that don’t communicate over TCP/IP, creating powerful visibility into non-networked equipment.

A particularly interesting tool to protect industrial control systems is Cyberbit’s ScadaShield, a layered solution to provide full stack ICS networkdetection, visibility, smart analytics, forensics and response. ScadaShield performs continuous monitoring and detection across the entire attack surface for both IT and OT components and can be combined with SOC automation to trigger workflows that accelerate root cause identification and mitigation.

Large-scale processes operating at critical power generation, electrical transmission, water treatment, and refining sites, as well as major manufacturing plants are more at risk than ever.  The good news is that new developments in Artificial Intelligence and Machine Learning have created new ways to protect these systems and improve ICS cybersecurity.

If you haven’t already done so, this is a good time to consider adding an AI/ML solution to your security perimeter to take your prevention and response times to the next level. Click here to get in touch with our team today.

PHOTO CREDIT: UNSPLASH | RAMÓN SALINERO

Artificial Intelligence and Information Security: Fact vs Fiction

Posted by Yuda Saydun on Jun 4, 2018

Updated on May 7, 2019

Machine learning and artificial intelligence have exploded onto the cybersecurity scene over the last year. Software vendors and MSSPs are scrambling to bring their particular flavor of AI cyber security to market and claim their stake as industry leaders.

While AI has quickly become table stakes for an effective security posture, some of it can also seem to be overhyped in some respects. In this post, we’ll aim to cut through the superlatives and provide a few thoughts on the role of artificial intelligence in cyber security.

Artificial Intelligence in Cyber Security Does Not Replace Traditional Tools

By claiming that AI will replace traditional tools while lowering labor costs and probably making coffee at the same time, some advertising has put AI on a pedestal that it may not have achieved yet.

Here are some things that AI cyber security definitely will not replace. Security teams will still need to keep around:

  • Employee training and a security-sensitive culture
  • Smart policies and processes
  • Qualified architects, managers, engineers, and analysts
  • Rock-solid, layered infrastructure with effective controls around it

If you find yourself saying, “Wait, that’s 95% of my security program,” you’re right. Artificial intelligence in cyber security is a complement to a well-run cyber framework, not a replacement for it.

Must-Ask Questions When Evaluating AI Cyber Security Tools

We all have seen that technology can be promoted with grand promises backed by sometimes disappointing results. To avoid a dud in your AI implementation, you may want to sit down with your security team and your vendor rep to go over a few questions:

  • How do your AI algorithms actually work? How mature is the technology? What are its blind spots?
  • How well does it avoid false positives and false negatives?
  • How do you measure the incremental benefits and the expected ROI?
  • What outside support are we going to need to implement and maintain this?
  • How much additional training will we need to use this effectively?
  • Does it produce usable reports that actually mean something?
  • What results have your other clients seen from it?
  • Does it outperform what I already have, or will it be just another software bloating up my network?

Pitfalls to Avoid When Implementing an AI Cyber Security Solution

Adding software to your organization’s toolkit is rarely a trivial matter, and even less so when you’re dealing with AI. Here are some potential mistakes when deploying an AI cyber security tool:

  • Expecting a “set-and-forget” solution that will replace the whole security program: See the first section of this post.
  • Thinking that an in-house developed solution will be best-in-show without exploring other available options.
  • Expecting that the AI tool won’t require any customization or integration.
  • And possibly the most delicate one: Thinking it’ll all work out on automatic pilot without specialized AI expertise on your team or assistance from AI safety experts.

The fact of the matter is that it is no longer viable to delay implementation of robust AI cyber security tools. Bad actors have already started using AI.

A talented cybersecurity team and company-wide awareness trainings go a long way. Artificial intelligence in cyber security simply brings a needed support structure that can assist your teams to prevent attacks and accelerate mitigation if needed. As businesses undergo the digital transformation, it is imperative they also leverage new developments in cyber capabilities.

CyVent is a Certified Partner of Darktrace, a global leader in machine learning applied to cybersecurity, whose technology can detect and autonomously respond to cyber threats that legacy systems miss. Click here to contact us if you would like learn more about the role of artificial intelligence in cyber security.

The Role of Artificial Intelligence in Cyber Security: Separating Fact from Fiction

Posted by Yuda Saydun on Jun 4, 2018

adrien-milcent-192445-unsplash-1080x720Machine learning and artificial intelligence have exploded onto the cybersecurity scene over the last year. Software vendors and MSSPs are scrambling to bring their particular flavor of AI cyber security to market and claim their stake as industry leaders.

While AI has quickly become table stakes for an effective security posture, some of it can also seem to be overhyped in some respects. In this post, we’ll aim to cut through the superlatives and provide a few thoughts on the role of artificial intelligence in cyber security.

Artificial Intelligence in Cyber Security Does Not Replace Traditional Tools

By claiming that AI will replace traditional tools while lowering labor costs and probably making coffee at the same time, some advertising has put AI on a pedestal that it may not have achieved yet.

Here are some things that AI cyber security definitely will not replace. Security teams will still need to keep around:

  • Employee training and a security-sensitive culture
  • Smart policies and processes
  • Qualified architects, managers, engineers, and analysts
  • Rock-solid, layered infrastructure with effective controls around it

If you find yourself saying, “Wait, that’s 95% of my security program,” you’re right. Artificial intelligence in cyber security is a complement to a well-run cyber framework, not a replacement for it.

Must-Ask Questions When Evaluating AI Cyber Security Tools

We all have seen that technology can be promoted with grand promises backed by sometimes disappointing results. To avoid a dud in your AI implementation, you may want to sit down with your security team and your vendor rep to go over a few questions:

  • How do your AI algorithms actually work? How mature is the technology? What are its blind spots?
  • How well does it avoid false positives and false negatives?
  • How do you measure the incremental benefits and the expected ROI?
  • What outside support are we going to need to implement and maintain this?
  • How much additional training will we need to use this effectively?
  • Does it produce usable reports that actually mean something?
  • What results have your other clients seen from it?
  • Does it outperform what I already have, or will it be just another software bloating up my network?

Pitfalls to Avoid When Implementing an AI Cyber Security Solution

Adding software to your organization’s toolkit is rarely a trivial matter, and even less so when you’re dealing with AI. Here are some potential mistakes when deploying an AI cyber security tool:

  • Expecting a “set-and-forget” solution that will replace the whole security program: See the first section of this post.
  • Thinking that an in-house developed solution will be best-in-show without exploring other available options.
  • Expecting that the AI tool won’t require any customization or integration.
  • And possibly the most delicate one: Thinking it’ll all work out on automatic pilot without specialized AI expertise on your team or assistance from AI safety experts.

The fact of the matter is that it is no longer viable to delay implementation of robust AI cyber security tools. Bad actors have already started using AI.

A talented cybersecurity team and company-wide awareness trainings go a long way. Artificial intelligence in cyber security simply brings a needed support structure that can assist your teams to prevent attacks and accelerate mitigation if needed. As businesses undergo the digital transformation, it is imperative they also leverage new developments in cyber capabilities.

CyVent is a Certified Partner of Darktrace, a global leader in machine learning applied to cybersecurity, whose technology can detect and autonomously respond to cyber threats that legacy systems miss. Learn more about Darktrace’s capabilities in this white paper.