Use AI as the missing piece of defence in depth

Tom Allen
clock • 3 min read
Use AI as the missing piece of defence in depth
Image:

Use AI as the missing piece of defence in depth

There is no silver bullet for cybersecurity.

That was the takeaway from Darktrace's Hanah Darley, speaking today at the first day of the Cybersecurity Festival in London. 

In a quick audience poll, Darley identified several types of attack or compromise of major concern, including zero days, the supply chain and the human element. However, all of these tend to affect different parts of the network - and there is no one solution that can protect against all of them. 

Defence in depth - using multiple tools to protect specific areas of the network - is "so important," said Darley, but there is a single solution that can enhance those disparate tools: autonomous AI. 

"The next step is to fill in the gap in human resources, who unfortunately require things like sleep. I've left my phone over there [on my seat,] and a lot of our human analysts will do the same thing on the weekends. They'll want to watch Netflix, they won't necessarily be looking for every single alert on their phones. 

"That human gap is natural and expected. How do we account for it? Using self-learning AI." 

AI security systems like Darktrace can take work away from human analysts and respond to incidents in near-real-time - but even they aren't the end-all and be-all of protection. Darley described a new Darktrace customer, where a "highly privileged administrative credential" had been compromised a few weeks before installation - although the customer didn't know it. 

"Darktrace picked up on it, but unfortunately, even though the autonomous response was available, it was in what we call Human Confirmation mode. Now in a security model, that totally makes sense because that is kind of the validation where you see how it would operate on your network... But if the human analysts are not focused, they're not looking at alerts or not paying attention. Then the AI warnings can only go so far. 

"So, the attackers retained access to the system for about three weeks. And then they thought to themselves, ‘Let's move laterally and let's keep moving. Let's keep it going'. They had already exfiltrated data from the domain controller, but why stop on one if you can get by? So, they tried to move laterally. They started beaconing to a command-and-control infrastructure. And our AI analyst is, as we call it, generating investigations, there are alerts going off, there are recommended autonomous response actions. But again, because it's in human conformation, it's not able to take those actions. 

"Ultimately, they got away with a load of data before the humans were able to put a stop to the attacks. But throughout the attack cycle, there were about 15 different AI Analyst investigations, and there would have been a load of autonomous response actions. 

"So what's the takeaway from that?... It could have stopped there. And it also could have stopped at subsequent points during the attack as the attackers attempted to move laterally." 

Autonomous response is applicable in many ways and industries, said Darley, and although you need a balance between AI and human, having 24/7 monitoring and response is more important now than ever before.

You may also like
New AI datacentre coming to London's Docklands

Datacentre

The campus will be built with sustainability in mind

clock 21 June 2024 • 1 min read
Lenovo: Liquid cooling means 30% less energy used

Datacentre

Shifting is 'not as complicated as people may believe', says Lenovo UK&I ISG head Ian Jeffs

clock 20 June 2024 • 4 min read
Arm tries to block Copilot+ PC lauch

Law

Part of an ongoing dispute with Qualcomm

clock 18 June 2024 • 2 min read

More on Security Technology

NCSC CTO: UK tech sector not incentivising companies to build secure software

NCSC CTO: UK tech sector not incentivising companies to build secure software

Calls for market reform to usher in secure future tech

clock 17 May 2024 • 2 min read
Wales launches CymruSOC, the UK's first national cybersecurity operations centre

Wales launches CymruSOC, the UK's first national cybersecurity operations centre

A ‘defend as one' approach for public services

John Leonard
clock 10 May 2024 • 1 min read
How a council consolidated security tools and saved 40%

How a council consolidated security tools and saved 40%

Savings came from lower licencing costs and fewer training and service requirements

John Leonard
clock 24 April 2024 • 4 min read