The “work-from-anywhere” distributed operational model adopted by many organisations in recent times has resulted in a proliferation of network-connected devices. According to estimates, globally there could be as many as 50 billion connected devices in daily use.
This has caused increased network and systems complexity on a massive and unprecedented scale. What’s more, advances in technology, while delivering greater efficiencies to organisations on many fronts, have added layers of complexity to the task of protecting vital corporate assets. And as the number of assets increases, so visibility into how they interface with vital organisational data diminishes.
In addition to significantly more phones, laptops, tablets, PCs, printers and similar network-connected devices in use, security is compromised by increasing numbers of off-network devices, such as smart watches and Bluetooth keyboards, mice, phones, speakers and more. There are also internet of things devices that transmit data over the internet or other networks to be accommodated.
The increasing connection of industrial control systems (ICS) and operational technology environments in manufacturing companies to corporate networks adds to the many surfaces which have to be defended.
ICS often present cyber criminals with opportunities to infect large corporate systems with many variants of internet-borne malware. Confirming this are the records of cyber attacks on many major manufacturing companies, which have resulted in hundreds of millions of dollars in losses due to downtime, erosion of customer confidence and the unprecedented rise in commodity prices on global markets due to production or distribution delays.
The ability to evaluate common vulnerabilities and exposures (CVEs) is no longer a human-scale challenge. Organisations need to know where they stand in terms of data security on their networks on a continual basis. Periodic tests and reports, no matter how frequent, are no longer sufficient.
The ability to evaluate common vulnerabilities and exposures is no longer a human-scale challenge.
Continuously evaluating CVEs is, for instance, an important prerequisite for devices tasked with monitoring network perimeter access, which involves several protection mechanisms, including authentication, authorisation and activity-tracking. Real-time device behaviour monitoring is thus vital.
Fortunately, the convergence of applications and cloud environments has created a unique opportunity for IT vendors and resellers to create new security solutions capable of detecting compromised devices with a high degree of speed and accuracy.
Real-time, fully automated security can therefore become a reality despite the enterprise attack surface continuing to spread and evolve.
With situational awareness becoming a vital requirement, it is clear that artificial intelligence (AI) and its subset machine learning (ML) are now key technology partners in the search for improved and faster cyber security processes.
Representing an important evolution in computer science and data processing, AI and ML have proven their viability in the financial sector, where they are able to analyse consumer behaviour, detect fraudulent activities and block illegal transactions.
As strong allies of security, AI and ML have particular relevance within the cyber security arena and today are increasingly incorporated in cloud-based security solutions, which put their outstanding abilities for persistent asset vulnerability reporting to good use when analysing many millions of time-varying signals and events.
Alerts can be triggered by a misconfiguration, a policy violation or abnormal behaviour, such as inappropriate connection requests or unexpected software running on a device, or simply when a device is operating outside of its normal or pre-determined parameters.
Cloud-based AI and ML systems’ pattern- and image-recognition functions complement their real-time, round-the-clock monitoring of assets and the ability to instantly highlight new discoveries related to all devices − both on and off the network − which is also important from a regulatory compliance perspective.
Unlike many “bolt-on” security offerings that form a base line of behaviour from network traffic alone, AI and ML systems “persistently” address device behaviour with the advantage of instant access to massive databases – knowledge bases − of crowd-sourced information.
This enables AI- and ML-based systems to rate devices on a brand/ model/ version/ reputation/ known-vulnerabilities basis and should a similar device have been the target of a malicious attack anywhere in the world it will instantly be flagged as “high risk”.
One vendor’s AI knowledge base is said to contain detailed information relating to more than one billion devices covering 12 million device profiles. Each profile includes information about how often a device communicates with other devices, over what protocols, how much data is transmitted, whether the device is usually stationary and what software runs on each device. When a device operates outside of its “known-good” profile this will immediately be noted and an alarm raised.
This process can be performed unobtrusively and without the need for agents to be loaded on any device. It also minimises any complexities associated with the identification of security vulnerabilities, while creating a source for complete visibility and comprehensive risk management.
IT vendors that integrate AI and ML functionality into their product portfolios will be able to add new fields of protection that could soon go well beyond the confines of current thinking and the restrictions of today’s technologies.
Share