AI Is Critical for Automation of Cybersecurity Threat Detection and Prevention

IT web | May 26, 2020

  • In one form or another, artificial intelligence (AI) plays a role in the majority of technology today, and cyber security is no different.

  • This capability has become critical in the ongoing war on cyber crime. As the potential for AI and machine learning is further explored.

  • The threats are more sophisticated than ever before, and the use of deep learning and AI to breach security systems is becoming an increasing reality.


In one form or another, artificial intelligence (AI) plays a role in the majority of technology today, and cyber security is no different. Anything that makes use of any form of behavioural analytics will inevitably require the use of algorithms for calculating probabilities, central to the ability to make predictive insight. This capability has become critical in the ongoing war on cyber crime. As the potential for AI and machine learning is further explored, we will see it taking a central role in automating threat detection and prevention, among other areas. One of the main reasons why AI has become critical in fighting cyber crime is that cyber criminals themselves are making use of it.


The threats are more sophisticated than ever before, and the use of deep learning and AI to breach security systems is becoming an increasing reality. One example of this is called a deepfake, which uses AI to replace a person’s face or voice in a video – the implications of this are significant. In fact, there was an example of a successful deepfake attack in the UK in 2019, where criminals employed AI-based software to replicate a CEO's voice to execute a cash transfer of €220 000. Using AI, cyber criminals can also gather incredibly detailed personal information from the Internet and social media, allowing them to conduct ever more in-depth social engineering. AI could also be used to improve the success rate of phishing scams. These are currently fairly easy to spot because they typically display poor spelling and grammar, but using AI can dramatically improve this, and learning algorithms mean they will only get better.



Learn more: HOW CSOS CAN PROTECT USERS FROM PHISHING ATTACKS RELATED TO COVID-19 .
 

“AI is being used by cyber criminals, which means it is essential to counter any attacks. In addition, the ability to better predict threats before they happen and shut down attacks faster is central to enhanced cyber security, AI is beginning to play a major role in cyber security and this role will continue to grow and evolve through 2020 and in the future.”


Added to this is the fact that AI can generate attacks far faster than any human could, so the potential of the threat cannot be ignored. Aside from countering AI-based threats with equally intelligent tools, AI has become critical in managing the sheer volume of attacks and potential attacks. With the number of attempted breaches constantly increasing, human cyber security teams have an increasingly challenging task when it comes to monitoring threats and determining which ones merit closer attention. According to the report: The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation: “Machine learning approaches are increasingly used for cyber defence” to learn from known threats and predict how new and future threats might manifest. ML is also used to detect suspicious behaviour and flag areas that may need closer attention.

“AI has applications across networking and endpoint security products, threat detection and incident response, removing much of the human element, which is where the potential for error creeps in.”


Trying to analyse and understand this vast amount of data in time to make a difference to counter the threat is impossible for humans alone. AI and machine learning can be effectively harnessed to automate these activities, sort through the millions of malware files, learn the characteristics of attacks and help to prevent new ones. AI can also be used to analyse voices and writing styles to ensure that people are who they say they are, for improved authentication. Focusing your attention in the right place .AI has applications across networking and endpoint security products, threat detection and incident response, removing much of the human element, which is where the potential for error creeps in. Automation is also essential in ensuring that software is patched and kept up to date with the latest malware signatures to shore up potential vulnerabilities.


With the number of attempted breaches, it is all but impossible to protect against each and every one. It is vital to ensure that your most critical resources are adequately protected, but it is just as important to be able to respond to a successful breach effectively. Basic controls need to be in place and detection and response need to be improved to control the threat, shut it down and minimise the damage. AI is being used by cyber criminals, which means it is essential to counter any attacks. In addition, the ability to better predict threats before they happen and shut down attacks faster is central to enhanced cyber security. AI is beginning to play a major role in cyber security and this role will continue to grow and evolve through 2020 and in the future.


Learn more: NEW CYBER THREAT INDEX SHOWS INDUSTRIES ARE UNDER ATTACK IN UNCERTAIN TIMES .
 

Spotlight

"The ubiquitous use of mobile devices results in a mixture of corporate and personal data stored on devices that are online continuously, seamlessly connecting to the closest available network, downloading and uploading data whenever possible, and carried with users continuously. This trend has radically changed the landscape of data protection.
Complicating that proposition is an abundance of applications for mobile devices designed to empower productivity from a small footprint."


