Browsing category


Artificial intelligence, Artificial Intelligence (AI), Automation, Chief Information Officer (CIO), Chief Information Security Officer (CISO), Internet of Things (IoT), Machine Learning, Malware analysis, Network Security,

Artificial Intelligence, Real Concerns: Hype, Hope and the Hard Truth About AI

Artificial intelligence (AI) is generating both interest and investment from companies hoping to leverage the power of autonomous, self-learning solutions. The Pentagon recently earmarked $2 billion in funding to help the Defense Advanced Research Projects Agency (DARPA) push AI forward, and artificially intelligent solutions are dominating industry subsets such as medical imaging, where AI companies raised a combined $130 million worth of investments from March 2017 through June 2018. Information security deployments are also on the rise as IT teams leverage AI to defeat evolving attack methods, and recent data suggests that AI implementation could both boost gross domestic product (GDP) and generate new jobs.

It’s easy to see AI as a quick fix for everything from stagnating revenues to medical advancement to network protection. According to a recent survey from ESET, however, new increasing business expectations and misleading marketing terminology have generated significant hype around AI, to the point where 75 percent of IT decision-makers now see AI as the silver bullet for their security issues.

It’s time for an artificial intelligence reality check. What’s the hype, where’s the hope and what does effective implementation really look like?

What Are the Current Limitations of Artificial Intelligence?

AI already has a home in IT security. As noted in the Computer Weekly article, machine learning tools are “invaluable” for malware analysis since they’re able to quickly learn the difference between clean and malicious data when fed correctly labeled samples. What’s catching the attention of chief information security officers (CISOs) and chief information officers (CIOs) right now, however, is the prospect of AI tools that require minimal human interaction to improve network security.

This comes down to the difference between supervised and unsupervised machine learning — current tools and technologies empower the former, but the latter is still largely out of reach. Without humans to monitor the input and output of systems, it’s possible for AI tools to capture and report basic system data, but beyond their scope to design intelligent threat response plans of the silver-bullet variety.

AI also has basic limitations that may be inviolate or may require a new research approach to solve. This is largely tied to experience: As noted by Pedro Domingos, professor of computer science at the University of Washington and author of “The Master Algorithm,” machines don’t learn from experience the same way humans do.

“A robot can learn to pick up a bottle, but if it has to pick up a cup, it starts from scratch,” said Domingos, as reported by Wired.

For AI to take the next step in its evolution, Domingos argued, “we’re going to need some new ideas.”

AI Is Smart Now, But Could Be Genius in the Future

The hard truth is that AI hype is just that: hyperbole. But that doesn’t discount the current iterations of AI already used by organizations. For example, the insurance industry leverages AI to calculate risk more accurately and, in concert with Internet of Things (IoT) devices, are developing usage-based policies tailored to the individual. As noted by Quartz, meanwhile, AI technology in development for breast cancer research is now able to achieve 99 percent accuracy at 30 times the speed of humans. Brain cancer analysis got a 21 percent accuracy boost from AI while cutting diagnostic time in half.

As noted above, there’s also a government push to better utilize AI. Part of that initiative takes the form of a DARPA project called the Artificial Intelligence Exploration (AIE) program. According to Defense One, a subset of the program focuses on creating “third-wave” AI systems able to “locate new data and scientific resources, dissect them for useful information, compare those findings to existing research, and then generate new models.” This ability to effectively outsource scientific modeling could be incredibly useful for security teams: Imagine AI tools capable of sorting through historic security data, mining for actionable insights and then creating new threat models based on their findings.

Simply put, despite the hype, there’s also hope for AI. This might take the form of completely new learning paradigms or continued refinement of existing principles. Either way, smart AI does have the potential for genius-level solutions.

The Keys to Implementing AI Solutions

Beyond what AI can actually do for CISOs and CIOs looking to shore up corporate security, companies must consider implementation: How can organizations effectively deploy AI solutions to maximize results? As noted by Gallup, they can start by pulling back the curtain on the basis of artificial intelligence. According to Nara Logics CEO Jana Eggers, companies must “stop thinking AI is magic. Simply put, it’s math with more equations and computation going on.”

What does this mean for deployment? That AI isn’t a cure-all on it’s own. Instead, organizations must have a culture of security and transparency that supports the deployment of AI tools. It’s also critical to create a culture of trust within the enterprise to achieve employee buy-in. Do this by demystifying AI and making employees part of the conversation rather than outside observers. This strategy aligns with recent findings that 55 percent of security alerts detected by AI still require human supervision.

