Home Features Artificial Intelligence in Cybersecurity Operations

Artificial Intelligence in Cybersecurity Operations

Artificial Intelligence, AI, neural, machine learning

The attack surface is rapidly expanding and continues to evolve at an unprecedented pace. Cyberattacks are becoming more sophisticated and are proliferating at lightning speed. There are innumerable and varying cyberthreats that need to be detected, prevented, and analyzed to accurately calculate their danger or risk. One of the biggest challenges is that cybercriminals, state-sponsored attackers, cyber terrorists, and hacktivists are now using Artificial Intelligence (AI) techniques to circumvent many controls, gain privileged access to an organization’s confidential data, and erase their traces to avoid detection. They use AI to automate and enhance cyberattacks and expand their attack-surface. Furthermore, AI is going through continuous advancements that can yield a new chain of cyberthreats.

By Muhammad Tariq Ahmed Khan, Head of Information Security Audit, Internal Audit Division, Arab National Bank, Riyadh

In response to this unprecedented challenge, organizations (private and public) are inclined to adopt AI-based solutions to deal with cybersecurity risks/threats and to fine-tune their security posture efficiently and effectively. While the cybersecurity outlook appears bleak, there is an immediate need to augment AI technology, with the help of Machine Learning (ML) and Deep Learning (DL), with today’s cybersecurity threats and attacks landscape. This is necessary to cope with the constant battle against cybercrime.

AI and Cybersecurity – Key Considerations

Here are some key points to be considered while augmenting AI technology with Cybersecurity operations.

Firstly, organizations should focus on building a well-thought-out and integrated strategy, rather than merely deploying an additional burden on the network in the guise of best of breed AI technology. It is vital to ascertain realistic security requirements and business expectations, in addition to risks and success criteria to measure the success of implementation for deploying AI into cybersecurity.

Secondly, the quality of data input is an integral part of employing AI. So, data should be consistent, complete, and compact. In addition, a complete and accurate inventory of all devices, users, applications, and infrastructure, with all types of access to information systems, along with the business criticality, should be established. Combine data from multiple sources and fold it together, so it becomes cohesive enough – and then feed it to ML.

ML, a subset of AI, is an approach to the science of AI. It provides computers the capability to learn through experience, without being explicitly programmed. Basically, the idea is to supervise a machine so it can learn, find patterns, solve problems, and predict outcomes based on various algorithms available in ML. As an example, existing signatures of malware can be used to train ML algorithms to discover any zero-day or unknown emerging malware.

Thirdly, sometimes the algorithms do not predict and learn the right things but something else. In addition to available algorithms in ML, organizations should consider developing customized AI-based use-cases to analyze patterns and learn from them, to prevent similar attacks, and respond to changing behavior, per the organizations’ risk appetite. For example, AI-based use-cases can be developed to learn from malicious activities and stop attacks, to analyze mobile endpoints, to enhance human analysis, to automate repetitive tasks, and to close zero-day vulnerabilities. With this, ML is expected to predict the right outcomes with a minimum of 70% accuracy.

Improving the Accuracy

To achieve 90% accuracy, Deep Learning (DL) comes into the picture. DL is a subset of ML, where machines are capable of unsupervised learning. In DL, the machine’s algorithms learn through their own algorithms to reach decisions in real-time, without human intervention. A large amount of data stored and processed by various hosts on the network is analyzed, and decisions are made using predictive reasoning. It can understand the relationship between multiple events and then provide automatic threat scoring for compromised hosts. For example, DL can be used to distinguish between normal and abnormal traffic for anomaly detection. So, it can only be achieved by understanding, defining, and integrating the entire infrastructure (e.g. the network, applications, databases, hosts, etc.) with the AI solution.

As DL algorithms have been developed based on neural networks and layers, they function as an independent brain. The key to success lies in adequately managing the architecture of this brain.

AI is a need of the hour as a substitute for human decision-making, and it uses scientific algorithms and evaluations to form a decision. It plays a significant role in cybersecurity and has many advantages. It can think like an attacker, and as a result, enhance the security posture of a specific area. It can almost eliminate human error from the process and works efficiently and effectively in cases where there is a large amount of traffic and human involvement is not possible.

Organizations should use the combinations of supervised and unsupervised learning to make the most of AI. The key to success will be choosing the appropriate input that can be processed by the algorithms for making decisions automatically.

No matter how powerful and expensive the AI technology is, achieving effectiveness is limited to only specified desired outcomes. We have yet to see a machine that can function and learn completely on its own.

About the Author

Muhammad Tariq Ahmed Khan is Head of Information Security Audit, Internal Audit Division, Arab National Bank, Riyadh. He has more than 21 years’ experience in the Banking industry, in areas such as IT, Information Security, and IT Audit. He has a solid understanding and application of Risk-Based Audit methodology, ISMS (ISO 27001), ISO 22301, NIST and COBIT, IT & Information Security regulatory compliance. To his credit, Khan also has sound technical knowledge in various IT platforms and IT project management – with experience in Disaster Recovery and Business Continuity Management.


Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.