AI is being employed by attackers, such as within Deeplocker malware, which avoided a tight cyber security mechanism by utilising AI models to attack target hosgts using face recognition, geolocation and speech recognition.
This attack speaks volumes about the huge role of AI in cyber security domains. To counter attack and defend, AI for cybersecurity has become necessary.
Large and small organizations and even startups invest heavily in building AI systems to analyze large data and in turn, help their cybersecurity professionals to identify possible threats and take precautions or immediate actions to resolve them.
Phishing, one of the simplest and most common social engineering cyber attacks is now easy to master by attackers. Many tools are available on the dark web to help anyone get phishing. In such conditions, it is very important that organizations take the necessary precautions to safeguard their information castle. What is better than AI?
Here are five tools that employ AI for cybersecurity:
TAA tool (Symantec’s Targeted Attack analytics):
This tool was developed by Symantec and is used to uncover hidden and targeted attacks. It applies AI and machine learning to the processes, knowledge and capabilities of Symantec security experts and researchers.
The TAA tool was used by Symantec to fight a Dragonfly 2.0 attack last year. This attack targeted several energy companies and tried to gain access to operational networks.
The TAA tool analyzes incidents in the network against incidents found on their Symantec threat data lake.
TAA reveals suspicious activities at each endpoint and compiles the information to determine whether each action indicates hidden evil activity. The TAA tool is now available for Symantec Advanced Threat Protection (ATP) customers.
X Sophos Intercept Tool:
The tool, the Intercept X, uses deep learning neural networks that work similar to the human brain.In 2010, the US Defense Advanced Research Project Agency (DARPA) created their first Cyber Genome Program to uncover ‘DNA’ of malware and other cyber threats, which led to the creation of algorithms on the Intercept X.
Before the file is executed, the Intercept X can extract millions of features from the file, conduct in-depth analysis, and determine whether the file is benign or dangerous in 20 milliseconds. This model is trained about real-world feedback and sharing two-way threat intelligence through access to millions of samples provided by data scientists. This results in a high level of accuracy for existing malware and zero-day malware, and a lower false positive level. Intercept X uses behaviour analysis to limit new ransomware and boot-record attacks. Intercept X has been tested on several third parties such as the NSS laboratory and received a high score. It was also proven in VirusTotal since August 2016.
Darktrace Antigena is Darktrace’s active self-defence product. Antigena extends Darktrace’s core capabilities to detect and replicate digital antibody functions that identify and neutralize threats and viruses.
Antigena utilizes Darktrace’s Enterprise Immune System to identify suspicious activities and respond in real-time, depending on the severity of the threat.
With the help of the underlying machine learning technology, Darktrace Antigena identifies and protects against unknown threats as they develop. This does this without the need for human intervention, prior knowledge of attacks, rules or signatures. With such automatic response capabilities, organizations can respond to threats quickly, without disrupting normal business activity patterns.
The Darktrace Antigena module helps manage user and machine access to the internet, messaging protocols and machine and network connectivity through various products such as Antigena Internet, Antigena Communication, and Antigena networks.
IBM QRadar Advisor:
QRadar Advisor IBM uses IBM Watson technology to fight cyber attacks. Using AI to automatically investigate indicators of all compromises or exploits. QRadar advisors use cognitive reasoning to provide critical insight and further accelerate the response cycle. With the help of IBM QRadar Advisor, security analysts can assess threat incidents and reduce their risk of losing.
IBM QRadar Advisor features
Automatic incident investigation
The QRadar advisor with Watson investigated threat incidents by mining local data using what could be observed in the incident to gather a broader local context. This then quickly assessed the threat about whether they had passed a layered or blocked defence.
Give smart reasons
QRadar identifies possible threats by applying cognitive reasoning. It connects threat entities associated with genuine incidents such as malicious files, suspicious IP addresses, and malicious entities to attract relationships between these entities.
High priority risk identification
With this tool, one can get critical insights about an incident, such as whether the malware has been executed or not, with supporting evidence to focus your time on the threat of higher risks. Then make a quick decision about the best response method for your business.
Key insights about users and important assets
QRadar IBM can detect suspicious behaviour from people through integration with the User Behavior Analysis Application (UBA) and understand how certain activities or profiles affect the system.
Read the source article at TechiExpert.