Last but not least, encourage questions. After all, that’s the eventual goal of AI: To ask hard questions and create innovative answers. Employees and C-suite members need the same freedom to question whether current deployments are working as well as possible and ask what could be done to improve AI output.

Artificial Intelligence Beyond the Hype

Emerging AI hype has convinced many organizations that it’s a silver bullet for security, but adopting current-stage technology and expecting this result puts organizations at risk. While incredibly useful with human assistance, AI in isolation is no replacement for solid information security strategy.

Still, there’s promise here. Current developments in artificial intelligence are improving speed and accuracy, while new funding is earmarked to empower more analytic capabilities. Combined with a corporate culture that supports transparency and human agency, it’s possible to maximize the existing benefits of AI and lay the groundwork for the future of machine intelligence.

Read the Ponemon Study on AI in Cybersecurity

The post Artificial Intelligence, Real Concerns: Hype, Hope and the Hard Truth About AI appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Douglas Bonderud

Application Security, Artificial Intelligence (AI), Authentication, Automation, Behavioral Analytics, Endpoint, Endpoint Security, Industrial Control Systems (ICS), Industries, Industry, Internet of Things (IoT), IoT Security, Mobile Devices, Risk Management,

Overcoming the Electronics Industry’s Insecurity Over Industrial IoT Deployments

In December 2017, cyberattackers used TRITON/TRISIS malware to target safety instrumented system (SIS) controllers at a critical infrastructure organization. The malware was designed specifically to interact with the controllers, potentially to damage equipment and shut down operations, according to the New Jersey Cybersecurity & Communications Integration Cell. That attack underscored the risk of implementing industrial Internet of Things (IIoT) technologies. As their numbers grow, so does the potential for data exposure, production disruptions, reputational damage, intellectual property theft, and even injury and loss of life.

Current Industrial IoT Deployments Lack Key Security Considerations

Electronics manufacturing plants have become increasingly instrumented and connected, transforming into cyber-physical systems with the IIoT as a core cognitive component. IIoT devices and sensors embedded in physical assets churn out masses of data, providing insight into operations and highlighting opportunities to improve efficiencies. But between now and 2020, as reported by The Verge, IoT device manufacturers have no legal requirement to equip products with security features.

Connecting previously closed systems to the internet exposes new attack surfaces and security targets. Adding intelligent and automated manufacturing equipment and processes increases the number of access points for threat actors, competitors, nation states and even disgruntled employees. Although many risks can be addressed or mitigated, too many electronics companies deploy IIoT technologies without fully evaluating or protecting against the risks, and without preparing a fast and effective response to a breach.

Security Capabilities Must Keep Pace With IoT Solutions

To better understand IIoT security risks and implications in operational environments, the IBM Institute for Business Value (IBV) partnered with Oxford Economics to survey 700 energy and industrial executives in 18 countries. The report on the 269 electronics firms that participated, titled “Electronics Industrial IoT Cybersecurity: As Strong as Its Weakest Link,” benchmarks the level of IIoT technology adoption and explores associated cybersecurity risks.

The most common applications deployed by electronics firms are real-time equipment monitoring (65 percent) and predictive maintenance (58 percent), followed by asset/equipment monitoring and automation of machines and workflows. But across sectors, firms are implementing IIoT solutions faster than they’re securing them. Why? In many cases, they’re not confident in the combination of cybersecurity capabilities — the skills, controls, practices and protective technologies — needed to secure their businesses.

Follow the Leaders to Protect Environments and Detect Breaches

The IBV study found that 36 electronics companies are among the leaders in securing IIoT environments. These firms are in the top quartile of performance on three measures:

  1. Percentage of known IIoT vulnerabilities addressed by security controls.
  2. Cycle time to discover/detect IIoT cybersecurity incidents.
  3. Cycle time to respond to and recover from IIoT cybersecurity incidents.

