EDITOR ’ S QUESTION

MOREY HABER , CHIEF SECURITY ADVISOR , BEYONDTRUST

What organisations need to leverage AI for is clues , to find behavioural changes , that does not follow the normal patterns of business .

Rarely in cyber security history have defences successfully protected against new and novel attacks . That is how threat actors develop them ; to bypass existing defences and lead to a successful penetration of an environment .

This is not all doom and gloom . What organisations need to leverage AI defences for is clues , just like a detective , to find behavioural changes , inappropriate actions , unexpected processes , and access that does not follow the normal patterns of the business .

These are characteristics that are uniquely suited for AI to process large volumes of log information to identify anomalous patterns that a policy or rule engine is simply incapable of doing . someone , is not operating in the best interests of the organisation , regardless of the attack vector .

When that happens , the detection , threat hunting , forensics , and response can all be automated at machine speed with AI to counter the threat . Therefore , fighting AI with AI , it is the defence for a modern malicious offense .

Every mature cyber security organisation performs some form of threat hunting on a regular basis . That is , you assume you have been compromised , even if you have not , and look for clues to support your conclusion .

Typically , this is a laborious process of log , activity , and application reviews to find a bread crumb in the ether . AI defences can provide those initial gold flakes that indicate a compromise in support of threat hunting that are buried in all the information .

In other words , AI defences used for pattern and behavioural recognition can speed up detection time of anomalies faster that any human manually performing the process .

Certain patterns , like spray attacks and session hijacking , observed by AI , provide a strong indicator that an incident is in progress . Based on these results , AI can automate the response from forced password changes and entitlement reviews , to account disablement .

This is where we fight fire with fire . Only AI can operate fast enough to manage a novel attack that has never been seen before , simply based on the observations of undesirable behaviour .

For organisations , embedding AI in their defensive cyber security strategy , be aware , upfront , that AI probably will not know anything about the latest attack vectors . It will , however , know when something , or

34 INTELLIGENTCIO MIDDLE EAST www . intelligentcio . com