Artificial Intelligence, Machine Learning and Deep Learning are terms that constantly get thrown around in cybersecurity to the point where they’ve got a bad reputation due to false promises.
However, as we move into a future with advanced adversaries that are also utilizing AI technology, the only option we have is to understand what distinguishes the good from the bad, and which type of AI or ML is truly helpful to the advancement of cybersecurity protections.
According to DARPA, the first two “waves” of AI that have been applied to cybersecurity don’t actually do much more than attempt to patch problems as they arise, and learn from these past attacks to try to prevent them in the future.
This may seem effective, and many enterprises continue to use them, but the problem is, by the time the First and Second Wave AI algorithms detect that an intruder is on the network and label it as such, it is already too late and likely that the hacker has accomplished whatever he has come there to do.
Third wave or Unsupervised AI is completely different from what’s presently being touted as AI on the market, as it does not depend on rules or labels to catch threats, and it is capable of stopping attacks that it has already seen before due to its ability to predict what should and shouldn’t appear on the network at any time.
This ”predictive” AI works by formulating a baseline of regular network activity after studying the network for just seven days. That way, it knows if its baseline has been disturbed, and the AI will spot it. This makes it very difficult to trick.
For an attack to be effective, the hacker would have to behave exactly as the network behaves, which gets the bad actor nowhere.
Third Wave AI Cybersecurity protects against some of these more advanced methods of attacks, like GANs, Ransomware, and Man in the Middle Attacks.
These types will not allow for a First or Second Wave AI approach because by the time you are responding to something like this, it is already too late.
The reactive AI approach, would be to patch it … to try to figure out if some traffic has been redirected, after the intruder already got in, redirected it, and did whatever damage the bad actor wanted to do.
Having a proactive, singular AI algorithm applied to all data on the network is a predictive approach that alerts analysts before an attack occurs.
If they’ve reached the endpoint, it’s already over. A security system’s job should be to ensure they never get that far. Although third-wave AI is not endpoint focused, it is capable of finding an intruder long before it could ever possibly reach the endpoint, which makes it so brilliant at preventing ransomware hacks.
Third-Wave AI is predictive in nature because it knows what the network should look like at all times. As soon as the network is disturbed, the AI reports it as an anomaly and the security team is alerted, all this occurring long before the endpoint is breached.
Once the attacker reaches the endpoint the encryption can happen in seconds.
When it’s a new attack that no one has ever seen before, there is no way reactive security solutions can protect against it. The only way to stop an attack no one has seen previously is to catch it on the network before it reaches the endpoint, and the only way to do that is to employ a predictive third-wave AI system which is capable of flagging anomalies (even never before seen ones) as they arrive.
Attackers have a variety of ways of entering the endpoint, so writing rules to try and prevent this is useless as there are infinite ways to try and attack, and that is exactly what hackers try to exploit with GANs.
GANs (Generative Adversarial Networks)
The way most GANs work is by creating one type of attack after another in rapid succession. It will basically test the network to try and infiltrate and learn what it doesn’t like in order to create something close enough to enter and allow the hackers to wreak havoc.
First and second-wave AI security often cannot handle the sheer amount of different attacks and can falter, causing irreparable damages to a company’s data security.
A generative third-wave AI system is built to deflect exactly this. It will catch each anomaly as it comes and no matter what form it shapeshifts into. It will still be considered an anomaly and flagged by a third-wave AI system for disrupting the enterprise’s network.
There is no way for these primitive based methods to effectively protect against an attack when they don’t know what it is supposed to look like, which makes them useless when it comes to GANs.
Man in the Middle Attacks
A Man in the Middle Attack is when an attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.
First and second-wave AI have a difficult time catching this type of attack because the victim will continue to see network traffic behaving normally, while the hacker is in actuality redirecting traffic from the victim’s IP to the machine that they have infiltrated.
The approach used by first and second-wave AI security vendors is to try and figure out if some traffic has been redirected, but only after the intruder already got in, redirected it and did whatever damage they wanted to do.
Having a generative third-wave AI system would alert you the second someone attempted to redirect traffic on the network, because that action would immediately be flagged as anomalous network behavior.
Hackers are only getting better at what they do, which means enterprise security teams and vendors have to adapt even faster and adopt the most advanced technology available if we hope to stay a step ahead of our adversaries.
The advent of generative third-wave AI, with its predictive and self-adapting capabilities makes it possible to stop hackers before they are able to cause serious damage to an organization’s network data.
Hackers are constantly finding ways to outsmart the current cybersecurity systems that are in most businesses, big and small. So far, Third Wave AI has the most promising “fool proof” features on the market and the praise it has received from DARPA alone hints at the validity of its capabilities. It’s difficult to imagine a future without cyberattacks, particularly after such a bad period of them during COVID-19, but it is possible to at least greatly reduce the amount of harm done by hackers, if not eliminate it at all when applying Third Wave or Predictive AI.