These leaders have a better grasp on the security requirements of IIoT deployments and connected industrial control systems (ICSs) than the average enterprise. Furthermore, they stand out in their use of the following nine security practices to protect data, safeguard devices, and augment threat detection and response with automation and cognitive intelligence:

  1. Apply user privacy controls to IIoT devices.
  2. Use authentication to verify users on IIoT devices.
  3. Define clear service-level agreements (SLAs) for security and privacy.
  4. Inventory all authorized and unauthorized software.
  5. Use devices with built-in diagnostics.
  6. Automate scanning of connected devices.
  7. Secure device hardware and firmware.
  8. Use advanced behavioral analytics for breach detection and response.
  9. Use artificial intelligence (AI) technology to enable real-time monitoring and response.

A Custom Approach to Securing Industrial IoT Ecosystems

In terms of vulnerabilities, threats and incidents, there are notable differences among electronics industry sectors. For example, 37 percent of appliance manufacturers listed applications built on cloud solutions and IoT platforms as their greatest IIoT vulnerability, but these weren’t in the top three for any other sector. Appliance manufacturers also ranked unauthorized access or abuse of access credentials as the greatest IIoT-related threat and internal theft/fraud as the most common IIoT cybersecurity incident.

Regardless of sector, securing an IIoT ecosystem starts with a clear strategy that balances prevention and detection. Next, integrate security technologies into operational processes and apply intelligent and automated capabilities to deal with advancing and unknown threats. Finally, enterprises should have an incident response and communications plan in place so they can recover from a breach as quickly as possible and minimize damage to critical assets.

Read the report

The post Overcoming the Electronics Industry’s Insecurity Over Industrial IoT Deployments appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Martin Borrett

Artificial Intelligence (AI), Automation, Domain Name System (DNS), Incident Response, Incident Response (IR), Security Information and Event Management (SIEM), Security Intelligence & Analytics, Security Operations Center (SOC), Threat Intelligence,

Orchestrating Incident Response Beyond Triage and Enrichment

As incident response (IR) orchestration and automation solutions continue to emerge, many security teams are applying these technologies to streamline investigative tasks, such as incident escalation, triage and enrichment. This makes sense; by automating repetitive or time-consuming tasks such as threat intelligence lookups and security information and event management (SIEM) queries, security teams can free up their analysts to focus on more strategic tasks.

But the value of IR orchestration can extend well beyond initial response phases. When properly applied, orchestration can help security operations centers (SOCs) transform response across the entire incident life cycle. This includes automating remedial actions, such as resetting credentials and applying patches, as well as mitigating future attacks by updating firewalls or SIEM rules.

Expanded orchestration and automation, however, can bring increased risk of complications — automating the wrong workflows or having scripts break, for example. Building a solid orchestration function requires strategy, preparation and management. Here are three steps you can take to help expand your IR orchestration efforts beyond the initial investigation phases of response.

Establish an Incident Response System of Record

Remedial and mitigative actions, such as blocking IP addresses or updating firewall rules, carry serious potential consequences. By establishing an incident response platform (IRP) as a system of record for response processes, an SOC can increase the traceability of these actions and the accountability of their analysts while sharing knowledge about past incidents and the steps taken to resolve them.

Additionally, a system of record enables you to track the usefulness and quality of the tools your analysts use during an investigation, such as how often a threat intelligence feed returns useful information, or how many false positives your SIEM tool returns. This helps improve the quality of your tools over time.

Download the report on intelligent orchestration

Leverage Threat Scoring to Expand Automation

Many advanced threat intelligence tools provide a largely complete, accurate and in-depth assessment of the severity of an incident — including threat scoring and other probability-based metrics. These figures can be used to automate steps after an investigation.

For example, if your Domain Name System (DNS) tool provides a domain name generation score that tells you the likelihood that the domain was generated by a machine rather than a human — or the probability that a bogus domain is spoofing a legitimate domain — you can build rules around these scores to stop attacks more quickly.

Why You Need to Empower Your Human Analysts

To ensure that an automated response doesn’t accidentally disrupt or damage an organization — perhaps by blocking a legitimate website — SOCs should automate around human-based decision points until they know with near certainty that the automated process will work properly.

By integrating security tools with an IRP, SOCs can orchestrate response, giving their analysts the information they need quickly, empowering them to make the right decision, and then invoking automated actions as they see fit.

IR orchestration can easily deliver immediate efficiencies to security teams, but the potential value is much greater than that. With the right strategy and planning, your organization can build a fully orchestrated and intelligent SOC that can contend with today’s threats.

To learn more, watch the latest on-demand webinar from IBM Security and Cisco or download the Cisco apps now.

The post Orchestrating Incident Response Beyond Triage and Enrichment appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Ted Julian