44
By using an algorithm to simultaneously
study all three attacks, however, the technology
can detect data correlations that otherwise
would not be apparent to an unassisted human
being. “The algorithm may suggest that the
attacker in all three scenarios was interested
in profiting from natural resources, indicating
that a single attacker was possibly at play—
what we call a ‘ground truth,’” Ramsey says.
“By drawing this connection, we’re able to
infer that the same threat actor might go after
a similar entity engaged in natural resources.”
Machine learning can be a way to ferret out
similarities and anomalies in different types of
malicious behaviors such as these. And while,
in theory, security specialists could undergo a
similar analysis, algorithms have the capacity
to draw these inferences much sooner and
with greater accuracy.
It’s these same benefits of anomaly detection—and
speed—that have compelled
a global financial technology institution to
use AI to help protect its customers against
fraud. The financial services giant is familiar
with biometric authentication tools, such as
fingerprint and facial recognition software, yet
machine learning presents a new opportunity
to protect and provide value to customers.
“We’ve started to use an algorithm to
examine how customers interact with their
mobile devices,” explains Nick Curcuru, data
analytics and cyber security expert. “Their
interactions with the device’s keyboard, for
instance, create a unique signature of typical
behaviors, giving us the ability to paint a more
refined profile of that person for verification
purposes.”
Machine learning algorithms analyze
these customer behaviors, or what Curcuru
calls “passive biometrics,” to detect unusual
patterns. If the algorithm suggests an atypical
behavior that does not align with the customer’s
profile, the information may indicate
attempted fraud by a threat actor.
Curcuru points out that this potential fraud
detection has to happen within a matter of
nanoseconds so a “go or no-go” decision
regarding the customer’s transaction can be
made instantly. “This is all about the customer.
This is all about the experience to make things
seamless. Make things frictionless.”
ILLUMINATING THE THIEF
The security experts anticipate refined
improvements in AI’s capabilities to fight
cyber threats in the next three to five years.
“I believe we will see tremendous progress in
the sophistication of the algorithms,” Hans
predicts. “We have plans to build ever more
robust threat models, possibly on an industry
sector basis.”
Meanwhile, Secureworks plans to apply
machine learning to other cyber security aims.
“The more we know about ground truths, the
better we can apply that to other needs, such
as whether or not a threat actor has stolen
data,” he explains. “Right now, there’s typically
no factual evidence to be sure that data
has actually been stolen. AI can at least help
narrow these odds.”
And, Ramsey adds, if information security
providers can reach a consensus to work
together on giving machine learning greater
visibility, their collective clout will mount an
impressive offense against the enemy.
“We and other security firms using machine
learning models have improved the accuracy of
our threat detection,” he says. “Assuming we can
collectively share our data insights, a significant
shift in cyber risk management will be at hand.
This is a potential game-changer that will go
down as a pivotal moment in cyber security.” ■