Fortinet Predicts Advanced AI and Counter Threat Intelligence Will Evolve, Shifting the Traditional Advantage of the Cybercriminals
CEO Insights team
“Much of the success of cyber adversaries has been due to the ability to take advantage of the expanding attack surface and the resulting security gaps due to digital transformation. Most recently, their attack methodologies have become more sophisticated by integrating the precursors of AI and swarm technology. Luckily, this trajectory is about to shift, if more organizations use the same sorts of strategies to defend their networks that criminals are using to target them. This requires a unified approach that is broad, integrated, and automated to enable protection and visibility across network segments as well as various edges, from IoT to dynamic-clouds,” avers Michael Joseph, Director – System Engineering, India & SAARC, Fortinet.
Cyber attack methodologies have become more sophisticated in the recent years, magnifying their effectiveness and speed. This trend looks likely to continue unless more organizations make a shift as to how they think about their security strategies. With the volume, velocity, and sophistication of today’s global threat landscape, organizations must be able to respond in real time at machine speed to effectively counter aggressive attacks. Advances in artificial intelligence and threat intelligence will be vital in this fight.
An important objective of developing security-focused artificial intelligence (AI) over time has been to create an adaptive immune system for the network similar to the one in the human body. The third generation of AI is where rather than relying on a central, monolithic processing center, AI will interconnect its regional learner nodes so that locally collected data can be shared, correlated, and analyzed in a more distributed manner.
Much of the success of cyber adversaries has been due to the ability to take advantage of the expanding attack surface and the resulting security gaps due to digital transformation
This will be a very important development as the organizations look to secure their expanding edge environments.
In addition to leveraging traditional forms of threat intelligence pulled from feeds or derived from internal traffic and data analysis, machine learning will eventually rely on a flood of relevant information coming from new edge devices to local learning nodes. By tracking and correlating this real-time information, an AI system will not only be able to generate a more complete view of the threat landscape, but also refine how local systems can respond to local events.
Investing in AI not only allows organizations to automate tasks, but it can also enable an automated system that can look for and discover attacks, after the fact, and before they occur. Combining machine learning with statistical analysis will allow organizations to develop customized action planning tied to AI to enhance threat detection and response. These threat playbooks could uncover underlying patterns that enable the AI system to predict an attacker's next move, forecast where the next attack is likely to occur, and even determine which threat actors are the most likely culprits.
The use of increased deception technologies could spark counter-intelligence retaliation by cyber adversaries. In this case, attackers will need to learn to differentiate between legitimate and deceptive traffic without getting caught simply for spying on traffic patterns. Organizations will be able to effectively counter this strategy by adding playbooks and more pervasive AI to their deception strategies. They will respond to any counterintelligence efforts before they happen, enabling them to maintain a position of superior control.
Cybersecurity has unique requirements related to things like privacy and access, while cybercrime has no borders. As a result, law enforcement organizations are not only establishing global command centers but have also begun connecting them to the private sector, so they are one step closer to seeing and responding to cybercriminals in real-time.