Security Central: Artificial Intelligence (AI) Could be Cybersecurity Key, Microsoft Takes On Shadow Brokers ThinkStock

Security Central: Artificial Intelligence (AI) Could be Cybersecurity Key, Microsoft Takes On Shadow Brokers

This week’s Security Central takes a look at cybersecurity firm Darktrace’s advanced AI methods, peeks inside Microsoft's swift response to hacker group Shadow Brokers, and examines President Trump’s new focus on information-technology outsourcing companies.

When you imagine the future - 20-30 years from now - what do you see? Flying cars? Hover boards? Robots taking over the world (thanks, Matrix...)? If you've seen a science fiction film set decades in the future, chances are you've seen the rise of artificial intelligence (AI) in some form - whether they start out as helpful, household machines that eventually turn against you, or extremely human-like companions that... yep... eventually turn against you.

Sci-fi aside, AI is already a very real part of the technology/security world. Considering the increasingly alarming threat landscape where firewalls and antivirus programs just won't cut it, companies are looking into more technologically advanced solutions to protect their sensitive information. 

According to an article by CNBC, British cybersecurity firm Darktrace is one such company. The firm “uses AI to spot patterns and prevent cybercrimes before they occur," according to Gartner. Essentially, they use advanced algorithms that can adapt and learn, as well as "probabilistic mathematics" to learn the normal 'pattern of life' for every user and device in a network in order to detect abnormalities.

Further, and get ready for the cool factor, the technology is modeled after a human immune system. Just as your white blood cells protect your body against disease and foreign invaders, Darktrace's algorithms​ can identify and respond to foreign threats — all without compromising the body's - er - system's key functions.

"The philosophy of our entire portfolio, or our approach, is largely based on this DNA: human immune system," Sanjay Aurora, managing director for Asia Pacific at Darktrace, told CNBC. "How have human beings, for millions of years, thrived and survived? (It) is because of our immune system. Almost every day, we're hit by unknown unknowns, which is the way organizations are also hit ... in terms of viruses and malware."

Not only is cybercrime getting more and more advanced, it's getting harder and harder to detect. In the past, attacks were "noisy," according to Eric Hoh, president for Asia Pacific Japan at FireEye. "Your computer would stop working and you'd know about it." Nowadays, cyber-attackers are far more stealthy. They spend weeks, months and even years poking and prodding around inside a network, searching for crucial information. Not only that, and perhaps even more worrisome, is that attackers aren't just after the data... they are altering it. 

Enter Darktrace's artificial intelligence system. Its technology offering, dubbed Antigena, automatically responds and takes proportionate actions to zap threats that crop up. Sort of like a magical, digital antibody that can slow down or halt compromised connections or devices within a network, all without disrupting normal operations.

"Human beings are still going to be fundamental, but right now, the kind of attacks — you find it very difficult to figure out and they're so quick that if you look at traditional means, by the time human beings get to respond, it's too late," Aurora states. Etay Maor, an executive security advisor at IBM Security, says that ultimately, the solution will be a combination of people, processes and technologies to effectively and truly tackle the complex cybersecurity landscape. "It's a multi-layered approach," he says.

In a rare twist, our second story takes a look at a company who was a step ahead this week. And the award goes to... Microsoft. The hacker group Shadow Brokers on Friday released 300 MB of alleged exploits and surveillance tools targeting Windows PCs and servers, according to TechRepublic. In response, the security team at Microsoft, coolly and completely unruffled, announced that they had already taken care of it.

"Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers," Microsoft Principal Security Group Manager Phillip Misner wrote in a Friday post (as reported by TechNewsWorld). "Our engineers have investigated the disclosed exploits, and most of the exploits are already patched," he added. 

Boom. Patched. Three of the dozen zero day vulnerabilities aired by the hackers, which they said to be part of a large cache of data leaked from the U.S. National Security Agency, didn't work on the Windows 7 operating system and above. "Customers still running prior versions of these products are encouraged to upgrade to a supported offering," Misner stated.

With this most recent round of patches, no supported versions of Windows were vulnerable to the Shadow Brokers exploits, explained Bobby Kuzma, a system engineer at Core Security. "In other words, for the love of God get XP, Vista and 2003 Server off of your networks." You heard the man, providers. 

Microsoft releasing the patches and disclosing the vulnerabilities is definitely a good thing and a huge step in the right direction, but Leo Taddeo, chief security officer at Cryptzone and a former FBI special agent, urges that enterprises to take the process to the next step.

"According to the 2016 Verizon Data Breach Investigations Report, most successful attacks exploit known vulnerabilities that have never been patched, despite patches being available for months or even years," he told TechNewsWorld. "So, while it's important that Microsoft publicly disclosed the vulnerabilities and issued a patch," Taddeo continued, "the challenge for enterprises is to update their infrastructure with the latest supported version of the affected products." This challenge, of course, falls to IT pros and service providers. 

Our last story of the week focuses ever so briefly on President Trump's latest technological endeavor. On Tuesday, the President will be turning his attention to information-technology outsourcing companies when he orders a review of H-1B visa programs to put more skilled and highly paid applicants on top.

The order requests that agencies propose ideas to direct visas to the most skilled and highly paid applicants. It does not, however, outline any specifics as to how that might be achieved. An administration official called out several organizations, such as Tata Consultancy Services, Cognizant Technology Solutions Corp. and Mphasis Corp., as examples of companies that will be impacted and will likely see fewer visas approved as the administration’s changes are adopted. 

In terms of the impact on the technology and security world, this will be interesting to monitor as it unfolds. The Trump administration began rolling out policy shifts earlier this month to start being more strict with the H-1B visa system. They included a promise to actively pursue cases of fraud and abuses, and included a special mention to employers applying for the visas not to discriminate against U.S. workers.

The views expressed in this column do not necessarily reflect the views of Penton Media or The VAR Guy editorial staff.


Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.