Other News
DATA SECURITY

DoControl Integrates with Box to Transform SaaS Data Access Security

DoControl | August 03, 2022

DoControl, the automated Software as a Service (SaaS) security company, today announced an expanded integration with Box, the leading Content Cloud, that adds a foundational layer of granular controls to protect sensitive data and provide comprehensive data access security. The solution further secures cross-application, business-critical data, and files accessed by every identity and entity, both internal employees and external collaborators, allowing for content collaboration to be achieved securely. Recent research found that nearly half of enterprise tech leaders find too much time is spent on manually provisioning and managing apps. In addition, it found other pain points around managing SaaS, including a lack of visibility, data exposure, and unmanageable access. DoControl No-Code SaaS Security Workflows Engine supports organizations in mitigating ongoing risk consistently, with the customization level required to effectively balance security with business enablement. "By partnering with Box, we will help customers confidently maintain business continuity and mitigate the risk of data breaches, overexposure, and exfiltration. "Security teams can effectively extend least privilege to the SaaS data layer and utilize a risk-based approach in securing their Box instances through the prioritization of identities that present higher levels of risk." Adam Gavish, CEO and Co-Founder of DoControl "Organizations today need products that are inherently secure to support employees working from anywhere," said Fred Klein, Vice President of Business and Corporate Development at Box. "At Box, we continuously strive to improve our integrations with third-party apps so that it's easier than ever for customers to use Box alongside best-in-class solutions. With today's integration with DoControl, we are taking that mission one step further to enable our joint customers to have more granular security controls over who has access to their business-critical content." Key joint solution capabilities include: Comprehensive asset management: Gain full awareness of every entity that is accessing corporate data within Box to identify what needs to be protected; Real-time monitoring and control: Monitor every user activity in real-time, with self-service tooling to detect and respond to immediate threats; Automated remediation: Establish data access control workflows that are future-proofed, consistently enforced, and allow for secure file sharing between all internal and external users. About DoControl Founded in 2020 and headquartered in New York, DoControl is an automated data access controls platform for SaaS applications, improving security and operational efficiency with ease for enterprises. DoControl is backed by investors Insight Partners, StageOne Ventures, Cardumen Capital, RTP Global and global cybersecurity leader CrowdStrike's early stage investment fund, the CrowdStrike Falcon Fund. The company's leadership team combines product, engineering and sales experience across cybersecurity, enterprise and SaaS innovators.

Read More

SOFTWARE SECURITY

NowSecure Integrates with GitHub Dependabot for Developer-First Mobile Software Supply-Chain Security

