Press "Enter" to skip to content

AI to help security analysts stay ahead of threats, says IBM honcho

Artificial intelligence (AI) is known to mainly address static objectives such as facial and speech recognition. But cyber criminals are dynamic with their ways. So what are the options available?

According to Vikas Arora, IBM Cloud and Cognitive Software Leader, IBM India/South Asia, in the world of cyber security, we can all agree on one thing: Change is constant.

“We must continuously review what we did yesterday and identify ways to improve. As cyber attacks grow in volume and complexity, AI is helping under-resourced security operations analysts stay ahead of threats,” he said.

Three ways about it

There are three ways in which AI helps, Arora told BusinessLine recently:

1) Learn: AI is trained by consuming billions of data artifacts from both structured and unstructured sources, such as blogs and news stories. Through machine learning and deep learning techniques, the AI improves its knowledge to ‘understand’ cybersecurity threats and cyber risks.

2) Reason: AI gathers insights and uses reasoning to identify relationships between threats, such as malicious files, suspicious IP addresses or insiders. This analysis takes seconds or minutes, allowing security analysts to respond to threats up to 60 times faster.

3) Augment: AI eliminates time-consuming research tasks and provides curated analysis of risks, reducing the amount of time security analysts take to make the critical decisions and launch an orchestrated response to remediate the threat.

Testing new technology

Hence, to keep up with persistent adversaries, organisations must constantly try new technologies, like AI, in an attempt to find better ways to defend or proactively prevent an attack. They must assess their policies and enhance their methodologies daily.

Also read: ‘Cyber security has to be handled proactively’

For decades, we’ve programmed computers to recognise viruses, malware and exploits. Traditional, programmable security systems respond to requests, make determinations and analyse data according to predefined parameters. We continuously tune them to become more accurate, but it’s not enough. Adversaries constantly morph their attacks and find creative ways to breach defences, Arora said.

“What organisations need is the ability to detect the subtlest change in activity and analyse it with as much context as possible to distinguish and eliminate new threats. It takes constant monitoring and maximum use of data to find attacks and abnormal behaviour before damage is done,” he said.

Interpreting complex data

The world produces over 2.5 quintillion bytes of data every day, and 80 per cent of it is unstructured. This means that it is expressed in natural language — spoken, written or visual — that a human can easily understand but traditional security systems can’t.

In a global economy where value increasingly comes from information, data represents one of the most abundant, valuable and complex raw materials in the world.

“We now have the means to mine both structured and unstructured data, and continuously extract features and patterns to provide context in real time for improved decision making,” Arora said.

Cognitive and AI systems can interpret data, add to their base of knowledge from virtually every interaction, weigh probabilities based on a depth of insight and help organisations take action based on consideration of relevant variables, he noted.

Cognitive ultimately plays into a framework built on the basics of traditional security. Security intelligence is not going away; it’s a key building block of cognitive security. “What cognitive does is give us a way to triage threat intelligence and detection, and provide actionable information, at a speed and scale like never before,” he said.

Source: The Hindu