Use AI as the missing piece of defence in depth

Tom Allen
clock • 3 min read
Use AI as the missing piece of defence in depth
Image:

Use AI as the missing piece of defence in depth

There is no silver bullet for cybersecurity.

That was the takeaway from Darktrace's Hanah Darley, speaking today at the first day of the Cybersecurity Festival in London. 

In a quick audience poll, Darley identified several types of attack or compromise of major concern, including zero days, the supply chain and the human element. However, all of these tend to affect different parts of the network - and there is no one solution that can protect against all of them. 

Defence in depth - using multiple tools to protect specific areas of the network - is "so important," said Darley, but there is a single solution that can enhance those disparate tools: autonomous AI. 

"The next step is to fill in the gap in human resources, who unfortunately require things like sleep. I've left my phone over there [on my seat,] and a lot of our human analysts will do the same thing on the weekends. They'll want to watch Netflix, they won't necessarily be looking for every single alert on their phones. 

"That human gap is natural and expected. How do we account for it? Using self-learning AI." 

AI security systems like Darktrace can take work away from human analysts and respond to incidents in near-real-time - but even they aren't the end-all and be-all of protection. Darley described a new Darktrace customer, where a "highly privileged administrative credential" had been compromised a few weeks before installation - although the customer didn't know it. 

"Darktrace picked up on it, but unfortunately, even though the autonomous response was available, it was in what we call Human Confirmation mode. Now in a security model, that totally makes sense because that is kind of the validation where you see how it would operate on your network... But if the human analysts are not focused, they're not looking at alerts or not paying attention. Then the AI warnings can only go so far. 

"So, the attackers retained access to the system for about three weeks. And then they thought to themselves, ‘Let's move laterally and let's keep moving. Let's keep it going'. They had already exfiltrated data from the domain controller, but why stop on one if you can get by? So, they tried to move laterally. They started beaconing to a command-and-control infrastructure. And our AI analyst is, as we call it, generating investigations, there are alerts going off, there are recommended autonomous response actions. But again, because it's in human conformation, it's not able to take those actions. 

"Ultimately, they got away with a load of data before the humans were able to put a stop to the attacks. But throughout the attack cycle, there were about 15 different AI Analyst investigations, and there would have been a load of autonomous response actions. 

"So what's the takeaway from that?... It could have stopped there. And it also could have stopped at subsequent points during the attack as the attackers attempted to move laterally." 

Autonomous response is applicable in many ways and industries, said Darley, and although you need a balance between AI and human, having 24/7 monitoring and response is more important now than ever before.

Related Topics

You may also like
Big Tech's AI spending spree worries investors

Artificial Intelligence

Big Tech's AI spending spree worries investors

Zuckerberg says building a leading AI system will take several years and require significant investment

clock 26 April 2024 • 3 min read
CMA invites comments on Microsoft and Amazon AI partnerships

Legislation and Regulation

CMA invites comments on Microsoft and Amazon AI partnerships

Regulator has warned against Big Tech's growing AI dominance

clock 25 April 2024 • 3 min read
Microsoft launches Phi-3 Mini language model

Artificial Intelligence

Microsoft launches Phi-3 Mini language model

Small enough to be deployed on a phone

clock 24 April 2024 • 3 min read
Tom Allen
Author spotlight

Tom Allen

View profile
More from Tom Allen

Today is your last chance to enter the 2024 IT Leaders 100

US to block TikTok - ByteDance vows to fight back

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

Get the newsletter

More on Security Technology

How a council consolidated security tools and saved 40%
Security Technology

How a council consolidated security tools and saved 40%

Savings came from lower licencing costs and fewer training and service requirements

John Leonard
John Leonard
clock 24 April 2024 • 4 min read
Qualys announces service to help organisations comply with UK NCSC cyber guidance
Security Technology

Qualys announces service to help organisations comply with UK NCSC cyber guidance

NCSC advises patching window of 5-7 days; UK currently stands at 15-17 days MTTR.

John Leonard
John Leonard
clock 17 April 2024 • 3 min read
Checkmarx: 'It's very difficult for CISOs to know how to safely incorporate genAI'
Security Technology

Checkmarx: 'It's very difficult for CISOs to know how to safely incorporate genAI'

'It’s an unfortunate reality that developers have not traditionally been big fans of security'

Computing Staff
clock 26 March 2024 • 5 min read