AI powers cyber security

Security MEA speaks with Rajat Mohanty, Co-founder and Chief Executive Officer at Paladion on the role that artificial intelligence plays in cyber defense and the challenges that need to be overcome to stay ahead of attackers.

What role can AI play in cyber security and risk management?

AI adds the defensive power and speed you require to tackle huge volumes of attacks with countless variations.

Today, the reality is that organizations are facing cyber threats that move too quickly. Security teams that depend on rules, correlation and signatures are ill equipped to handle the speed and velocity of such attacks. The answer lies in letting machines (AI) do what they are best at and letting humans do what they are best at. Machines are good at finding answers, but can they find questions? In cyber security, any analyst will tell you that the key is to keep asking questions, continue formulating hypotheses, and then let machines provide answers. You see a suspicious event, you start formulating a hypothesis of what could have gone wrong, you ask questions for proving or disproving these hypotheses, and then continue this iteration. And the underlying machine (be it AI technology or something else) should keep answering these questions using intelligence and automation.

Do you feel AI in cyber security is still a divided house? If yes, why is there so much apprehension in certain quarters?

Yes and no. I am not sure if anyone doubts the value of applying AI (including Machine Learning and Data Science) to defend against today’s growing volume and sophistication of cyber threats. However, we are in a moment of transition. Whether you are using an MSSP or have an internal SOC, most current set ups do not offer mature capabilities for AI in cyber to manage cyber defense end-to-end. But, with Managed Detection and Response (MDR) services AI will be a standard offering in the service.

In your view, how effective can an AI role be in cyber security?

AI is not merely effective, it is essential. AI provides value in multiple areas of cybersecurity. These include the collection and analysis of security data from various sources, monitoring your entire IT stack, advanced machine learning algorithms, and recommendations on how to best respond to threats. And today, cyberattacks have become so complex and sophisticated that they can only be resolved when AI applies multiple security analytics methods at once.

What distinct advantage and challenge does it offer?

In terms of advantages, AI provides power and speed. AI allows organizations to effectively collect, analyze, and produce recommendations regarding a volume of security data that no team of human security experts could ever handle on their own.

When it comes to challenges, there is no “silver bullet” for AI-driven cybersecurity. Organizations must find a way to effectively adopt, and leverage AI to support their unique security posture.

Does AI means the end of human element in cyber security or can they both co-exist?

They both must co-exist. Humans will always be required at many stages of cyber security processes. As I said earlier, humans formulate hypotheses and ask questions and AI provides answers. Humans also need to set objectives for their security efforts and classify data as good or bad before handing off classification to machines. They also play an important role in judging the analysis and recommendations that machines provide, and ultimately make the call as to what course of action is best. AI can provide power and speed, but humans provide skills, insights and judgements that AI cannot replicate.

Can hackers not enter the machine and alter the path of AI?

I feel there is a larger concern when it comes to hackers and artificial intelligence. Hackers are beginning to utilize self-developed AI to increase the speed, sophistication, and strength of their attacks – this is much more sophisticated that automated cracker technologies we witnessed earlier. It is valid to ask whether cybersecurity’s AI is “hacker proof”, but it misses a simple point— we will not be able to keep up with a cybercriminal’s AI-driven attacks if we do not have our own AI-driven defenses. AI-driven cyber defense may never be perfect, but it is already a necessity.

Has Paladion adopted AI in its offerings? If yes, please elaborate

Yes, Paladion offers AI-driven managed cyber defense via its Managed Detection and Response (MDR) service. Our MDR service combines multi-source analytics – endpoints, networks, user access, and applications, which is unlike any other MDR service in the market. This gives our customers an upper hand against their adversaries, providing them the power to detect even the smallest attacker activity in the environment.

Our MDR service also has individual services within it to help enterprises bring in advanced cyber defense into an existing program depending on their current needs. The six services that map to left and right of hack are: Threat Anticipation, Threat Hunting, Security Monitoring, Incident Analysis, Incident Response, and Breach Management.

How can it help regional enterprises in enhancing their security?

Each region has its own unique security challenges. Paladion has a strong presence in the Middle East and serves hundreds of leading enterprises and government organizations in the region. So, our security teams have a deep understanding of the threat landscape in the Middle East, which helps them create comprehensive threat profiles for each organization – this also includes tweaks in machine algorithms to provide the best defense available to each customer. Our global foot print also enables our customers in the region to anticipate threats that have originated elsewhere and take the necessary steps to prevent it before it reaches them.

What future do you see for AI in cyber security?

AI must become a standard element in any effective cyber defense strategy since cyber crime is simply growing. Damages from cyber crime are projected to reach $6 trillion per year by 2021 as cyber attacks increase in volume, sophistication and damage. Gartner states that enterprises that wish to meet their growing security threats will have to move from protection and prevention, to detection and response, which can only be achieved by partnering AI with human defenders.

What message would you like to give security experts in Middle East?

The security landscape has tremendously improved in the Middle East. In fact, according to a recent Mandiant Research, the dwell time of attacks in the Middle East is 106 days, which is lower than that of APAC (172 days), but it is still higher than US (99 days). These are averages but it shows without doubt that security efforts in the region have improved.

The region must now embrace the Managed Detection and Response model or Incident Detection and Response if you are managing security in-house, which is the industry’s answer to a step ahead of attackers and break the attacker defender asymmetry. With a service like Paladion’s MDR, you can adopt cutting-edge cyber security in a few clicks. But no matter what security approach you choose, keep in mind that AI driven security is the key to effective cyber defense.