Source: Pixabay

Cyber attackers have begun implementing AI and using machine learning techniques to launch more severe attacks than ever experienced.

The weakness of traditional solutions is that they rely on signature-based detection, which, obviously, cannot stand the test of time against modern attack models.

For instance, since signature-based detection only works for known threats, such legacy technologies are powerless in the face of rising zero-day attacks.

On the other hand, behavioral analysis via machine learning is training the cybersecurity system to recognize attack patterns. Once a series of actions exceeds the set baseline, the system triggers an alert.

According to a cybersecurity executive, “An average phishing attacker will bypass an AI-based detection system 0.3 percent of the time, but by using AI this 'attacker' was able to bypass the system more than 15 percent of the time.”

Therefore, it is very necessary for organizations to implement more sophisticated, machine learning-enabled cybersecurity tools and technologies to protect their network from incursion.

Machine Learning, Zero-Trust, and Software-Defined Perimeters

It is important to note that machine learning is a complementary technology to other cybersecurity technologies. In a similar vein, zero-trust security must be approached not as a product, but as a platform, more precisely, a strategy.

That’s why there are new technologies challenging legacy solutions and our traditional outlook of network security. A software-defined perimeter, for instance, exists as an alternative solution to VPN and to some extent, firewalls.

SDPs work by creating a virtual perimeter around network assets. However, what’s unique is that SDPs authenticate users themselves, rather than devices. 

By design, SDPs are zero-trust and operate on a need-to-know model, but combining them with machine learning for authentication provides an even greater level of network security. After all, access control is one of the main features of an SDP.

Machine Learning in Adaptive Authentication

One of the emerging applications of AI in cybersecurity is behavioral biometrics. This has proven useful in security authentication. 

With machine learning, authentication systems can be trained to detect suspicious activity based on the real-time intelligence of the authentication context. Such is what Risk-Based Authentication (RBA) aims to achieve. RBA works based on principles of zero trust and least privilege. 

The system assesses every login attempt for the likelihood of hacking based on the login behavior. RBA’s adaptive intelligence uses information about the device, device IP address, user location, etc. to calculate a risk score.

Depending on this risk score, access may be granted or restricted, or the system may request additional user credentials. RBA eliminates the trouble with passwords since a hacker knowing the right password is not a guarantee that access will be granted.

Machine Learning in Continuous Authentication

Based on the same behavioral biometrics adaptive intelligence, there’s continuous authentication, by which a user session is assessed in real-time for signs of a breach.

This solves a real challenge in cybersecurity authentication, where a hacker hijacks a legitimate user session. Like RBA, the continuous authentication mechanism bases its decision upon a risk engine.

Continuous authentication provides a means to determine when a login session, for instance, an online banking session has been attacked midway. To do this, it runs in the background, analyzing user behavior for suspicious quirks. 

The user is not interrupted in their operation or transaction until a suspicious activity is detected and the system has to implement a protection protocol, such as requesting them to re-enter their password mid-session. An example is Gartner’s Continuous Adaptive Risk and Trust Assessment (CARTA).

Source

Conclusion

There is a significant shift ongoing in the cybersecurity space. If cyber attackers must use AI to scale and strengthen their attacks, then organizations must do more with the same AI to defend their networked assets.

AI and ML applications in cybersecurity are forcing a rethink of cloud security, sometimes with new applications taking over completely from traditional solutions: SDP for VPN, Secure Web Gateways vs traditional firewalls, and so on.

These ML applications also empower newer approaches to network security including zero-trust, ‘zero leakage’, least privilege, need-to-know, etc. 

Traditional security solutions are more reactive than they are proactive. The introduction of AI into the ecosystem brings balance to existing cybersecurity frameworks.