Story image

Q&A: Darktrace explains how AI influences cybersecurity

27 Mar 2018

What does artificial intelligence mean for cybersecurity today, and how is this likely to change over the next 10 years? What are the implications for conventional cybersecurity?

The fundamental value of AI is that it enables computers to deal with the increasing complexity and subtlety of cyber attacks. This is a significant benefit to cybersecurity defenders who are fighting to overcome their business’s own complexity, diversity and scale. 

The challenge for cybersecurity defenders to meaningfully understand and monitor a business is already beyond the ability of typically-sized security teams. That’s because every person and device behaves in a unique way, and they often number in the tens or hundreds of thousands spread across a country or the globe.

Asking cybersecurity teams to recognise the repeated patterns of previously known historical firewall or antivirus attacks is reasonable using conventional computing and software techniques. But asking these teams to identify the strange and the out-of-character actions that might be the hallmarks of a novel attack or a disaffected employee, is not so achievable due to scale and inability to guess everything that might go wrong.

And it’s not achievable using standard software programming approaches due to the overall complexity and subtlety of daily behaviours. This is why attacks can emerge within a business, having quietly been incubated for months or years, and become a crisis without anyone knowing about it until the attackers decide to reveal their crime.

Does AI facilitate new kinds of cyber attacks, and if so, what are they? Are these potentially more dangerous or threatening?

AI techniques will open up new opportunities for criminals to operate at greater scale and to pursue new models of criminality. For example, imagine a piece of malicious software on your laptop that can read your calendar, emails, and messages. Now, imagine that it is supported by AI that can understand all of that material and train itself to understand how you communicate with different people. It could then contextually contact your co-workers and customers, replicating individual communication styles to spread itself.

Perhaps you have a diary appointment with someone, and it sends them a map reminding them where to go and hidden in that map is some malicious software. Perhaps you are editing a document back and forth with another colleague and the software can reply while making a small innocuous edit and again include the malicious software. Will your colleagues open those emails?

Absolutely they will, because they will sound like they are from you and be contextually relevant. Whether you have a formal relationship, informal, discuss football or a new restaurant opening, all of this can be learnt and replicated. Such an attack is likely to explode across supply chains. If you want to go after a hard target like an individual in a bank or a public figure, this may be the best way.

Then there are situations where someone attacks all the connected smart TVs and video conferencing systems installed in meeting rooms across an organisation, like a law firm for example. Typically, these devices have substantially inferior security compared to a modern laptop. Say you then activate the microphones and stream the audio of meetings to an AI driven translation and transcription service – they type already available from Google and Amazon.

Given the transcripts of these meetings, a simple AI model could automatically alert the criminal to topics of interest such as unannounced deals or contracts or the details of preparations for a particular trial, and suddenly the criminal has easily scalable approaches for ambient surveillance of a company without having to actually listen to any meetings themselves.

Ambient surveillance has previously been the work of spies and not criminals not because it accesses uninteresting content, but because it doesn’t scale very well. AI completely changes this, taking advantage of the fact that businesses are busily engaged in the sprinkling of our environments with cameras and mics.

Third, data has become a proxy for the beliefs of an organisation. While the examples above are possible now, future attacks may involve deliberately altering data.

This might mean that an oil and gas firm’s executives bid for drilling and mining rights in the wrong location or a series of random bank account balances are subtly and consistently tweaked in the bank’s digital backups before being changed in operational systems resulting in an inexplicable set of books and major loss of consumer confidence. 

Such attacks are more elaborate and would rely on smart software that was able to manipulate data in a manner that is believable at first glance but that becomes disruptive at scale. It’s not unreasonable to believe this is achievable within the next decade through the application of AI.

To what extent can AI help to strengthen cybersecurity? Where are such approaches used in cybersecurity, and how might this change in the future? 

AI offers opportunity to supercharge cyber defence effectiveness and has an enormous role to play in exponentially improving existing protective approaches like anti-virus and firewall approaches. It is also enabling fundamentally new approaches that can learn the normal behaviour of everyone and everything, and respond to subtle changes indicative of emerging threats that are already within the business, but that can be handled before they become a crisis. 

Realistically, there are no other scientific developments on the horizon that can facilitate cybersecurity adapting to the ever-increasing scale, diversity and complexity of digital businesses in the foreseeable future.

Article by Darktrace director of technology, Dave Palmer.

New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.