| AI + T |
The modern threat landscape continues to expand, adding artificial intelligence (AI) to a security strategy has become paramount to establishing and maintaining an effective security posture. Given the speed and complexity of modern cyber-threats and the current cyber-security skills shortage, network security teams need the assistance of machine learning and other AI-based capabilities to detect, secure, and mitigate modern attacks.
However, it should come as no surprise that while organizations are adopting AI to bolster their security efforts, cyber-criminals are also adopting of things like agile software development, automation, and machine learning to potentially leverage AI themselves to better identify and more quickly exploit network vulnerabilities.
Due to the growing number and variety of IoT and OT devices entering network infrastructures, cyber-criminals already have the opportunity and capability to launch rapid, complex attacks that these inherently vulnerable devices as entryways into corporate networks. The potential attack capabilities posed by AI will only further compound the threats to today’s digital transformation efforts.
SHIFTING AI-DRIVEN THREAT LANDSCAPE
Cyber-criminals have already begun leveraging automated and scripted techniques to drastically increase the speed and scale of their attacks. The volume of these exploits has skyrocketed thanks to these advanced capabilities, rising 240 percent from Q1 to Q2 in 2018. This tactic is also laying the groundwork for cyber-criminals to eventually adopt AI to automatically map networks, assess vulnerabilities, choose attack vectors, and conduct penetration testing to deploy fully-customized and automated attacks.
If history is any guide, as legitimate AI capabilities continue to increase in today’s networks its adoption among cyber-criminals is inevitable. Cyber-criminals are undergoing their own digital transformation, and as a result, they are already leveraging things like agile development to quicken the pace of malware development to outpace manual threat analysis and outmaneuver modern security solutions. The eventual adoption of AI will accelerate this process further.
Because of the dramatic progress being made by cyber-criminal malware and exploit developers, it’s no longer a question of if an organization will be attacked, but when. Unfortunately, many organizations still rely on legacy point product solutions, incorporating more than 30 different isolated products into their network on average, rendering their ability to adequately detect and respond to today’s advanced attack strategies obsolete. As the cyber-security skills shortage continues, those relying on manual threat analysis and detection, as well as security-as-you-go strategies, will not be able to keep pace with the advanced capabilities of today’s cyber-criminals.
SECURITY RISKS AND CHALLENGES INTRODUCED BY IoT AND OT DEVICES
One of the largest areas of digital transformation happening across industries is the incorporation of IoT and OT devices into corporate networks. With more than a million new devices connecting to the internet each day, there’s an explosion of IoT data, most of which is designed to move freely between devices located in physical and cloud-based network environments and across widely dispersed geographic locations. As a result, this fast expanding IoT environment is increasingly difficult for cyber-security professionals to actively secure without hindering business efficiency and processes.
With IoT devices predicted to make up more than a quarter of all cyber attacks by 2020, it’s critical that network security professionals understand what a significant threat vector that IoT is, along with the unique strategies required to secure it:
Multi-Vendor Environments: As digital transformation efforts dramatically increase the demand for IoT and OT devices, vendors have been quick to capitalize on it. As a result, businesses and organizations across industries have now incorporated a variety of IoT devices from numerous vendors into their network infrastructure. Though, the larger the multi-vendor environment, the harder it is for IT teams to account for, track and secure each device.
Poor Network Visibility: One of the biggest vulnerabilities brought on by the IoT explosion is a lack of visibility into the elements operating within a network at any given time. The fact is, thousands of connected devices can potentially access a network from a myriad of locations both external and internal, including from remote offices via SD-WAN and the newly connected OT network. The challenge is that effective security posture is reliant on the ability of cyber-security professionals to clearly identify each device, assign ownership and policy, segment them accordingly, and then actively track and monitor those devices and their applications and data even when they are highly mobile. Nevertheless, when IT teams rely on manual threat analysis, detection, and mitigation, this becomes extremely difficult and often leads to unknown devices, rogue access points, and shadow IT to operate in the network undetected.
Headless Devices: Given the massive demand for IoT devices, cost is an issue. As a result, these devices are typically manufactured with only the essentials needed to ensure their functionality. In other words, these devices lack the control and visibility typically provided by a traditional user interface, making them impossible to patch or update. Even worse, an alarming number of these devices include blatant vulnerabilities, such as hard-coded back doors, that can be easily exploited if they are not appropriately protected. This provides cyber-criminals with the opportunity to deploy AI-assisted attacks that can detect and compromise IoT and OT devices using emerging techniques such as swarm technology. This technology essentially turns devices into malware proxies capable of attacking networks on a large scale from within the network itself.
Crypto-jacking Remains a Primary Concern: Given the lack of visibility and control into IoT and OT devices, they are a particularly attractive target for crypto-jacking attacks that leech off these devices to mine digital currency. Fortinet‘s Global Threat Landscape Report for Q2, reported evolving crypto-jacking attacks targeting IoT and OT devices, accounting for 23 percent of malware-based attacks. Crypto-jacking poses a particularly significant threat for networks that deploy OT to efficiently manage their operations. Should a successful crypto-jacking attack slow OT efficiency down, it could seriously impact the targeted organization.
LEVERAGING AI TO SECURE THE IoT
To actively secure IoT and OT devices while mitigating the common threats targeting them, proactive IT professionals have begun to redesign their security posture to include AI as part of an integrated and automated security fabric. With artificial intelligence acting as the workhorse of network defense, cyber-security personnel can now gain an advantage in the continuing cyber war to secure the success of their digital transformation efforts, including IoT implementation, while maintaining their network integrity. Specifically, AI in combination with a modern fabric-based defense provides IT teams with:
Comprehensive Device Visibility: Leveraging AI assisted network access control, cyber-security professionals can achieve clear visibility into every device accessing a network at any given time. Equipped with granular device visibility, each device can be appropriately inventoried, tracked, secured, and segmented at machine speeds.
Unified Threat Analysis: As organizations’ digital transformation efforts continue to expand the perimeter of their networks, both physical and cloud-based, it becomes progressively difficult to conduct threat analysis and mitigation efforts across the network at a rate that can keep pace with modern cyber-threats. AI provides the means for IT teams to rapidly collect the latest threat analysis data, identify vulnerabilities within their networks, and deploy those security solutions that mitigate those attacks.
Automated Threat Containment: Seconds matter when a network is successfully breached. The longer a network breach remains unhindered, the farther the damage can spread. This is mainly evident across the financial services, healthcare, and critical infrastructure sectors, where essential systems always need to remain operational and if successfully hindered, can cost steep sums of money and even the lives of employees, patients or citizens. With AI in place, IoT and OT containment procedures can be automated, allowing infected devices to be properly segmented or taken offline before they have a chance to spread to additional areas throughout the network.
IoT and OT adoption is exploding as organizations across industries continue to expand their ongoing digital transformation efforts. However, cyber-criminals are concurrently expanding their capabilities, leveraging new development, deployment, and exploitation techniques to launch faster and more sophisticated attacks. Their ability to integrate AI into this process is simply a matter of time. To protect the success of digital transformation, and the new digital economy driving that transformation, cyber-security personnel need to get out in front of this challenge now by leveraging AI assisted security solutions that provide the breadth and rapid detection and response capabilities needed to keep pace with modern cyber-criminals.
Tags: Artificial Intelligence
