Cybersecurity, or how to fight effectively thanks to artificial intelligence – Forbes France

Faced with the multiplication of attacks carried out by hackers targeting their information systems from the Internet, companies are trying to cope as best they can by acquiring new technological means to protect themselves against this scourge. AI and machine learning applications can offer an answer by detecting malicious agents infiltrating organizations’ IT systems.

The resurgence and sophistication of new threats, foremost among which are ransomware or cryptojacking (the extraction of crypto-currency) are pushing companies to engage further in digital security.

Cyber ​​threats are growing in importance every year. Cybercrime accounted for 69% of security system intrusions in 2019, 79% in 2020, and 82% in 2021[1]. The technologies available but also the need to process information in real time lead organizations to rely on Web applications present on a large number of devices. Cybercriminals easily and quickly adapt to new conditions to counter attacks. They deploy increasingly innovative methods to evade detection by security teams and steal money or sensitive data.

The question is no longer whether the company will be attacked, but when the occurrence will arise. We are aware of the immense challenge represented by this fight against cyberattacks. This is where artificial intelligence (AI) comes into play and with it, new forms of digital protection. Artificial intelligence has immense potential when it comes to combating cyber risk because it can analyze a large number of files at regular intervals to reveal possible risks. Artificial intelligence in cybersecurity constantly learns and improves security processes. From the data collected during previous cyberattacks, it identifies new threats.

When it comes to security, AI can identify and prioritize risks, quickly detect malware on a network, adequately resolve incidents, and detect intrusions before they happen.

The use of AI in the field of cybersecurity responds to the need to strengthen the quality of diagnosis but also the speed of intervention following an attack on an organization’s information systems. Among all the possible applications, there is an interest in the contribution of AI in the following areas:

Automated threat detection

AI can detect network attacks, malware intrusions and other cyber threats to stop the attack’s progression as quickly as possible and thus prevent it from spreading through an organization’s information systems before real damage occurs. are not caused, including to its partners, whether they are customers or suppliers. The AI ​​only needs a few seconds or minutes to analyze the relationships between threats such as malicious files, suspicious IP addresses or insider threats. The AI ​​immediately and autonomously (i.e. without human engagement) generates a defense patch as soon as an attack has been identified. Machine Learning algorithms detect situations outside of a normalized context or system performance anomalies that may indicate a security breach.

Cyber ​​data analysis and machine learning : AI is also used to analyze data in order to build models and thus make it possible to identify upstream the flaws in the management of the cyber risk of an organization. AI assesses the system quickly, multiplying problem-solving capability. It identifies weak points in the security network.

Data flow anomaly detection

Securing data while working thousands of pages is an impossible mission for a human. AI systems can detect anomalies in data flows in information systems allowing patterns to be analyzed to find similarities or differences on current actions. This approach can make it easier to detect anomalous behavior before it becomes malicious activity (e.g. someone trying to access confidential information when they don’t have the necessary permissions)

Development of secure software : The need for more sophisticated tools and technologies is becoming a defining issue due to the increasing number of cyberattacks. AI enables safer software by providing developers with real-time feedback on whether their code is closed or not.

Authentication security : depending on some applications, it is necessary to have

of a user connection. AI makes the authentication process more secure by using physical recognition technique. It relies on certain elements to recognize an individual such as facial recognition, fingerprint scanning, among other recognition techniques. Then, the AI ​​uses the main pieces of information collected in real time and detects whether the connection is authentic or not.

Global Security : With the threats facing corporate networks constantly evolving, cybercriminals are changing their approaches and other tactics to infiltrate an organization’s security network. The AI ​​deployed on the network will make it possible to counter its attacks as best as possible, especially if there are different attacks at the same time, such as phishing attacks, ransomware or even denial of service attacks.

On reading all these elements, we notice all the interest that the use of Artificial Intelligence can represent in the fight against cyber criminals. Indeed, analyzing large volumes of data, identifying polymorphic malware, spotting unusual behavior or even drastically reducing response times are all situations that Artificial Intelligence can handle with formidable efficiency. Some commentators are surprised at the irruption of AI in the protection of information systems. However, this is not a new element in the IT environment of organizations. For a few years now, the procedures for protecting company information systems have already integrated AI applications into antivirus software, antimalware, EDR solutions[2] firewalls, or even anti-spam like Google, which filters spam in Gmail using Deep Learning technologies.

The cloud is not the solution to fight against cyberattacks

By resorting to backing up their data in the cloud, most companies thought they were protected against cyberattacks. However, an ANSSI report[3] indicates that on the contrary the cloud makes companies even more vulnerable. Several reasons explain this situation.

First, with the Covid 19 crisis (it again…), the adoption of the Cloud in organizations has accelerated considerably. But as new cloud environments and services are deployed, thousands of identity-based permissions are created – many of which are ignored. This situation leads de facto to an increase in the level of the cyber threat. Attackers are able to detect hidden, misconfigured, or unused cloud permissions to improve cloud identification processes. Cyber ​​criminals then seek to divert to their own advantage all the computing power that the cloud can offer (for example, cryptocurrency mining).

In addition, defects in securing data contained in the cloud are still too often observed, as revealed by a study by Palo Alto Networks[4] recounting the ease with which some 2,100 unsecured cloud instances could be accessed in 2020-2021.

Finally, the Cloud can also be a source of constraints and difficulties in the event that users do not fully master the infrastructure and are therefore dependent on the service provider. Moreover, we can observe that it still happens too often that the methods of sharing responsibility still remain very opaque, with too many difficulties of intervention, investigation, detection and remediation of problems. We can also mention the location of data abroad which can have consequences in terms of data protection and sovereignty.

What developments can we expect thanks to AI?

In its current state of development, AI offers the possibility of analyzing the Meta Data of network flows within appropriate infrastructures. This makes it possible to provide robots with solutions that will intervene in an automated way without any human being being able to intervene. Thanks to Deep learning and automatic learning technologies, Artificial Intelligence can manage three to four times more data than conventional surveillance hard drives, retain a large volume of data over time and adapt to situations presenting a different source of information whether it comes from written, audio or video data.

This is why AI has become indispensable. To do without it today, it would take several dozen people dedicated to cybersecurity in all companies with a level of security knowledge equivalent to a SOC. It’s just not possible.

Conclusion :

Cybersecurity remains a complex issue, but AI can be a powerful tool to help protect against cyberattacks. Technologies are at the origin of most of the major innovations made in cyber defense in recent years and they make it possible to establish interesting bridges in human-machine collaboration, thereby broadening our knowledge, which advances cybersecurity in companies. At the same time, they have also enabled cyberattackers to develop new forms of intelligent and automated attacks.

As always in this kind of situation, the attackers have a head start on the defenders. The techniques used by hackers are increasingly sophisticated. It is becoming urgent that defenders take initiatives to improve environments, tools, processes, application domains to regain the advantage.

The AI ​​wars may have only just begun.

Article written by:

Pascal MontagnonDirector of the Digital, Data Science and Artificial Intelligence Research Chair (OMNES EDUCATION)

Eric BrownAssociate Professor – INSEEC Bachelor

[1] Global Threat Report 2022

[2] EDR: Endpoint Detection and Response

[3] ANSSI report: Panorama of the computer threat 2021 – March 9, 2022

[4] Palo Alto Networks. Malware Used by “Rocke” Group Evolves to Evade Detection by Cloud Security Products. January 17, 2019.

<<< Also read: Five misconceptions about cybersecurity >>>

We would like to say thanks to the author of this article for this incredible content

Cybersecurity, or how to fight effectively thanks to artificial intelligence – Forbes France

You can view our social media profiles here , as well as other related pages here