Staying ahead of adversarial AI with incident response automation

5 min reading·now

A Security Engineering Commentary by industry expert Rohan Bafna, SecOps Engineer.

The security operations (SecOps) community is constantly seeking advances in incident response. Consolidating security telemetry data, improving your organization’s cybersecurity posture, and integrating with various artificial intelligence (AI) and machine learning (ML) engines are essential to combat adversarial AI and ML models.

Hackers will continue to have first-hand no innovation, including the adoption of proactive measures and natural language processing (NLP) in the SecOps space. Powered by WormGPT and FraudGPT, hackers and fraudsters will continue to drive up the cost of business as organizations pay more for cyber insurance.

This blog discusses the need to phase out traditional security measures and the need to adopt automation, adaptive control, and various processes that SecOps teams can use to combat adversarial AI.

Hackers, like organizations, invest in artificial intelligence (AI) and machine learning (ML) algorithms and skills. Organizations are investing in AI to help transform their business operations and product development, optimize their financial systems, and provide greater automation in customer success and marketing operations.

Hackers are also investing in AI and ML with predictive analytics to help develop their cyber attack tools, increase their attack automation capabilities globally, and optimize their ability to collect rewards in Bitcoin and other cryptocurrencies. others faster and safer.

As both entities continue to invest their capital, which one continues to show a return on their investment (ROI)? Surprisingly, hackers see increased income from their illegal activities. Legitimate organizations continue to invest large amounts of capital with little hope of return, even after adopting strong new security measures.

Hacker-enabled adversarial AI attacks take many forms. Some are improved due to AI, and others become new.

91% of all cyber attacks start with email phishing. Hackers continue to strengthen their email phishing by enabling AI to help fine-tune their various attack vectors based on real-time analysis of the current campaign. The security telemetry they collect within Large Language Models (LLM) is processed using AI algorithms to create datasets. These datasets provide the specifics for hackers to fine-tune their phishing attacks.

AI generator tools like OpenAI, ChatGPT, FraudGPT and WormGPT help create exceptional content. The content is excellent and lively. The music and film industries have already raised several issues regarding the protection of their intellectual property.

Hackers, fraudsters and cybercriminals use these tools to create fake content. This content could be an AI-generated photo of a presidential candidate looking drunk or an AI-generated audio file used in fraudulent political roll-a-dial campaigns.

Hackers attack supply chains, which is a complex but rewarding activity. Supply chains consist of several organizations, including logistics, transportation, product, warehousing, legal, financial and compliance entities. Each of these entities becomes susceptible to cyber attacks.

Adversary AI extends many functionalities to hackers, including creating complex yet effective kill chains against supply chains. These killer chains include several attack vectors. Before artificial intelligence, hackers had to determine which attack tool would provide the most effectiveness when executing kill chains. With AI, hackers can automatically adjust the sequence of attacks based on processed real-time telemetry data.

Legacy security operations (SecOps) without AI will not stop adversary AI attacks. Before adversarial AI attacks, most SecOps teams used basic behavior-based analytics, human intervention, and a combination of static and dynamic signature updates in their firewalls, IPS, and antivirus solutions.

Adversary AI negates the ability of legacy cybersecurity defense capabilities to stop sophisticated next-generation attacks. AI tools empower hackers to change their attack campaigns more quickly, making their victims’ ability to react even more challenging. Hackers using AI tools can change where attacks happen, who is targeted, and how fast the attack should be. These attack techniques change when they detect that the attack surface of their victims has changed.

Organizations that recognize the ever-growing threat of adversarial AI update their cybersecurity defense architectures with AI and ML defensive capabilities. Many security vendors, including Trustifi, Cisco, Palo Alto and Microsoft, incorporated AI into their solutions to help combat adversary attacks.

At the core of AI-powered cybersecurity solutions is the application of automation to all aspects of the architecture. Several security solutions, including email security from Trustifi, extended detection and response (XDR) from Palo Alto, observability from Cisco/Splunk, and OpenAI within Microsoft 365, help organizations use AI to improve security response times, to address the increase in suspicious activities. and reduce potential damage from zero-day attacks.

Within SecOps, several functions benefit from AI.

  • Automated incident response.
  • A successful AI function for cyber defense is leveraging a centralized collection of telemetric security information from organization-wide hosts, endpoints, network devices, and cloud instances.
  • Automated threat intelligence access.
  • Automated repair of critical systems as part of a computerized incident response strategy.
  • Enable automated notification and reporting.
  • Enable automated playbooks for each attack vector.

Before AI automation, SecOps teams performed several manual functions, including incident response, case management and threat research. The ability to interact on a case-by-case basis is now a thing of the past. SecOps engineers continue to struggle with stress from the sheer volume of attacks. AI-powered automation tools allow SecOps engineers to focus more on strategy and creating executable automated functions rather than responding to every attack.

Here are some other positive ways to enable AI-powered security automation:

  • AI automation can handle several security incidents at the same time.
  • AI becomes a continuous learning machine. As new threats emerge, your organization’s automated incident response becomes even more effective.
  • An organization’s ability to decrease their mean time-between-detection (MTTD) and their mean-time-between-response (MTTR) is a successful byproduct of AI automation.

The AI-powered cybersecurity industry is happening now. This important innovation is a must for organizations to enable today, even if it is not perfect. Hackers continue to find innovative and profitable ways to exploit their victims using AI.

Businesses that want to meet compliance mandates, lower their cyber insurance premiums, and reduce the costs of their security operations need to invest in AI for cyber defense. Using AI to reduce risk is another successful byproduct that organizations will witness.

Moving your organization toward a proactive approach to its security model requires the adoption of AI and ML. As AI-enabled attacks become more common, your AI defense strategy is ideally positioned to stay ahead of hackers.

Rohan is a security operations engineer based in the New York City area. He holds a master’s degree in computer science from the Rochester Institute of Technology and an undergraduate degree from Thadomal Shahani College of Engineering in Mumbai, India.

Rohan’s experience in automating security operations extends well into enabling artificial intelligence machine learning and developing next-generation security automation and response (SOAR) functions. Along with mastering SecOps automation, Rohan mentors many first-year engineers interested in learning more about modern security engineering, including deploying Cisco/Splunk for more automated monitoring and notifications.

Rohan can be reached at [email protected] and on LinkedIn at https://www.linkedin.com/in/rohan-bafna-0911807b/.

#SecOps #engineering #cybersecurity #AI #ML #compliance #adversarialAI #governance #SOAR #automation #CISO #CIO #CDO #CFO

#Staying #ahead #adversarial #incident #response #automation
Image Source : securityboulevard.com

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top