Frontline
The security professional’s best friend: Artificial Intelligence By Lionel Snell Editor, NetEvents
20 | Asia Pacific Security Magazine
T
here used to be a simple formula for a security debate: hit them with a round up of the year’s worst horror stories – the latest hacks, viruses and how much they cost business – then introduce the latest most sophisticated technology solutions, designed put all that into the past. The recent NetEvents EMEA Press Spotlight Round Table discussion – The Security Professional’s Best Friend: Artificial Intelligence – added greater intelligence to the mix. It was a combination of Artificial Intelligence (AI) and human intelligence – in the form of greater realism, more recognition of the limits to what is possible. Ovum Principle Analyst, Rik Turner, discussed the challenges, the changes and the tech responses. In the 1990s, he explained, everyone was talking about prevention: “preventing the bad guys getting in, preventing malware from penetrating their networks. Their infrastructure could be safe. They could prevent all of those bad things from happening.” Instead, over the last two decades, we have moved towards a new stance. The vast majority of vendors and practitioners now admit that the best we can do at the moment is to detect and mitigate: “detect once someone’s in, move to mitigate as quickly as possible, potentially do some damage limitation, do some quarantining so they can’t run amok within your infrastructure, and then subsequently to remediate, clean them up, get them out, and start again. Until
the next breach”. That, he suggested, is really a defeat for the cyber-security industry. “It reminds me a little bit of the people defending the city of Constantinople when it was still capital of the Byzantine Empire… gradually the siege made it through the first outer walls, and drove them into the inner walls, until eventually they breached the whole thing. Notice that we use the term breach. We’ve adopted it from the world of siege warfare.” What else has changed? The amount of malware being successfully stopped by anti-virus signatures continues to fall. In 2014 Symantec, in The Wall Street Journal, was talking about 45% success: “I now think it’s between 20 and 30%, not much more, across the industry”. Then of course there is the rise of criminal gangs, hacktivists and state-sponsored malware actors with unlimited resources to play with – not to mention the availability of off-the-shelf hacking kits on the Dark Web. What’s more: “The Cloud: that makes it so much easier to go out, rent a few processors from Amazon, test-drive your new exploit before you’ve even launched it, and make sure it works.” Finally, it is not just volume of revealed vulnerabilities, it is the sheer velocity of their exploitation: “People in security always talk about the needle in the haystack. It’s a horrible cliché, but it’s true. [Actually, later in the discussion someone amended this to “its more like finding a needle in a needlestack”]. In this vulnerability space there’s this