Igor Mezic
Ransomware has been dominating cybersecurity news lately after devastating attacks continue to take place across industries. Just recently Ryuk Ransomware was able to secure $34 million from one victim in exchange for the decryption key to unlock their computers, while the Trickbot Trojan attacks struck almost two dozen United States hospitals and health care organizations last week.
Why does this keep happening? Because it works for the hackers.
The problem partially lies in the outdated cybersecurity solutions organizations employ to protect themselves. And the sad thing is, it’s not always the enterprises fault. Security vendors are making untrue claims about the capabilities of their solutions and the AI that serves as their backbone. It’s a secret held by many of these AI based cybersecurity vendors that their technology isn’t utilizing true Artificial Intelligence at all.
The majority of these platforms use basic machine learning that only allows for labeling of attacks they have seen before. This simply will not work if the hack has never been seen before and is useless in protecting enterprises from attacks using advanced adversarial technology. Why is that? It has to do with the AI types, or as DARPA refers to them, ‘Waves’ of AI.
Most AI used today in cybersecurity is actually what is referred to as first or second-wave AI, and this more rudimentary form of AI, which relies on constant human labeling of data and creation of rules, is leaving enterprises woefully unprepared against today’s cyber attacks.
First-wave AI is rule based and second-wave AI relies on label driven data, so it has a little bit of interpolation ability but no extrapolation ability. Third-wave AI is completely different as an architecture and it is really structured to learn in the same way that humans learn by starting with an unsupervised baseline, a generative model of the network, then adding on specific tasks it should focus on, and finally interacting with the user in order to add labels to these events.
Most of the so-called “AI” security systems available today are only doing the latter part– labeling and creating rules based off of those labels. However, these are pointless in stopping many of the more advanced methods of hacking that are currently being used to cause massive amounts of damage to enterprises, such as Ransomware, GANs and Man in the Middle Attacks.
Ransomware
Oftentimes, when we think of ransomware we immediately want to turn to an endpoint solution. If they’ve reached the endpoint, it’s already over. A security system’s job should be to ensure they never get that far. Although third-wave AI is not endpoint focused, it is capable of finding an intruder long before it could ever possibly reach the endpoint.
Third-Wave AI is predictive in nature because it knows what the network should look like at all times. As soon as the network is distrubed, the AI reports it as an anomaly and the security team is alerted. This is the key reason why a predictive third-wave AI system is so good at preventing ransomware type attacks, hackers will never get to the endpoint if they are discovered as soon as they enter the network.
Once the attacker reaches the endpoint the encryption can happen in seconds. It’s up to the AI to catch it before it gets to that point. When it’s a new attack that no one has ever seen before, there is no way second and first-wave AI security solutions can protect against it. The only way to stop an attack no one has seen previously is to catch it on the network before it reaches the endpoint, and the only way to do that is to employ a predictive third-wave AI system which is capable of flagging anomalies (even never before seen ones) as they arrive.
Attackers have a variety of ways of entering the endpoint, so writing rules to try and prevent this is useless as there are infinite ways to try and attack, and that is exactly what hackers try to exploit with GANs.
GANs (Generative Adversarial Networks)
The way most GANs work is by creating one type of attack after another in rapid succession. It will basically test the neural network to try and infiltrate and learn what it doesn’t like in order to create something close enough to enter and allow the hackers to wreak havoc.
First and second-wave AI security often cannot handle the sheer amount of all-slightly-different attacks it is facing and can falter, causing irreparable damages to a company’s data security.
A generative third-wave AI system is built to deflect exactly this. It will catch each anomaly as it comes and no matter what form it shapeshifts into. It will still be considered an anomaly and flagged by a third-wave AI system for disrupting the enterprise’s network.
There is no way for these primitive based methods to effectively protect against an attack when they don’t know what it is supposed to look like, which makes them useless when it comes to GANs.
Man in the Middle Attacks
A Man in the Middle Attack is when an attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.
First and second-wave AI have a difficult time catching this type of attack because the victim will continue to see network traffic behaving normally, while the hacker is in actuality redirecting traffic from the victim’s IP to the machine that they have infiltrated.
The approach used by first and second-wave AI security vendors is to try and figure out if some traffic has been redirected, but only after the intruder already got in, redirected it and did whatever damage they wanted to do.
Having a generative third-wave AI system would alert you the second someone attempted to redirect traffic on the network, because that action would immediately be flagged as anomalous network behavior.
AI Adversaries
Hackers are only getting better at what they do, which means enterprise security teams and vendors have to adapt even faster and adopt the most advanced technology available if we hope to stay a step ahead of our adversaries.
The advent of generative third-wave AI, with its predictive and self-adapting capabilities makes the outlook far less grim for SOC teams.
Your house is far more secure if you have a security system in place that can catch a thief when he’s on your doorstep before he ever enters your house instead of after the break-in. The same goes for cybersecurity teams. Predictive AI can identify a threat and alert your team before a bad actor causes damage, rendering technologies that utilize AI far more effective in keeping an enterprise safe.
