Cyber attacks continue to evolve at an ever-increasing pace. Threats have become more sophisticated and dangerous compared to just a few years ago. Relying solely on traditional detection engines leaves organizations exposed to incredibly damaging attacks. Organizations, therefore, face an urgent need to continually ramp up and improve their cybersecurity.
Incorporating AI in all four stages of the adaptive security cycle
Cyber security providers overcome this challenge by incorporating artificial intelligence (AI) into their unified, multi-layered security architecture. By doing so, the companies provide an ever-improving, intelligent system that doesn’t just detect, but actively prevents complex, sophisticated attacks.
Gartner lists the four stages of an adaptive security architecture as predict, prevent, detect and respond. In this blog entry, we’ll look at real world examples of how companies incorporate AI at each of the four stages to improve detection rates, reduce false positives and shorten response times.
Predicting an unknown cryptominer
Attacks tend to spread fast across organizations’ networks once the system has been breached, causing severe damage very quickly. Therefore, predicting attacks before they strike is critical.
Attackers frequently use a filename that is similar to legitimate, trusted programs (Mitre ATT&CK™ Technique: Masquerading) to deceive system administrators or security programs into thinking that the file is benign. However, legitimate processes sometimes use similar process names as well. Therefore, classifying an event as malicious based only on name similarity could lead to many false alerts – and result in genuine threats being missed.
To effectively and accurately identify new, unknown malware, cyber security providers developed a unique AI engine that evaluates the behavior of the process and then classifies it.
Preventing a new variant of the Fareit trojan
It is less costly to prevent an attack than to detect and remediate after the malware has breached the network and caused damage. This is why companies, like Check Point, have invested heavily in developing industry-leading threat prevention AI engines.
Fareit is a Trojan that has been in the wild since 2012. Its variants typically steal users’ sensitive information such as passwords, FTP accounts and other credentials stored in web browsers. Fareit was detected by Check Point’s dynamic emulation AI model, five days before it was first seen in Virus Total.
Stay tuned for additional examples on how AI is used in the detect and respond stages of the adaptive security cycle.