Cyber security experts say this is the best way to defend against online attacks

Employing artificial intelligence to help defend against cyber attacks in machine time has, in theory, the advantage of stopping intruders before harm can be done

PUBLISHED : Tuesday, 18 July, 2017, 4:57pm
UPDATED : Tuesday, 18 July, 2017, 5:11pm

While hackers leverage artificial intelligence (AI) in breaching networks, companies are looking to fight fire with fire by handing the keys of cybersecurity to AI.

Darktrace, a UK-based machine learning company for cyber security, announced last week that it entered into a strategic partnership with Hong Kong-based CITIC Telecom CPC in order to “bring next-generation cyber defence to businesses across Asia Pacific.”

“Humans are consistently outpaced by increasingly automated threats, organisations increasingly recognise that traditional defences focussed on past threats only provide the most essential protection,” said Daniel Kwong, a senior vice president at CITIC Telecom CPC.

He said that CITIC was impressed by Darktrace’s technology in deploying artificial intelligence to strengthen cybersecurity for enterprises.

This comes right on the back of Darktrace’s announcement of having raised US$75 million. The company said that it has climbed new commercial highs as its total contract value hits US$200 million, an increase of 140 per cent from last year.

Nicole Eagan, chief executive at Darktrace, said that in the age of AI where cyber attacks are automated, rather than erecting a firewall or other passive cyber protection mechanism, companies have to build a dynamic “immune system” for their networks.

“Things like WannaCry, Petya and NotPetya -- those are machine-based attacks and they move in machine speed,” she said.

“In terms of AI being used, the one time that we have seen AI was an attack six months ago in India,” she added, “It actually doesn’t have any malicious intent from what we can tell. But what it tried to do was to use another form of machine learning to just learn and blend in an otherwise noisy network.”

She said AI-powered security engine has an edge because it can monitor raw network traffic in real time.

“It’s very much like our human immune system which stops attacks before any damage takes place,” she said.

She said Darktrace’s Enterprise Immune System now has over 3,000 deployments worldwide.

According to security firm Cybersecurity Ventures, cybercrime is projected to rise to US$6 trillion in damages by 2021. Meanwhile, businesses are likely to invest around US$1 trillion over the next five years to protect against the rising threat.

CGI Group also released a study earlier this year which said that cyber attacks can negatively impact company valuations by as much as 15 per cent. It said, on average, a severe cyber security breach to a FTSE 100 firm causes share prices to fall 1.8 per cent on a long term basis.

Another recent report from cybersecurity company FireEye showed organisations on average took 99 days in 2016 to realise they had been breached.

Joseph Feiman, chief innovation officer at Veracode, a US-based security firm, said that financial service providers and governments are the prime targets of cyber attacks.

But he is not as upbeat on the current machine-learning-based cyber security mechanisms. He said that security intelligence has to be smarter than simply collecting data and conducting analysis.

He said while enterprises now learn to leverage data and optimise decision-making through data analysis, in the sphere of cyber security, mere data analysis is still too slow and passive when it comes to reacting to attacks.

“You can collect all possible information about the world. You can do it continuously,” he said, “[You can] collect them, do an analysis and then you will come up with the best security strategy and practise. But by the time you come up with that best strategy, you well might be dead, under attack or your money will be stolen.”

“Security intelligence is not about data-collection and analytics,” he said. “Yes you have to use them. But the most important thing about security intelligence is not dealing with data because data is passive and data is impotent.”