Security strategies must undergo a radical revolution. Tomorrow’s security devices will need to see and operate internally among them to recognize changes in the interconnected environments and thus automatically be able to anticipate risks, update and enforce policies.
Devices must have the ability to monitor and share critical information and synchronize their responses to detect threats.
Sounds very futuristic? Not really. A new technology that has recently grabbed attention lays the foundation for such an automation approach. This has been called Intent-Based Network Security (IBNS).
This technology provides extended visibility across the entire distributed network and enables integrated security solutions to automatically adapt to changes in network configurations and change needs with a synchronized response against threats.
These solutions can also dynamically divide network segments, isolate affected devices, and get rid of malware. Similarly, new security measures and countermeasures can be automatically upgraded as new devices, services, and workloads are moved or deployed to and from anywhere in the network and from devices to the cloud.
The tightly integrated automated security allows for a general response against threats far greater than the total of all individual security solutions that protect the network.
Artificial intelligence and machine learning have become significant allies for cybersecurity. Mechanical learning will be reinforced by devices packed with information from the Internet of Things and by predictive applications that help to safeguard the network. But securing those “things” and information, which are ready targets or entry points for cybercriminals, is a challenge in itself.
The quality of intelligence
One of the greatest challenges of using artificial intelligence and machine learning lies in the caliber of intelligence. Today, Intelligence against cyber threats is highly prone to false positives due to the volatile nature of IoT.
Threats can change in a matter of seconds; one device can be flushed out, infect the next and then re-emptied back into a full low latency cycle.
Improving the quality of intelligence against threats is extremely important as IT teams increasingly transfer control to artificial intelligence to perform work that they otherwise should do. This is an exercise in trust, and this is a unique challenge.
As an industry, we can not transfer total control to an automated device, but we need to balance operational control with essential execution that can be performed by the staff. These work relationships will really make artificial intelligence and machine learning applications for cyber defense really effective.
Because there is still a shortage of talent in cybersecurity, products and services must be developed with greater automation in order to correlate intelligence against threats and thus, determine the level of risk to synchronize a coordinated response automatically.
By the time managers try to tackle a problem on their own, it is too late, even causing a major problem or generating more work. This can be handled automatically, using a direct exchange of intelligence between detection and prevention products or with assisted mitigation, which is a combination of people and technology working together.
Automation also allows security teams to allocate more time to the business goals of the company, rather than spending time in the routine administration of cybersecurity.
In the future, artificial intelligence in cybersecurity will constantly adapt to the growth of the attack surface. Today, we are barely connecting points, sharing information and applying that information to systems.
People are making these complex decisions, which require a correlation of intelligence from humans. It is expected that in the coming years, a mature artificial intelligence system may be able to make complex decisions for itself.
What is not feasible is total automation; That is, transfer 100% of the control to the machines so that they make the decisions all the time. People and machines must work together.
The next generation of “conscious” malware will use artificial intelligence to behave like a human, perform reconnaissance activities, identify targets, choose attack methods, and intelligently evade detection systems.
Just as organizations can use artificial intelligence to improve their security posture, cybercriminals can also start using it to develop smarter malware.
It guided by offensive intelligence set and analysis such as the types of devices deployed in the segment of a network, traffic flow, applications being used, transaction details or the time of day in which they occur.
The longer a threat remains within the network, the greater the ability to operate independently, to blend into the environment, to select tools based on the target platform, and eventually to take countermeasures based on the security tools found in the place.
This is precisely the reason why an approach is needed where security solutions for networks, accesses, devices, applications, data centers and cloud work together as an integrated and collaborative system.