Fighting hackers with AI-backed infrastructure
Digitalisation raises interesting issues for IT and cyber security experts because it eliminates borders. The notion of a corporate network perimeter, a ring-fence that secures everything inside from all the nasties outside, in one or a few specified geographic locations, is history.
This is fundamentally different, a departure from the hyper-connectivity of the past with the introduction of broadband and wireless where many systems could be connected to push and pull large tracts of different kinds of data but could essentially be ring-fenced and largely controlled.
Digitalisation has mobile devices automatically connecting to and dropping off networks wherever they roam.
Just keeping track of what connects, for how long, from where and what it does on the network, can keep a team of people busy for months.
The obvious example is the smartphone. We take them with us and they run a variety of business-related and personal apps used for different purposes. Once connected to a network we seldom have to reconnect; they simply pick up the connection whenever they roam within its reach. Or we connect via a hotel WiFi network in another country while travelling for work, hop several points-of-presence, backbones, and finally arrive at the corporate network or even several corporate networks, when the app accesses a company system.
Many other devices do likewise. Telematics systems on commercial vehicles, digital pens, tablets, cameras mobilised by people and vehicles, wearables, cars, point-of-sale terminals, cargo and other scanners; there are tons of different kinds and the variety just keeps on growing. And they're connecting across any number of networks.
Because you can't always predict where, geographically, those devices may pop onto or drop off the network, their permission to connect to the enterprise network must often extend to distant locations where they connect back to a server through many physical network topologies.
Network administrators therefore tend to give these types of devices free rein. They're known as trusted devices. Once connected, once verified as a trusted device, it can transmit and receive data anywhere across the many physical corporate network topologies.
Securing that device and all the others like it and similar to it is absolutely critical. Breach that one device and hackers can get access to the entire corporate network. But it can be horrendously difficult to secure that kind of environment with so many devices continually connecting and dropping off the network at various locations, transmitting, accessing, retrieving, creating and deleting data as they do.
Just keeping track of what connects, for how long, from where and what it does on the network, can keep a team of people busy for months. Which is why all of that metadata gets dropped into log files that seldom, if ever, get opened by an actual person. There are just too many containing too much data. That's why most network administrators have no idea what's really going on with those devices.
But integrated systems connected to artificial intelligence (AI), machine learning and neural network platforms can trawl that data, quickly make sense of it, and use it to build a picture of what the network should "look like". You can think of it as the digital signature of the network.
The AI can figure out that, generally, devices connect at a location at roughly a given time of day, transmit a bunch of data of X type, get acknowledgement, drop off the network, that individual users' cellphones typically log in at various locations, specific times, run certain apps, and much more of that type of data.
They can do it so much more efficiently than people that they could, quite conceivably, check every single log on, log off, data transmission, creation and deletion that occurs across the network.
That's useful if hackers ever successfully penetrate the network defences with some malicious code. If that code comes as an e-mail attachment that a human user inadvertently triggers, such as the way most malware is delivered, it can spread throughout a network (because of the way the permissions are set for trusted devices as I mentioned earlier) so quickly that it can infect every computer and server, and lock down the entire business before people even know it's happening.
In fact, someone or a group of people used the NonPetya ransomware to do just that to Maersk, the shipping company, reportedly forcing it to reinstall 4 000 servers and 45 000 PCs.
The problem is that the malicious code spreads at the speed of computing. To the human eye it's all but instantaneous. How were the cyber security people at Maersk supposed to stop it?
A fairly restricted, not particularly clever security AI could, though. It could see that strange data is being duplicated, transmitted and software executed too quickly for it to be a human installer. But an AI can lock down the spread at the same speed or faster and demand that a human release it only once verified that it's legitimate software. Or it contains the problem before it spreads throughout the global enterprise network just because one user got duped by clever social engineering.
It's a simple solution; you may say it's almost obvious, and it's made even more elegant by the complexity it conceals behind the scenes. It's smart and efficient use of resources while also using the fundamental network topology and architecture of systems and devices against the hackers who would normally use your own infrastructure against you.
Using AI, advanced machine learning, or the power of neural networks in this way to turn the tables against hackers has never been smarter.