NowSecure | July 06, 2022

NowSecure, the leading standards-based mobile app security and privacy software company, today announced a new GitHub Action for Dependency Graph integration to bring automated mobile app Software Bill of Materials (SBOM) generation to developer workflows directly inside GitHub. Now iOS and Android mobile app developers can gain visibility into the components, third-party libraries and frameworks they use and ensure their proper version, security and privacy as they build them — all to deliver high-quality, secure mobile app releases faster. GitHub,the leading software development platform for more than 83 million developers, announced new extensions for dependency information in the GitHub Dependency Graph with new GitHub Actions. As a recognized leader in mobile app security, NowSecure has delivered the first automated dynamic mobile app SBOM solution integrated into GitHub Dependency Graph. The NowSecure GitHub Action for Mobile SBOM to populate the GitHub Dependency Graph is now available in early access via the GitHub Marketplace. In addition, the NowSecure Platform can now be purchased through Microsoft Azure Marketplace. As part of the early access program, all GitHub mobile developers can request a free scan for dynamic SBOM generation into GitHub Dependency Graph. Underlying the urgency of managing software dependencies, software supply-chain attacks in 2021 grew by 650% with major incidents from SolarWinds, Microsoft, Kasaya, log4j and others. White House Cybersecurity Orders in 2021 identified critical risks in the global software supply chain and set out requirements for government agencies to establish standards and policies for securing the software supply chain. "Developers want to deliver innovative, high-quality mobile applications fast," said NowSecure CEO Alan Snyder. "This means they need a developer-first, easy to use and accurate mobile security solution embedded directly in their dev workflows. While mobile developers depend on third-party code for innovative experiences, complex functionality and time to market, they must ensure the code they use is up to date and secure. We are excited to extend our partnership with GitHub and the community by adding dynamic SBOM generation into GitHub Dependency Graph to help developers protect their software supply chain." NowSecure offers two GitHub Actions for automated mobile app analysis and mobile app SBOMs. The NowSecure GitHub Action provides automated static and dynamic security analysis of iOS and Android mobile apps built in any language or framework including Swift, Objective-C, Java, Kotlin, Dart, React-Native and more. The NowSecure GitHub Action for Mobile SBOMs generates component detail for visibility into the libraries/frameworks included in all mobile apps, identifying transitive dependencies, pinpointing libraries/frameworks that are using older versions, identifying components that remain but may have previously specified to be removed, and uncovering component license details. "The NowSecure GitHub Action for Mobile SBOM populates the GitHub Dependency Graph with mobile data so that in the future GitHub Dependabot alerts can update dependencies to the latest and more secure versions of libraries in mobile apps. "Furthermore, comparing SBOMs and dependencies from different versions of a mobile app provides insight into changes made by the developer over time that may require further analysis or help identify technical debt. Overall, we've been very impressed with GitHub's implementation, enabling third-parties to extend the Dependency Graph and Dependabot to support new ecosystems like mobile." NowSecure CTO David Weinstein "The software supply chain starts with the developer. Extending automated visibility into your SBOM means developers can significantly reduce their usage of vulnerable software dependencies as well as be confident in shipping new mobile features and products with security built in by design," said Jose Palafox, Director of Business Partnerships at GitHub. The NowSecure GitHub Action for Mobile SBOM early access program for GitHub Dependabot Graph is part of the world's most comprehensive suite for mobile app security including NowSecure Platform for continuous security testing in the development pipeline for DevSecOps, NowSecure Workstation kit for pen tester productivity, NowSecure Supply Chain Risk Management, NowSecure Pen Testing Services, and NowSecure Academy training courseware for dev and security teams. Built on a foundation of standards and automation, NowSecure empowers organizations to deliver secure mobile apps faster and continuously monitor their mobile app supply chains for risk. Top mobile innovators, global businesses and agencies trust NowSecure to secure their mobile apps including AT&T, Caribou Coffee, Chime, iRobot and Uber. About NowSecure As the standards-based mobile app security and privacy company, NowSecure protects the Mobile App Economy. The world's most demanding organizations, innovative mobile developers and advanced security teams entrust NowSecure to safeguard millions of mobile app users across banking, insurance, high tech, IoT, retail, hospitality, energy and government sectors. Only NowSecure delivers the full solution suite of continuous security testing for DevSecOps, mobile app supply-chain monitoring, expert mobile pen testing and training courseware with the depth, speed, accuracy, and efficiency to meet modern business demands. Dedicated to the open-source community and standards including OWASP, ioXt and NIAP, NowSecure is SOC 2 certified and recognized by IDC, Gartner, Deloitte Fast 500, and TAG Cyber.

Read More

DATA SECURITY,PLATFORM SECURITY

Resecurity Named as One of America's Fastest-Growing Private Cybersecurity Companies by Inc. Magazine

Resecurity | August 19, 2022

Resecurity, Inc., a cybersecurity company based in Los Angeles, California, was recently recognized by Inc. magazine's annual Inc. 5000 list, the most prestigious ranking of the nation's fastest-growing private companies. Ranked as one of the fastest-growing private cybersecurity companies, Resecurity was number 2477 on the list for achieving 234 percent of revenue growth in past three years. The list represents a unique look at the most successful companies within the American economy's most dynamic segment—its independent small businesses. Intuit, Zappos, Under Armour, Microsoft, Patagonia, and many other well-known names gained their first national exposure as honorees on the Inc. 5000. Among the 5,000, the average median three-year growth rate soared to 230 percent and total revenue reached $317.2 billion. Together, those companies added more than one million jobs over the past three years. The recognition comes after a record year for the company, including a recent acquisition of Cybit Sec, a vulnerability assessment and penetration testing company, and the launch of their latest product offering, the Digital Identity Protection Platform. Resecurity has fueled its growth with strategic investments into R&D, expanding its international and channel sales presence, and scaling its industry partnerships. "The Inc. 5000 list is home to some of the most innovative companies in the market today. Resecurity is proud to have earned a top spot on this prestigious list. This growth is a testament to cybersecurity's critical role in the future. We're committed to accelerating this growth with strategic partnerships and investments in R&D, allowing us to help more individuals and enterprises combat ever-evolving cyber threats." Gene Yoo, Resecurity CEO Resecurity's SaaS solution combines XDR/endpoint protection, cyber threat intelligence and digital risk management, enabling customers ranging from Fortune 500 corporations to governments to protect their ecosystem. The innovative platform allows administrators to reduce potential blind spots and security gaps by quickly seeing in-depth analysis and specific artifacts obtained through the dark web, botnets activity, network intelligence and high-quality threat intelligence data. "The accomplishment of building one of the fastest-growing companies in the U.S., in light of recent economic roadblocks, cannot be overstated," says Scott Omelianuk, editor-in-chief of Inc. "Inc. is thrilled to honor the companies that have established themselves through innovation, hard work, and rising to the challenges of today." Methodology Companies on the 2022 Inc. 5000 are ranked according to percentage revenue growth from 2018 to 2021. To qualify, companies must have been founded and generating revenue by March 31, 2018. They must be U.S.-based, privately held, for-profit, and independent--not subsidiaries or divisions of other companies--as of December 31, 2021. (Since then, some on the list may have gone public or been acquired.) The minimum revenue required for 2018 is $100,000; the minimum for 2021 is $2 million. As always, Inc. reserves the right to decline applicants for subjective reasons. Growth rates used to determine company rankings were calculated to four decimal places. About Resecurity Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence. Known for providing best-of-breed data-driven intelligence solutions, Resecurity's services and platforms focus on early-warning identification of data breaches and comprehensive protection against cybersecurity risks. Founded in 2016, it has been globally recognized as one of the world's most innovative cybersecurity companies with the sole mission of enabling organizations to combat cyber threats regardless of how sophisticated they are. Most recently, Resecurity was named as one of the Top 10 fastest-growing private cybersecurity companies in Los Angeles, California by Inc. Magazine. An Official Member of Infragard, AFCEA, NDIA, SIA, FS-ISAC, the American Chamber of Commerce in Saudi Arabia (AmChamKSA) and Mexico (AmChamMX).

