Paul McEvatt, senior cyber-threat intelligence manager in UK & Ireland, Fujitsu
Paul McEvatt, senior cyber-threat intelligence manager in UK & Ireland, Fujitsu

Cyber-attacks continue to be the biggest threat facing businesses today. In the last year alone, two thirds of large UK businesses have been hit by a cyber-breach or attack[1] and this is expected to grow enormously over the next few years.

Organisations need to develop a smarter approach when it comes to cyber-security to combat today's advanced attackers. A great way to do this is to take advantage of artificial intelligence.

Cyber arms race

Traditionally, cyber-security solutions were driven by patterns that indicated when a particular attack was underway or when a piece of malware was resident on a machine. For several years these technologies worked to a degree in capturing malicious activity. However, attackers continue to develop mechanisms to subvert the security controls put in place by network defenders.

This arms race is real with network defenders on one side protecting their network and technology companies furiously writing signatures to combat the circumventions made by attackers and malware authors. Eventually, the development of attacks and malware became so prevalent that technology companies reported the number of malware variants was in the hundreds of millions each year; signature writers simply couldn't keep up. A change in approach is needed.

AI to save the day?

Security vendors have realised the power of the cloud and benefits of machine learning to augment their technologies with artificial intelligence (AI), recognising that instead of focusing on the details of a single piece of malware or a specific attack mechanism, AI could be used to identify a problem through the analysis of behaviour, trends, anomalies and complex patterns.

AI is developed on patterns and algorithms on the premise of understanding what good looks like so can quickly and easily identify anomalous behaviour without relying on signatures or daily updates. Centralising this intelligence ensures that algorithms are continually updated and companies across the world that use the same technology will be further protected resulting in bolstered defences. But this can go a step further.

Getting smarter with AI

Threat hunting is an advanced area of cyber-security that involves security analysts trawling computer networks for signs of intruders or insiders with malicious intent. This can be a time-consuming process as there are many avenues that an analyst may approach in trying to identify a problem that may not even be there.

AI can help make this process even smarter by learning everything about how a company's network operates normally or how an endpoint should behave and generate an alarm when something out of the ordinary happens. 

But organisations must not forget the human element. Just like automated machinery still requires humans to monitor, maintain and upgrade it, cyber-security will always require a human mind and a critical eye. As security technologies advance they enable network defenders to operate at a higher level, in the sense that, as attackers become more sophisticated AI can perform the ground work and allow analysts to dive more deeply into security logs. This is a significant change in approach for a security analyst as they shift from analysing a virus from a known signature to reviewing some anomalous network behaviour where something bad might have happened.

Forward planning with AI

AI is now an intrinsic part of the cyber landscape and a vital requirement for the modern security team to successfully capture today's advanced threats. AI provides many security benefits to an organisation and those that do not adopt it risk putting their business in line of fire from cyber-criminals. Combining machine learning and AI with key security processes can make all the difference in detecting a threat as near to real time as possible to prevent a significant breach that would have a huge impact to the business.  

Contributed by Paul McEvatt, senior cyber-threat intelligence manager in UK & Ireland, Fujitsu

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.