Authored By John Maddison, Chief Marketing Officer and Executive Vice President, Products at Fortinet
In the cybersecurity space, there has always been an unfair advantage for cybercriminals. Adversaries only need to find one vulnerability to hack an entire system because all it takes is a single misconfigured device, or outdated operating system. Security teams, however, must stay alert to anticipate hundreds of types of attacks, and then block them on all devices throughout the network.
As the stakes get higher and businesses connect more devices and applications to the internet, leaders need to rethink how they approach cybersecurity. As IT teams revise their security strategies, there are three basic approaches they should keep in mind:
Start with Security
Rather than building a network and then overlaying security, start with security in mind. Today’s security policies need to flow seamlessly and enforce policies consistently across your distributed network, from your core network to the cloud, and from the OT network to your branch offices and mobile workers.
Exploit Cybercriminal Economics
Cybercriminals are subject to the same financial restraints as any organization. Profitability requires keeping costs and overhead lower than revenue. This means that most criminals prefer to target low-hanging fruit using known exploits because developing new tools and zero-day attacks are expensive. You can eliminate a lot of risk by doing the following: exercise good security hygiene, discover and remove security gaps, centralize visibility and control, settle on an integrated security framework based on interoperability, high performance, and deep integration, and segment the network to restrict or slow down the lateral movement of malware looking for data to steal and devices to exploit.
Fight Fire with Fire
Business and cybercrime alike operate at digital speeds. Many cyber events are successful because they happen faster than security systems can respond. This is especially true if human intervention is required in any step of the process. Instead, critical events need to trigger an immediate response. Of course, automation can only respond to known threats. And while adding machine learning allows automated systems to better identify unusual or abnormal behaviour and reduce false positives, the process is often slow.
The Critical Need for Artificial Intelligence
While automation speeds up response time and machine learning can identify indications of a possible threat, artificial intelligence (AI) can make human-like decisions in a split second and attempt to replicate the analytical processes of human intelligence to enable decision-making. Over time, AI can even begin to predict and prevent security events before they occur. However, using AI-enabled security to protect your system means taking a giant technological leap forward.
A true AI system requires networks that are combined with a deep-learning model that will enable the network to adapt and evolve. This extensive training process includes carefully providing massive amounts of increasingly complex information so it can not only identify patterns and develop problem-solving strategies, but also adjust those problem-solving algorithms when it encounters a new pattern.
Harnessing True Power of AI
In order to train an AI, there must also be an ANN network present, and a deep learning model that will accelerate data analysis. Only then can the AI make use of data to learn, adapt, and evolve.
Below is a quick checklist of what to look for:
A Massive ANN
Artificial neural networks (ANN) used to operate an AI system need to be comprised of millions or even billions of nodes to provide adequate processing resources.
Large Volumes of Data
Insufficient data can diminish an AI’s understanding of cyber threats and how to properly respond, resulting in an ineffective product that can make bad decisions about your security.
Supervised and Unsupervised Learning
The AI system needs to be continually fed massive amounts of labelled data so the system can learn how to recognize patterns and make decisions. The system is then fed unlabelled data so the AI system can begin to learn on its own by recognizing new patterns. Structured reinforcement is applied throughout to systematically improve AI performance through rewards for correct results. The process is then repeated with incrementally more sophisticated data.
Trained AI Instructors
Proper AI instruction and development requires individuals with years of training and experience.
It can take years of cycling through these processes before an AI program is ready for the field. But at the same time cybercriminals are constantly devising new ways to breach enterprise systems. That means AI training models cannot afford to be static. The system needs to be constantly infused with new models that branch off from existing information, based on new threats and techniques as well as new strategies for identification and resolution.
The learning curve for AI might be steep, but the advantages of a good AI-based security system are well worth the effort because it will give your organization an advantage over even the most sophisticated cybercriminals. It weaves security deep into the infrastructure, identifies and responds to the most advanced threats, and forces criminals to either go back to the drawing board, or more likely, look for a victim that does not have such an impact on their bottom line.