How Using AI Vastly Improves Threat Detection

eWEEK SECURITY PRODUCT ANALYSIS: Fortinet’s FortiAI enables security pros to “fight AI fire with AI fire."

Fortinet.conference

What if every company had a security analyst that could tell exactly what a “bad guy” is doing to compromise their data in seconds? This has never been possible, but at one time, really smart and savvy security professionals could look through security data and find insights that indicate a breach.

Today that’s not possible, because the volume of data has grown exponentially. Data is being generated from endpoints, network devices, the cloud and other areas. However, machines can do what people can’t, and artificial intelligence (AI) is getting closer to making real-time threat detection a reality for security operations by automating analysis and mitigation. 

Using AI for threat detection is not new. Cybersecurity firms have successfully trained AI-powered algorithms to identify potential threats like malware, ransomware, phishing and denial-of-service (DoS) attacks. Studies show more than half of all companies wouldn’t be able to detect threats without AI.

AI and security is a double-edged sword 

But despite its many benefits, AI is a double-edged sword. As the technology grows more sophisticated, cybercriminals are discovering new ways to breach security systems. Attackers are using AI to test operating systems and applications for vulnerabilities, with the ultimate goal of increasing the volume of zero-day attacks on enterprise networks.

In other instances, existing botnets are being transformed into swarm bots to carry out threat campaigns and create new malware variants. Malware-as-as-a-service offers cybercriminals an easy way to launch attacks by paying for access to a botnet that spreads malware. What’s even more worrisome, it only takes a few minutes for cybercriminals to exfiltrate data and execute a breach.

It takes more companies months to find breaches 

Those are just some examples of evolving security threats, most of which companies can’t address with existing security measures. Approximately 56% of companies don’t discover breaches for months and only take remediation steps after that, Verizon found in its 2019 Data Breach Report. The report uncovered a need for better controls that make data more difficult to exfiltrate and reduce the time it takes to find a breach. 

It’s crucial for companies to reevaluate their security infrastructure as a whole. Instead of focusing on cleaning up and restoring, companies must understand how malware got through in the first place and catch it at the earliest stage. That’s easier said than done when malware analysis tools and intrusion detection/prevention systems don’t always recognize certain vulnerabilities like zero-day threats. The realization is that manual processes won’t work. If the bad guys are using AI, then security pros need it to “fight fire with fire.” 

It’s time for security teams to embrace artificial intelligence 

By leveraging next-generation AI and deep neural networks (DNNs), companies can generate zero-day threat intelligence and automate breach protection across their systems in real-time. The combination of AI and DNNs uses complex models to mimic human decisions at computer speeds. So, solutions based on those functions can learn, classify and label different malware, even if it’s constantly changing. For example, if malware tries to disguise itself as ransomware by downloading behind the scenes, such a solution can analyze what the malware actually is.

Most importantly, a robust AI-driven security infrastructure equips companies with automated and coordinated response to advanced attacks. What would take a cybersecurity expert a few days to narrow down, AI can detect in minutes. During its recent digital Accelerate 2020 user conference, security vendor, Fortinet conducted a session describing how it’s improving threat protection and mitigation with AI. Fortinet developed a patent-pending technology, called FortiAI, which cuts that down to less than a second. FortiAI utilizes DNN to act like a virtual security analyst investigating attacks.

AI is the security pro’s best friend 

The acceptance of AI as a security tool has been tepid at best, because most security pros look at AI as a threat to their jobs. The fact is, a tool like FortiAI is just that, a tool that can augment the security pro. AI can do the heavy lifting by analyzing data enabling engineers to spend more time fixing problems. Over time, AI-based tools will be the security operations team’s best friend, rather than an enemy. 

The on-premises solution observes network traffic for threats and pinpoints “patient zero” or the original source of an attack with a timestamp. It then detects the lateral spread from patient zero to all subsequent compromised systems and users. This can help deal with what I’ve been calling the “asymmetric security challenge” that occurs when the security team needs to protect an exponentially growing attack surface, but the bad guys only have to find a single way in. FortiAI can find those “low slow” threats that are typically impossible to find. Now the bad guys have to stay hidden as they migrate across the infrastructure, but the AI only has to find one instance of it. Asymmetric problem reversed. 

FortiAI sees things people can’t 

FortiAI also performs malware analysis to determine the type of malware and creates a timeline for each infection. Fortinet compares this to a miniature kill-chain model that provides a step-by-step recap of an attack. Although the solution has more than 6 million prebuilt malware features, it can learn new ones over time. One of the dirty little secrets of the security industry is that most malware is a slight modification of older versions, making it easy for AI-based systems to find but difficult for signature-based solutions to determine. 

With AI/DNN solutions such as FortiAI, companies can take a proactive approach to security, instead of reacting to breaches after they happen. AI-driven threat detection can safeguard enterprise networks by cutting down on the time it takes to discover and identify advanced cyber threats. AI-based tools aren’t perfect yet, but they’re far more accurate than people. Security teams should be embracing AI, because it’s the future and really the only viable way of finding threats today. 

Zeus Kerravala is an eWEEK regular contributor and the founder and principal analyst with ZK Research. He spent 10 years at Yankee Group and prior to that held a number of corporate IT positions.