Recently, many organizations experienced severe downtimel due to an undetected malware, Deeplocker, which secretly evaded even the most stringent cyber security measures. Deeplocker leverages the AI model to attack the target host by using indicators such as facial recognition, geolocation and voice recognition. This incident speaks volumes about the big role AI plays in the cybersecurity domain. In fact, some may even go so far as to say that AI for cybersecurity is no longer a nice to have technology, but rather a necessity.
Large and small organizations and even startups are investing heavily in building AI systems to analyze huge data troves and in turn, help their cybersecurity professionals to identify possible threats and take precautions or immediate actions to mediate them.
If AI can be used to protect systems, it can also be used to harm them. How? The hackers and intruders can launch smarter smarter attacks that would be difficult to combat. Phishing, one of the most common and simple social engineering cyber attacks is now easy for attackers to master. There are a plethora of tools on the dark web that can help anyone wanting to launch a phishing attack. In such trying conditions, it is imperative that organizations take necessary precautions to guard their information castles. What better tool to use than AI?
Symantec’s Targeted attack analytics (TAA) tool
This tool was developed by Symantec and is used to uncover stealth and targeted attacks. It applies AI and machine learning on the processes, knowledge, and capabilities of the Symantec’s security experts and researchers.
The TAA tool was used by Symantec to counter the Dragonfly 2.0 attack last year. This attack targeted multiple energy companies and tried to gain access to operational networks.
Eric Chein, Technical Director of Symantec Security says, “ With TAA, we’re taking the intelligence generated from our leading research teams and uniting it with the power of advanced machine learning to help customers automatically identify these dangerous threats and take action.”
The TAA tools analyze incidents within the network against the incidents found in their Symantec threat data lake.
TAA unveils suspicious activity in individual endpoints and collates that information to determine whether each action indicate hidden malicious activity. The TAA tools are now available for Symantec Advanced Threat Protection (ATP) customers.
Sophos’ Intercept X tool
Sophos is a British security software and hardware company. Its tool, Intercept X, uses a deep learning neural network that works similar to a human brain.
In 2010, the US Defense Advanced Research Projects Agency (DARPA) created their first Cyber Genome Program to uncover the ‘DNA’ of malware and other cyber threats, which led to the creation of algorithm present in the Intercept X.
Before a file executes, the Intercept X is able to extract millions of features from a file, conduct a deep analysis, and determine if a file is benign or malicious in 20 milliseconds. The model is trained on real-world feedback and bi-directional sharing of threat intelligence via an access to millions of samples provided by the data scientists. This results in high accuracy rate for both existing and zero-day malware, and a lower false positive rate. Intercept X utilizes behavioral analysis to restrict new ransomware and boot-record attacks. The Intercept X has been tested on several third parties such as NSS labs and received high-scores. It is also proven on VirusTotal since August of 2016. Maik Morgenstern, CTO, AV-TEST said, “One of the best performance scores we have ever seen in our tests.”
Darktrace Antigena is Darktrace’s active self-defense product. Antigena expands Darktrace’s core capabilities to detect and replicate the function of digital antibodies that identify and neutralize threats and viruses.
Antigena makes use of Darktrace’s Enterprise Immune System to identify suspicious activity and responds to them in real-time, depending on the severity of the threat.
With the help of underlying machine learning technology, Darktrace Antigena identifies and protects against unknown threats as they develop. It does this without the need for human intervention, prior knowledge of attacks, rules or signatures. With such automated response capability, organizations can respond to threats quickly, without disrupting the normal pattern of business activity.
Darktrace Antigena modules help to regulate user and machine access to the internet, message protocols and machine and network connectivity via various products such as Antigena Internet, Antigena Communication, and Antigena network.
Read the source article in PacktHub.