Read More

PLATFORM SECURITY

Searchlight Security Elevates Dark Web Intelligence to Board Level with New Automated Reporting

Searchlight Security | August 02, 2022

Searchlight Security, the dark web intelligence company, has introduced new automated reporting functionality into its DarkIQ dark web monitoring solution to help security analysts and MSSPs to quickly and easily communicate external threats to executives. DarkIQ is a powerful dark web monitoring solution that utilizes the most comprehensive dark web dataset on the market, and the only one that includes dark web traffic to and from the organization’s network. It takes the attributes that are most important to a business - including employee credentials, software, devices, IP addresses, network components, and company datasets - and alerts organizations to their presence in deep and dark web marketplaces, forums, and conversations, which could indicate an imminent attack. This threat intelligence is specific to the organization, removing “alert fatigue” and allowing security teams to prioritize the most urgent threats to the business. DarkIQ’s new automated reporting function builds on its existing capabilities by helping analysts to more easily communicate the dark web intelligence they discover - improving response times to possible attacks and educating the wider business on dark web threats. “Our mission is to make dark web intelligence as relevant and actionable for businesses as possible and our new reporting function is a huge part of that. Threat intelligence is only powerful if it can be understood and acted on - otherwise it is just noise. Communication is everything.” Eric Milam, EVP product at Searchlight Security DarkIQ Reporting gives enterprise security teams and MSSPs the ability to: Generate slick reports with one click - with threat intelligence data automatically pulled, inputted, and presented from the DarkIQ platform. Select the right level of detail for the audience - with an “Executive” report option for a high level summary or “Detailed” report for security personnel, which includes recommended remediative actions that should be taken based on the threat data. Add and remove reporting fields - to further customize the report to suit the audience by adding, moving, or removing components, as well as the ability for security teams to add their own analysis, context and observations. Customize design - with the ability to brand reports and change the font and color scheme, a particularly important feature for MSSPs reselling DarkIQ to their customers. Resource more effectively - with less time spent on reporting so they can spend more time protecting the business. Demonstrate Return on Investment - with the ability to show imminent threats that have been identified and prevented through dark web intelligence. Milam concluded: “In threat intelligence, the job isn’t done until the report is filed. This is a burden on security teams that we wanted to - and have been able to - alleviate, because every minute less they spend reporting is a minute more they can spend stopping the bad guys. At the same time, they have a better solution to deliver pre-attack intelligence with more clarity so the business can be more proactive in stopping imminent threats.” About Searchlight Security Searchlight Security provides organizations with relevant and actionable dark web threat intelligence, to help them identify and prevent criminal activity. Founded in 2017 with a mission to stop criminals acting with impunity on the dark web, we have been involved in some of the world’s largest dark web investigations and have the most comprehensive dataset based on proprietary techniques and ground-breaking academic research. Today we help government and law enforcement, enterprises, and managed security services providers around the world to illuminate deep and dark web threats and prevent attacks.

Read More

Spotlight

"The ubiquitous use of mobile devices results in a mixture of corporate and personal data stored on devices that are online continuously, seamlessly connecting to the closest available network, downloading and uploading data whenever possible, and carried with users continuously. This trend has radically changed the landscape of data protection.
Complicating that proposition is an abundance of applications for mobile devices designed to empower productivity from a small footprint."

Resources