Protecting digital infrastructure using robot hunters and deception technologies
The convergence between operational and digital technologies is well underway, being driven by the use cases around Internet of Things. Digitally enabling both new and old machines, devices, sensors, and other objects with connectivity, provides benefits not realised before.
Real-life and real-time data is much more accessible on the edge of the network and can be rapidly processed to give business insights and business benefit. This results in increased productivity, reduced operational costs, higher levels of safety, and overall better decision making, amongst others.
While the gains are widespread and adoption is increasing in an exponential fashion, there is a downside to this rapidly snowballing trend. The fact is many sensor manufacturers are just not doing enough to secure their products by not including encryption in the product development stage. Since sensors are light weight objects with a low footprint, adding on additional security at a later stage may not be feasible.
This inherent deficiency of large-scale object-based networks in the future, is going to drive the creation of deception technologies, to confuse intrusive malware through the presence of real and fake user identities. Transformative scale-out converged networks, including supervisory control and data acquisition control system architectures or SCADA, operational technologies, and wider IoT infrastructure, will see huge security gains through the presence of deception technologies.
Deception technologies create thousands of fake, user credential in conjunction with real user-identities. Once a threat actor is inside an organisation’s network, they are unable to distinguish between real and fake user identity credentials. Since there are many more fake user identity credentials distributed, the probability of engaging with a fake user identity credential and triggering an intrusion alert is much higher.
Afterwards an incident response alert and action are then initiated. The large number of fake credentials generated through deception technologies also facilitate pattern tracking. This allows internal teams to recreate the pattern of attack and point of entry.
To further strengthen their cyber security defences, digitally transformative organisations will begin to tap the power of artificial intelligence and machine learning, to secure their networks. While these buzzwords are already in place, they have been defined by programmer-built algorithms, limiting the amount of self-learning.
Machine learning applied to cybersecurity has traditionally been driven by algorithms that give instructions on the types of malware and their associated behaviour inside internal networks. Now machine learning will be replaced by deep learning applied to cyber security.
With deep learning techniques, cyber security applications are aided by self-learning technologies. User behaviour is monitored over a period of time using deep learning technologies, and a user behaviour profile is established.
This profile is a dynamic one and deep learning technologies continue to add usage patterns, till the profile becomes intrinsic to a particular user. Deep learning applications develop highly granular patterns and analysis of end user activities.
The presence of a threat actor inside a network using an assumed credential, will have a deviant user pattern. This divergent pattern of accessing the network, monitored by behavioural analytics, will trigger a security remediation alert without delay. Examples of such proactive and rapid approach to securing convergent and transformative networks, will take behavioural analytics applied to cyber security to a new level.
With these intuitive gains around the corner, cyber security vendors will continue to integrate deep learning technologies into their products in the year ahead.
Artificial intelligence technologies will also create a new generation of proactive and defensive cyber security products called Robo-hunters. Enabled by artificial intelligence, Robo-hunters are automated threat-seekers that scan an organisation’s environment for potential threats. Since they are built on predictive behavioural analytics, they have available a baseline of normal network activity behaviour.
Robo-hunters scan an organisation’s environment for any changes that might indicate a potential threat. As they scan the environment, they learn from what they discover, and take remediation action as required.
Hence, they are built to make decisions on behalf of humans. Robo-hunters also help deliver a long-standing expectation of the cyber security department, which is to access threat intelligence and to track the enemy within.
The cyber security stage is set. The threat landscape is too fast moving, too complex, and with enormously high stakes, to rely on present day technologies alone. Artificial intelligence coupled with predictive analytics and high degree of compute, as well as a trusted security partner, will provide a welcome relief in the not so distant future.