SECURITY NEWS
AI can be applied in 55 % cybersecurity countermeasures says Positive Technologies
Positive Technologies conducted a study on the key applications of Artificial Intelligence in cybersecurity. According to the report, AI can be utilised in more than half of the cybersecurity countermeasures presented in the MITRE D3FEND matrix. As many as 28 % of countermeasures already use AI assistance, and another 27 % will soon be covered by AI-enabled solutions currently in development.
With the help of Artificial Intelligence, defenders can proactively identify, predict, and prevent relevant cyberthreats. For example, AI helps protect against potential data breaches by recognising sensitive information in documents and flexibly adjusting their content to the task at hand and the user’ s clearance level.
Additionally, AI technologies can be used for automated security testing: for instance, in PT Dephaze, generative AI helps generate the most likely passwords for a specific target, analyse text files, and create a final report. Artificial Intelligence is most actively used in cyberthreat detection, for example, to analyse user behaviour, network traffic, and data on executable files. Experts believe that in the future, AI will help gather network intelligence, as well as detect and track software tools and services that might be unknown to the IT department and cybersecurity team.
Currently, organisations can keep their IT infrastructure data up to date with vulnerability management solutions, such as MaxPatrol VM. It is expected that AI will be able to simulate user and system behaviour, generate honeypots, and enable continuous biometric authentication more realistically.
A major advantage of AI-enabled cybersecurity tools is their ability to detect previously unknown threats. For instance, the behavioural analysis tool in PT Sandbox and the ML assistant called BAD, Behavioural Anomaly Detection in MaxPatrol SIEM have repeatedly demonstrated this capability. By analysing the emergence of anomalies and potentially dangerous behavioural patterns, the ML model helps identify zeroday vulnerability exploits and activity of unknown malware.
“ One of the goals of embedding AI in cybersecurity solutions is to create an autopilot that would speed up incident response while also significantly reducing the burden on cybersecurity personnel. This is particularly important given the talent shortage and the increasing number of cyberattacks using Artificial Intelligence,” says Roman Reznikov, Cybersecurity Research Analyst at Positive Technologies.
AI accelerates incident-related decision making by providing additional context to SOC teams: explaining security system alerts and offering advice. It also helps automatically create a response scenario to quickly thwart an attack, providing multiple options with varying degrees of human involvement.
However, the use of Artificial Intelligence in cybersecurity faces several challenges that require high-quality training data and the expertise of top-notch professionals.
On the one hand, novel AI modules help defend against cybercriminals, but they also represent a potential target for attackers. We recommend taking a responsible approach to the development and implementation of new technologies, carefully considering the risks, and following the general recommendations for personal and corporate cybersecurity.
Experts believe that in the future, AI will help gather network intelligence, as well as detect and track software tools.
12