Use AI as the missing piece of defence in depth

Tom Allen
clock • 3 min read
Use AI as the missing piece of defence in depth

Use AI as the missing piece of defence in depth

There is no silver bullet for cybersecurity.

That was the takeaway from Darktrace's Hanah Darley, speaking today at the first day of the Cybersecurity Festival in London. 

In a quick audience poll, Darley identified several types of attack or compromise of major concern, including zero days, the supply chain and the human element. However, all of these tend to affect different parts of the network - and there is no one solution that can protect against all of them. 

Defence in depth - using multiple tools to protect specific areas of the network - is "so important," said Darley, but there is a single solution that can enhance those disparate tools: autonomous AI. 

"The next step is to fill in the gap in human resources, who unfortunately require things like sleep. I've left my phone over there [on my seat,] and a lot of our human analysts will do the same thing on the weekends. They'll want to watch Netflix, they won't necessarily be looking for every single alert on their phones. 

"That human gap is natural and expected. How do we account for it? Using self-learning AI." 

AI security systems like Darktrace can take work away from human analysts and respond to incidents in near-real-time - but even they aren't the end-all and be-all of protection. Darley described a new Darktrace customer, where a "highly privileged administrative credential" had been compromised a few weeks before installation - although the customer didn't know it. 

"Darktrace picked up on it, but unfortunately, even though the autonomous response was available, it was in what we call Human Confirmation mode. Now in a security model, that totally makes sense because that is kind of the validation where you see how it would operate on your network... But if the human analysts are not focused, they're not looking at alerts or not paying attention. Then the AI warnings can only go so far. 

"So, the attackers retained access to the system for about three weeks. And then they thought to themselves, ‘Let's move laterally and let's keep moving. Let's keep it going'. They had already exfiltrated data from the domain controller, but why stop on one if you can get by? So, they tried to move laterally. They started beaconing to a command-and-control infrastructure. And our AI analyst is, as we call it, generating investigations, there are alerts going off, there are recommended autonomous response actions. But again, because it's in human conformation, it's not able to take those actions. 

"Ultimately, they got away with a load of data before the humans were able to put a stop to the attacks. But throughout the attack cycle, there were about 15 different AI Analyst investigations, and there would have been a load of autonomous response actions. 

"So what's the takeaway from that?... It could have stopped there. And it also could have stopped at subsequent points during the attack as the attackers attempted to move laterally." 

Autonomous response is applicable in many ways and industries, said Darley, and although you need a balance between AI and human, having 24/7 monitoring and response is more important now than ever before.

You may also like
UK AI chipmaker seeks buyer, report

Chips and Components

Graphcore has faced rising losses and falling revenues

clock 21 February 2024 • 2 min read
Which jobs are at risk from AI in 2024? What new roles will be created? IT leaders tell us

Careers and Skills

Good news for data scientists, less so for admin

clock 19 February 2024 • 3 min read
Microsoft's chief security advisor joins Cybersecurity Festival 2024


Sarah Armstrong-Smith will talk AI in security

clock 19 February 2024 • 1 min read

More on Security Technology

UK's biometrics commissioners steps down, signalling missteps

UK's biometrics commissioners steps down, signalling missteps

Home Office is ignoring new technologies

Muskan Arora
clock 31 January 2024 • 4 min read
Endpoint is the path of least resistance, says Threatlocker

Endpoint is the path of least resistance, says Threatlocker

IT Leaders Summit debates the true purpose of endpoint security.

Penny Horwood
clock 05 October 2023 • 2 min read
GitHub announces passwordless authentication trial

GitHub announces passwordless authentication trial

The trial can be considered a milestone in the long demise of passwords

Penny Horwood
clock 13 July 2023 • 2 min read