AI and analytics being deployed in battle against cyber threats


As hackers find more ways to compromise computers — from phishing to malicious web pages to taking advantage of user carelessness — and cyber-criminals go from pranksters or individual hackers to well-oiled commercial organizations that may even be funded by nation-states, security vendors are developing increasingly sophisticated technologies to help their customers fight back.

Rather than relying on a human to wade through megabytes, or gigabytes, of security and system log files, looking for those hints that mischief is afoot, they’re applying machine learning and analytics to the problem. Yes, your friendly neighbourhood AI is on the job.

Citrix Systems Inc., a company known mainly for its virtual desktop and remote access technologies, recently announced Citrix Analytics, a cloud-based service which uses machine learning and analytics to identify and remediate many threats, as well as to look at performance issues.

The tool scrutinizes user behaviour and learns what’s normal. It gets its data from its applications, its management tools, and from network activity logged by Citrix NetScaler. It also monitors for actions that are out of policy, for example, if a user tries to access unauthorized files, and assigns risk scores to users based on what they do. Those scores are used to trigger responses from the system, without human intervention.

If someone logs in from an unknown location, or on a new device, they can be authenticated more rigorously than the same person would be when they were sitting at their desk in the office. If their risk score hits predetermined thresholds, the administrator is alerted, and predefined actions performed.

For example, if a user visits a website with a poor reputation (perhaps it is run by a suspected cyber-criminal, or has served malware in the past), that may add 10 points to the risk score. An uncharacteristically large upload volume tacks on another 10, and login from an unknown location ups the score again, to hit a threshold, at which point the system automatically terminates all of the user’s sessions and enables additional authentication requirements.

Read the source article at the Financial Post.