Protecting your digital assets is a clear need of any enterprise and individual, whether you want to protect your personal photos, the company’s intellectual property rights, the customer’s sensitive data, or anything else that may affect your reputation or business.
Even though it costs billions of dollars to protect network security, the number of reports of network attacks only increases. AI’s predictive ability can be applied in many fields, including security providers, all users and enterprises. Yakir Golan summarizes six key areas of network defense innovation for readers.
1、 Detect and prevent Internet of things (IOT) devices from being attacked by hackers
Cisco predicts that the number of global networking devices will rise from 15 billion at present to 50 billion by 2020. Due to limited hardware and software resources, many devices do not have basic security measures. Recently, hackers intruded into the Internet of things (IOT) devices of the well-known security blog kerbsonsecurity, making kerbsonsecurity suffer large-scale distributed denial of service attacks. What’s more, after the source code of Mirai malware used to launch network attacks on the Internet of things is made public, it can be used to carry out network attacks on any enterprise or individual.
Internet of things security is one of the outstanding areas of AI technology. The Internet of things provides a prediction model for AI, which can reside and operate autonomously on low computing power devices, and can detect and prevent suspicious behaviors within the range of devices or networks.
Representing startups: cyberx, PFP, cybersecurity, Dojo labs.
2、 Prevent malware and file attacks
File based attack is still one of the main network attacks. The file types of common network attacks are executable (. Exe), Acrobat Reader (. PDF) and Microsoft office files. Small changes in a single line of code can generate new malicious files. The new file has the same malicious intent, but has different signatures. Small changes in a single line of code trigger antivirus programs, and start more advanced endpoint detection and EDR or even network systems to solve malicious network attacks.
Some start-ups use AI to solve this problem. Companies take advantage of AI’s huge capabilities to look at millions of features in every suspicious file and even detect minor code changes.
Representing start-ups: cylance, deepinstinct and invincea are members of the file based AI security system.
3、 Improve the operation efficiency of safety operation center
The security team is faced with a key problem. Too many security alerts every day will bring alarm fatigue. According to statistics, North American enterprises handle nearly 10000 security alerts on average every day. In many cases, even though the malware is marked as suspicious, it can also be a missed fish.
Artificial intelligence can integrate the internal logs of multiple information sources and the information of surveillance system with external threat intelligence service, and automatically classify the highly related events. This network defense is a hot spot in recent years, because it solves the network security problems of large enterprises with their own security operation center (SOC).
On behalf of startups: phantom, Jask, status today and cyber lytic are the startups that use this AI technology to solve this threat.
4、 Quantify risk
It is challenging to quantify the network risks faced by enterprises. This is mainly due to the lack of historical data and the need to consider a large number of variables. Nowadays, the enterprises that intend to quantify their own risks and the third parties that want to evaluate them, such as Internet insurance companies, have to go through the cumbersome process of Internet risk assessment. Risk assessment mainly uses questionnaires to investigate whether the measures taken by enterprises conform to the network security standards, as well as the corporate governance and risk awareness. But in fact, this method is not enough to truly represent the network risk status of enterprises.
AI technology can process millions of data points and generate the ability of prediction, which can obtain accurate network risk estimation for enterprises and network insurance companies.
Representing startups: startups such as bit sight and security scorecard are conducting the study.
5、 Detect abnormal network traffic
It is a great challenge to detect abnormal traffic that may indicate malicious activities, because every enterprise has a special traffic behavior. Through cross protocol correlation, rather than relying on intrusive deep packet detection, it is necessary to analyze the correlation between endless metadata in internal and external network traffic.
Representing startups: Vectra networks, dark trace and Blu vector.
6、 Detection of malicious mobile should
At present, there are more than 2.5 billion smart phones in the world, and Ericsson predicts that it will reach 6 billion by 2020. By looking at 100 popular IOS and Android apps, Arxan’s research shows that 56% of IOS apps and 100% of Android apps have suffered from network attacks.
In fact, Google play and Apple App store, two app stores, have already crossed the 2 million mark. These mobile applications need to be automatically classified. This classification method must be sensitive to slight obfuscation technology, and be able to distinguish malicious and benign applications, which can be effectively classified by using advanced AI technology.
Representing startups: deep insight, lookout mobile security and checkpoint.
Editor in charge: Tzh