In part one of this two-part article, we saw how the new advances of AI and predictive software have created a new paradigm for how computing resources are used via swarm technology. With these advances, however, comes the ability for cybercriminals to apply them to IoT-based botnets that can target multiple vulnerability points in a network. Part two explores how organizations can prepare an effective response.
The next critical response to advancements in malware and cybercriminal technologies is the development of “expert systems.” An expert system is a collection of integrated software and devices programmed to use artificial intelligence techniques to solve complex problems. Part of their effectiveness is that they enable different systems to operate together to solve complex challenges.
We have already begun to see this sort of advancement in military applications. New software built to function as an expert system now allows individual fighter jets to integrate with each other in order to more effectively carry out complex missions or respond to threats with orchestrated countermeasures. They use advanced flight and targeting technologies to make autonomous and semi-autonomous decisions about locating a target, evading an attack or out-maneuvering an opponent.
This same sort of collaborative intelligence can be applied to networks. To make this happen, unsegmented and unsecured networks will need to be actively monitored and secured, and isolated security devices will need to be replaced with those designed to operate as part of a more complex expert security system.
The biggest challenge will be the last mile of security — finding the will and the way to implement basic security hygiene, such as patch and replace, hardening systems and implementing two-factor authentication. Complex, multicloud ecosystems and hyperconverged networks that span physical and virtual environments make performing these basic security practices extremely difficult to resolve. AI and automation need to be used to fill this gap by replacing basic security functions and day-to-day tasks currently being performed by people with an integrated expert security system that is able to:
- Inventory all network devices, determine vulnerabilities, track and patch these devices, or apply security protocols or an intrusion prevention policy to protect them until a patch is available or the device can be replaced.
- Device misconfiguration is also still a huge problem. Expert systems need to configure both security and network devices, monitor those configurations and make appropriate changes as the network environments they operate in continue to shift.
- Automatically rank IoT and other devices based on levels of trust, dynamically segment devices and traffic, and identify and isolate compromised devices to stop the spread of infection and initiate remediation.
The next step is to build an integrated security framework, such as an adaptive security fabric, around highly integrated security devices designed to automatically share threat intelligence and collaborate to effectively stop even the most sophisticated attacks. Unlike the separate and isolated security devices most organizations have in place, a security fabric approach enables an organization to:
- See every device across the distributed network
- Detect unknown threats, including the attack patterns used by swarmbots
- Share and correlate threat intelligence in real time to harden systems and repel invaders
- Dynamically segment the network to prevent the lateral spread of infection across the network
- Isolate compromised devices and systems
- Respond to attacks in a coordinated fashion, such as automatically shutting down attack vectors by dynamically reconfiguring the fabric as attack patterns and methods become better defined through the real-time correlation of threat intelligence
Over the next couple of years, we will see the attack surface expand through the use of automation and tools that enable malware and compromised devices to make autonomous or semi-autonomous decisions. Organizations need to respond by insisting on more and better security controls being implemented in both network and security devices, especially around integration, collaboration and automation.
Security technologies need to be able to be woven together into expert systems built around common interfaces, quality threat intelligence and dynamic configurability. These integrated security systems also need to be able to operate at digital speeds, which means automating security responses and applying intelligence and self-learning so that networks can make effective and autonomous decisions. Because once artificial intelligence becomes and integrated component of cyberthreats, offense versus defense (time to breach versus time to protect) will be reduced to a matter of milliseconds, rather than the hours or days it does today.
Like it or not, this is a winner-takes-all arms race. Organizations that fail to prepare now may not be able to catch up once this race moves to the next level of sophistication.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.