June 26, 2019 By Kacy Zurkus 3 min read

Traditionally, information security has been about protecting the network against external threats. As innovation and the cloud have slowly chipped away at the perimeter, however, organizations have become challenged to defend against not only nefarious actors from the outside, but also malicious insiders within the company’s digital walls.

“With the evolution of modern techniques and exploitation of the end user, we are on the cusp of a new world where most threats resemble or leverage the insider one way or another, willingly or unwillingly,” said Adrian Peters, board member of the Internet Security Alliance. According to Peters, because convergence is driving security to the point where we need to focus on the data and entitlements, practitioners should be thinking about what that really means as cloud adoption within data centers and via external providers continues to increase.

Enter cybersecurity artificial intelligence (AI). In an interview with Information Security Media Group, Senseon Founder and CEO David Atkinson defined AI as “the aspiration to build machines that could emulate what we do as people.” The irony is that people make mistakes. To err is human. So how can we use AI to mitigate the risks that come directly from the poor cyber hygiene of human beings?

Knock Knock. Who’s There on the Network?

Determining who is on the network is a matter of critical importance in enterprise security. Given the number of passwords that have been leaked in data breaches, it’s increasingly more important for employees to use secure passwords. Unfortunately, many users haven’t fully adopted good password habits; they continue to reuse the same password across multiple accounts. Often, those passwords are weak, making it easier for an attacker to make an educated guess and gain access to the network.

Organizations first need to determine who their people are and what each of those individual users needs to access within the organization. Then, figure out how to deliver those processes in a quality, secure way — or, as Peters put it, “We now need to think from the inside out.” Cybersecurity AI offers significant progress in enabling this inside-out approach to authentication and identity management.

“AI is starting to give us the capability to establish user behavior, user patterns and why they are doing what they are doing,” Peters said.

Where Has All the Data Gone?

Another example of poor cyber hygiene is when organizations collect and store data endlessly — when there is no end to the data collected and no destruction of the data that is no longer serving a purpose. This lack of policy over the complete life cycle of data poses security risks to the organization in the event of a cyberattack. The use of cybersecurity AI gives a broader view of technology assets and identities.

“Through the output of a lot of the data tools, AI can now determine why certain pieces of data are labeled differently and trigger a certification or remediation,” noted Peters.

As a result, security teams can then look at why certain aspects of data are no longer being accessed and make more informed decisions about whether they are going to certify the confidentiality or integrity of that data.

The Challenges of Applying Cybersecurity AI

Of course, while AI is a very powerful tool to defend against cyberattacks, Atkinson noted that there are limitations to what AI can and cannot do. Applying AI is the application of complex mathematics to a complex and ever-changing data set. It has its challenges.

“Sorry to break this to you,” Atkinson said, “but people are weird and technology is weird. At the same time in enterprises, you have good attackers trying to behave normally. It takes a great deal of talent and a lot of specific engineering, but it’s a problem worth solving.”

By building AI models around the life cycle of the user, security teams can start to outline patterns for normal behavior and detect patterns that seem abnormal, but it’s indeed a learning process.

“If leaders of the organization are not thinking holistically yet, AI can be a beneficial tool that enables the security team to establish outliers around users and systems that are not following a pattern,” Peters said. AI has the ability to identify when users haven’t logged in or haven’t been on a network, but there is a process to building out these models, which takes time.

If You Build It, AI Can Help

No technology is perfect, but the use of AI and machine learning capabilities does help mitigate the risk of insider threats. In most cases, users aren’t acting maliciously, which is why building the models is critical to mitigating the risk of both insider and outsider threats.

Through the use of machine learning algorithms, security teams can see when a user’s risk posture spikes, then look to see whether there are additional abnormal activities, such as exfiltration of data, that would require further investigation to see if the user is acting maliciously or the account has been compromised.

By understanding that human behavior doesn’t really change, and will likely never evolve as rapidly as technology, organizations can consider the security solutions that will not only protect them from motivated attackers, but also mitigate the risks from human error. As AI technologies continue to evolve, they will be even more useful in authenticating users and identifying potential cyberattacks from the inside out.

More from Artificial Intelligence

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Cybersecurity Awareness Month: 5 new AI skills cyber pros need

4 min read - The rapid integration of artificial intelligence (AI) across industries, including cybersecurity, has sparked a sense of urgency among professionals. As organizations increasingly adopt AI tools to bolster security defenses, cyber professionals now face a pivotal question: What new skills do I need to stay relevant?October is Cybersecurity Awareness Month, which makes it the perfect time to address this pressing issue. With AI transforming threat detection, prevention and response, what better moment to explore the essential skills professionals might require?Whether you're…

3 proven use cases for AI in preventative cybersecurity

3 min read - IBM’s Cost of a Data Breach Report 2024 highlights a ground-breaking finding: The application of AI-powered automation in prevention has saved organizations an average of $2.2 million.Enterprises have been using AI for years in detection, investigation and response. However, as attack surfaces expand, security leaders must adopt a more proactive stance.Here are three ways how AI is helping to make that possible:1. Attack surface management: Proactive defense with AIIncreased complexity and interconnectedness are a growing headache for security teams, and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today