Thanks to the many information sources on threats and more specifically on advanced threats, we can now understand attackers’ Mos as well as new trends and new targets. Still, the sheer volume of information to be analysed and the lack of competent resources makes it difficult to address the threats. So, the question becomes: “How do we get the most out of this mine of information when we lack sufficient skills?” The answer seems obvious: use an intelligent and powerful machine containing all available data on cybercrime to back analysts working on security incidents.
This Artificial Intelligence system will be powered by data from specialised literature, cybercrime reports, blogs and various sources available on the market so that it can discuss with a security analyst using human language (take care, however, not to confuse the Artificial Intelligence System with a super search engine, because the goal here is not to provide a more-or-less precise answer to a question by searching the many information sources on the web).
Based on its knowledge and experience, the Artificial Intelligence System has to generate an analysis similar to that of a human, be able to make connections between various events in order to deduce if it is – or is not – dealing with a potential attack. So, the AI system would have to be taught what a security incident is. That means providing it examples of incidents, models and the MOs used in perpetrating attacks. As it learns, the AI system would be able to advise analysts on security attacks, find the cause of an attack and set up a remedial plan.
Last, to put an end to the belief that attackers are always one step ahead of the solutions we devise to counter them, we will use the AI system to beat them at their own game by imagining new forms of attacks. Recent AI experiments show that the system will be able to make associations that analysts would not have made.
The infernal race for control of artificial intelligence began defying the imagination of the creators of science fiction ...
By Agnieszka BRUYERE
Security Services Director
IBM France