State and local governments are looking at artificial intelligence as a way to manage and secure an overwhelming wave of data collected by government agencies today while freeing human beings to manage more subtle and complex aspects of cybersecurity challenges.
Alan Shark, executive director of the Public Technology Institute, says state and local security teams can use AI to free security analysts from the repetitive and time-consuming tasks of reading all the security logs from intrusion detection and intrusion prevention appliances, anti-virus software, URL filters and endpoints.
“AI software can detect anomalies on the network,” Shark says. “It can handle the boring jobs, like monitoring security cameras. AI can identify if somebody is acting suspiciously, or carrying a weapon.”
Shawn Murray, chief operating officer at the Information Systems Security Association, adds that AI can free security personnel to do higher-level development work, such as with the Internet of Things.
“I’d rather have my people working on other projects,” Murray says. “Designing security into IoT systems at manufacturing plants, as well as working on implementing IoT security law. For example, the state of California recently passed a law that any IoT product developed in California has to be designed with mandatory security requirements.”
Advanced Defenses Ferret Out Zero-Day Attacks
Derek Manky, chief of security insights and global threat alliances at Fortinet, says as threats become more customized, a greater percentage of attacks are zero-day. In response, he says, FortiGuard Labs has developed the Self-Evolving Detection System (SEDS), a machine learning AI program that features a continuous training model to autonomously collect, analyze and classify these zero-day threats.
Manky adds that FortiGuard Labs has classified between 28 and 40 percent of new malware tracked on any given day as previously unknown or zero-day.
“Cybercriminals are increasingly turning to automated and scripted techniques that exponentially increase the speed and scale of attacks,” Manky says. “Mapping networks, finding attack targets, determining where those targets are weak, blueprinting each target to conduct virtual penetration testing, and then building and launching a custom attack can be fully automated.”
Organizations also face challenges with polymorphic malware, malicious code that constantly changes to evade traditional anti-virus detection. Advanced threats and ransomware have become very good at implementing these strategies — polymorphism, as well as fileless malware and obfuscation techniques — that can detect and bypass signature-based software. Manky says the threat actors now use machine learning models to create new zero-day attacks that try to evade security controls.
But that’s what makes AI an incredibly important tool for threat protection.
“Only AI can detect zero-day threats based on behavior and other characteristics,” Manky says. “Automation enabled by AI also makes network security teams more effective by allowing them to focus on proactive threat prevention rather than reactive remediation.”
Robotic Process Automation Can Help Address the Talent Gap
In a recent report, "How do you protect the robots from cyber attack?" Ernst & Young estimates robotics will help fill an anticipated shortage of 1.5 million cybersecurity professionals in 2019. Robotic process automation helps to reduce the average time to detect a cyberthreat from 205 days to weeks or even days, the EY report says.
CIOs and CISOs “are challenged by tens and often hundreds of legacy technologies and applications that do not work well with one another. This leaves their people manually gathering data from multiple systems, copying information from one system to another and switching between far too many applications to complete a single task,” the report states. RPA can resolve those challenges.
When it comes to security operations, robotics can quickly and efficiently identify threats and vulnerabilities and prioritize the steps to remediate them. RPA then can automatically notify system and application administrators of the steps taken to address the problems and track compliance, according to the report.
Applying robotics to various cybersecurity mechanisms such as identity management also can improve operations. By automating digital identity and access, agencies can reduce dependency on help desk teams by automating management.
“It may deliver up to 8x improvement in automated request fulfillment time frames compared to manual processing,” EY notes.