Cyber Defenses Get an AI Boost
Greater access to big data and HPC resources are enabling enterprise use of emerging AI tools and machine learning models to help protect corporate networks and secure enterprise applications.
Cyber experts at this week’s Society of HPC Professionals annual meeting said those automation tools are improving as data analytics platforms scan billions of network signals to detect and block cyberattacks. An emerging framework called UEBA, for user and entity behavior analysis, is being used by banks to mount proactive defenses against the rising number of phishing attacks and financial fraud exploits.
Cyber defenders with access to big data and HPC resources are using UEBA along with techniques like link analysis to piece together the origin of threats. Link analysis refers to assessing threats that use, for example, the same IP address.
“It is possible to have scalable AI engines to proactively detect threats,” said Sahar Rahmani, senior director of the analytics team at the Royal Bank of Canada’s Joint Security Operation Center.
Among the emerging tools, Rahmani said, are domain generation algorithms that can be used to bypass security controls to analyze systems to detect malware. That and other AI-based detection techniques have helped improve the bank’s security operations by about 10 percent, she added.
Asked how many attacks her team has stopped using AI and machine learning tools, Rahmani said success depends on the type of exploit, ranging from financial fraud using “synthetic IDs” to establish fake accounts to launching malware. All told, the Canadian bank has so far managed to reduce attacks by about 18 percent, she added.
Rahmani and other cyber experts note that AI-based analytics have revealed how attackers' behavior is often reflected by current events, most notably the COVID-19 pandemic. For example, when the World Health Organization declared a global pandemic in March, hackers quickly pivoted from malware to phishing attacks against workers tapping into corporate networks from home.
Those phishing attacks often targeted credentials, compromising business email or a combination of both, said Maryam Rahmani, senior business development manager for Microsoft’s Cybersecurity Solutions Group.
Microsoft leveraged access to huge volumes of signal data generated by cloud users, devices and applications, then applied machine learning techniques to scan six trillion messages. The automated approach enabled its security team to block 13 billion malicious emails over the past year.
“AI is really helping from a predictive and preventive standpoint,” said Microsoft’s Rahmani. Meanwhile, the company is deploying machine learning models to automate security and scan for anomalous user behavior that might signal phishing or other attacks.
Again, the goal is to stay one step ahead of relentless hackers in the ongoing cat-and-mouse game that is cyber defense.
Indeed, one of the down sides to greater use of AI for cyber security is that sophisticated attackers are also using it to probe defenses for vulnerabilities. “Adverserial machine learning is a growing reality in the software industry, Rahmani of Microsoft said. Moreover, cyber criminals have access to many of the same computing and data storage resources used by defenders. “There’s no silver bullet,” the Microsoft executive said.
Hence, cyber security teams are employing “multidimensional analysis” techniques to stay a step ahead, including network user and device access monitoring along with tracking logon activities and data movement. All are enabled by emerging machine learning tools, noted Sahar Rahmani.
As AI and machine learning applications expand to use cases like cyber security, market analysts predict those automation technologies will help drive the demand for HPC infrastructure. The AI infrastructure segment of the HPC market is forecast to reach an estimated $8 billion over the next year, according to Addison Snell, CEO of Intersect360 Research.
Demand for HPC-based AI will be driven by machine learning and model training workloads, Snell added, but less so by inference workloads.
