The Benefits of AI in the Modern Cybersecurity Landscape
The threat map of the modern cybersecurity landscape is rapidly changing, especially now with the rise of AI on both sides of the fence. Nils Undén, CTO at Clavister shares his thoughts on the subject as well as some tips on how to think and act.
Artificial intelligence is getting a lot of hype now, mostly due to generative AI solutions like ChatGPT, Bard, Midjourney and so on. There have already been targeted attacks using generative AI where voice calls have been faked to get access. But for us, AI’s big strength is for analyzing large amounts of data. This can be use by both attackers and defenders and I will talk about the defensive aspects.
Anomaly-based intrusion detection using AI
Clavister has a technology called PASAD, which is an anomaly-based intrusion detection system that uses machine learning to monitor any type of machine-to-machine (M2M) communication. PASAD is an excellent example of how AI can be used to add another layer to the cybersecurity framework. Its lightweight design and specialised algorithms makes it suitable for deployment in a variety of scenarios. We have used it to detect anomalies over IP, CAN bus, satellite, and fiber optic communications. We are integrating it in both our standard firewall products as well as making it available for highly specialised use cases for defense, space, and critical infrastructure where securing M2M communication is most crucial.
To be deployed, PASAD must first be trained on the system or group of systems that it is going to monitor. A key feature of PASAD is that it is only trained on data representing normal behaviour – this allows it to detect any abnormal behaviour, even behaviour never seen before, such as zero-days attacks. Depending on the size and scope of the system, training can take as little as a few hours to make it ready for deployment. When put into action, PASAD will constantly monitor all communications going through the system and actively detect anomalies. An anomaly could be indication of an intrusion that has to be walled off and taken care of. But the detected anomaly could also be a warning of a component failing. This way PASAD could in theory be used for preventive maintenance of, for example, vehicles. PASAD can also provide pre-determined action/response based on customer requirements. Because of its lightweight design and portability, PASAD can be deoployed at the tactical edge and operate in near real-time.
PASAD is really a Swiss army knife for cybersecurity monitoring. As I already mentioned, Clavister has already researched around how to use the AI-technology to detect incidents in both satellite and fiber optic communications using the same principles as what I described above. These studies have been made together with others like Swedish Defence Material Administration (FMV).
But what does the future have in store for cybersecurity and AI? We believe that the use of AI will explode over the next coming years, both for security and for attacks. How to tackle that is hard to predict today but being cautious and using a zero trust (trust no one) approach will help enhance today’s cyber security.
The concept of zero trust is a first step for anyone to adopt. Any user or device connecting to your assets is a potential threat, with or without AI, both from outside and inside the network. It all boils down to that you can never trust any device or any user until you have verified their identity and permissions, even inside the network. Basically deny, never trust, and always verify. It is first after those steps have been taken that you can give access to the resources. Here a good identity management solution paired with authentication based on MFA (multi-factor authentication) is a key part of your defense. And of course, using common sense and get duped through social engineering.
If you want to read more about what Clavister has to offer related to what I have talked about above, please visit the following:
Nils Undén, Chief Technology Officer