Moving away from a Deterministic to a Probabilistic approach in Cyber Security.



Credit: DNA India cybercrime

In this new age of cyber security the level of sophistication of the threats and malicious activities has significantly increased and the threats are becoming harder to detect and the damage caused in an enterprise has gone up many folds. Whatever security measures you may build around your organization today, the shocking reality is no system or infrastructure till today is hundred percent secure and neither we will be able to achieve such universal security at least in near future. Considering this reality, the modern security systems and platforms are essentially moving away from the traditional “deterministic” approach of dealing with security threats to a “probabilistic” kind of an approach. What that mean is, in traditional approach we used to be very certain of an attack that already happened and then only take necessary remedial actions or take a stand on how to deal with the situation. In contrary, in modern probabilistic approach using Artificial Intelligence & Machine Learning techniques we take a probabilistic approach to generate alert by continuously monitoring the network, devices and user behaviors even when we are not very sure of an attack or malicious activity. This approach provides an advantage over the traditional deterministic approach because of it’s predictive nature. The same applies to the security strategy and model that we implement in an enterprise while dealing with such cyber security threats.

The approach is very similar to how human body fights against intruders. If you consider our DNA which is essentially an information that can be damaged, altered or hacked by any external entities. Our immune system deals with those kind of attacks and risks everyday. Millions of viruses attack our DNA all the time but our body has an amazing security system which keeps monitoring the entire body even to the level of the DNAs all the time to safeguard us from any such attacks or threats. It generates early alerts and activates different hierarchies of defense mechanisms available in our immune system immediately to fight against such threats. The reason that our immune system is so effective because it knows what is internal and what is external to our body, i.e. what is part of us and what is outsider, like various viruses. And this is how it knows how to protect our body from the external attacks.

With the above philosophy in mind few of the leading cyber security companies leveraged the power of Artificial Intelligence and Machine Learning and developed their groundbreaking AI cyber defense platform which mimics the human immune system. These platforms are self-learning, capable of understanding what is normal and what could be an emerging threat in real time and can take remedial measures accordingly. They are also capable of automatically modeling every networks, devices, users and other asset behaviors in an enterprise and not only provides early alert of any probable threat but also provides threat visualization dashboard using tropological network projection techniques that allows security analysts to act on the security threats and thus preventing them rather than reacting to the attacks after it had actually happened. One example of such advanced platform which is worth mentioning here is Darktrace which uses “self-learning AI to identify and respond to in-progress cyber-threats”. This proactive cyber risk management approach in an enterprise can reduce the risk of attacks and its consequences dramatically by safeguarding it’s resources and users well in advance of the attacks.

I personally believe that the firewalls and “Signature based Models” such as conventional antivirus and other products are not going to be completely ineffective at least in near future as claimed by many of the cyber security experts. Rather we should build a layered approach wherein the firewalls and “Signature based Models” can be one level of security but there should certainly be an additional layer of AI and Machine Learning algorithms which is going to help identifying unusual activities, unusual data flows & patterns and suspicious buildups in an around your network and devices. This can tell you in advance with some degree of probability and confidence that there could be some security threat in your enterprise considering many such factors and thus shrink the attack surface which is otherwise simply impossible to deal with traditional approach.

Also, AI models once trained have the capability to detect the genome of many malicious entities. So, it can easily detect the advanced versions and different variances of such malicious programs. Any malware is often communicated within encrypted traffic through internet, and sensitive data passed across the cloud. AI can very well be used in this type of scenarios to be able to learn how to automatically detect unusual patterns in encrypted web traffic and can improve network security defenses dramatically. These category of products uses machine learning to process incoming threat samples to determine if they are malicious, based on the knowledge and the patterns that it learns everyday. It can determine how likely an incoming pattern is a new malware and accordingly it can trigger the analysis to create patterns and signatures of the new malware and incorporate it into the core security fabric which in turn distributes to the cloud or as an update to all the subscribers. AI powered malware scanner products are becoming increasingly popular because of their various advanced capabilities.

[This is just a snapshot, the full version of the article will be published soon in "The Banking & Finance post magazine” in physical as well as digital format]

Source: Deep Learning on Medium