April 23, 2020

Leveraging AI to Reduce the Likelihood of a Cybersecurity Attack

Clearly, protecting the endless store of electronic information on networks the world over from the legions of cyber criminals working to steal and exploit it is an on-going challenge that will require the good guys to leverage all available technology. So, does AI have a role in this war? The short answer is: absolutely.  AI, and often more specifically, machine learning, are transforming the way security and IT teams conduct one of the most critical operations in cyber security:  vulnerability management.  AI in vulnerability management is becoming more essential, as the number of vulnerabilities on enterprise networks explodes, and it becomes impractical to meaningfully prioritize hundreds of thousands of vulnerabilities for intelligent remediation.

The article discusses several ways in which AI can be deployed to automate vulnerability management, a key pillar of effective cyber security.  Vulnerabilities are typically flaws in software that enable those with knowledge of the flaws to access and take control of the software, including access to any data the software uses or consumes. Finding those vulnerabilities is important, but even more crucial is remediating the vulnerabilities, or fixing them at closing the security gaps.  Since most enterprise networks - even those with exceptional security and IT teams - house thousands, tens of thousands, or even hundreds of thousands of vulnerabilities. Fixing or remediating all of them is not practical, so prioritizing the seemingly endless list of vulnerabilities is not only essential, but a strong candidate for the use of AI or machine learning.

For example, one area particularly ripe for AI in vulnerability management is the identification of business critical assets.  One reality of any enterprise network is that every asset (laptop, server, workstation, connected device, firewall, router) is not necessarily as important to the business as every other one. Until recently, identifying which assets are business-critical has been a tedious, manual effort.  Using machine learning, however, the behavior of IT and security team members can be recorded and used to automatically identify - with a solid degree of precision - which assets are getting the most attention and can therefore be assumed to be the most critical assets to the organization.

Another example is the identification of “outlier assets” on a network.  Experienced pen testers - as well as cyber criminals - know that certain assets on a network are softer targets for compromise than others. Moreover, these more attractive targets are often different in some way than other assets on the network. They stand out. Often, finding these outstanding assets is key to a successful breach, so knowing what those targets are is akin to having the opposing team’s playbook. From a VM perspective, vulnerabilities on these outlier assets can be appropriately prioritized so those targets are hardened in advance of an attack.  Identifying these assets without machine learning requires someone with extensive pen testing experience and the intuition to know where and how to find the outstanding assets, and even then, it can be difficult or near impossible to find them all on a large and complex network. But, with machine learning, the identification of outstanding assets can be automated, and the vulnerabilities on those assets prioritized for remediation.

These are just two of the 7 examples covered in this white paper, and those 7 are just some of the many ways AI can be leveraged to automate vulnerability management operations and reduce vulnerability risk.