Most cybercriminals use older, tried-and-true attack methods like basic phishing, malware, or ransomware. However, cybercriminals often develop new methods, add twists on old favorites to evade detection, or build exploits for vulnerabilities before a patch is ready.
These can cause nightmares for IT professionals already stretched thin. Many rarely have time to breathe in a given day, let alone keep up with new threats in the press or sift through threat intelligence data. Defending in an evolving threat landscape can take time and specialization.
Even if you keep up with patches and other updates (and you absolutely should), it’s still reactive to the threat landscape. But artificial intelligence (AI) may have given IT and security professionals alike a true advantage against cybercriminals. Today, I’ll talk about the practical benefits of AI in security—as well as some potential pitfalls.
What is artificial intelligence?
You likely have a decent sense of what AI entails. However, let’s talk about the basics just to make sure our terms are covered.
AI refers to machines mimicking intelligent human thought. AI makes decisions based on different variables in an environment and based on its previous knowledge. Machine learning is how an AI system gains its knowledge used to make decisions. This process of learning sets AI apart from more basic computer code—code follows a procedure and logic to make decisions, but it always produces an expected outcome. Machine learning allows the machine to grow and “think” on its own without having to follow preset logic rules.
So how does this apply to security?
Let’s look at antivirus (AV) versus AI-driven endpoint protection. AV solutions often work based on signatures. You have to keep up with signature definitions to stay protected against the latest threats. This can be a problem because virus definitions can be out-of-date, leaving a gap in coverage against the latest threats. Beyond that, it requires the AV vendor to know about the malware before it can catch it. If a new ransomware strain affects a computer, signature-protection won’t catch it. Plus, cybercriminals often use evasion techniques to fly past these solutions, such as changing signatures (polymorphic malware) or attacking via fileless methods.
AI-driven endpoint protection takes a different tack. It establishes a baseline of behavior for the endpoint using the machine learning training process. Over time, if something out of the ordinary occurs, the system flags it and takes action—whether it’s sending a notification to a technician or even reverting to a safe state after a ransomware attack. For example, if a user account on an endpoint starts mass deleting files or creating new admin accounts on the machine (and this behavior is atypical), the endpoint protection solution can flag this to a technician as a potential attack. This provides proactive protection against threats, rather than waiting for signature updates.
AI can be used in other scenarios beyond just endpoint protection. For example, AI can be used to predict risks for an organization. However, for many small organizations served by MSPs, risk modelling may be overkill—you can typically predict the biggest risks to an organization without the need of AI (or a data scientist on staff). However, if you have the data from an AI solution, definitely make use of it in adapting your security strategy to the customer’s current situation.
Is AI just another buzzword?
Ultimately, AI presents a lot of promise. I can imagine a world where AV becomes a relic of the past, replaced by endpoint protection solutions. This isn’t just due to AI—endpoint protection solutions take a wider look at the endpoint and can protect against threats that AV simply can’t. Not all threats are malware-based—the increase of fileless and living-off-the-land attacks show the limitations of malware-only protection. Beyond that, AI can reduce the amount of time (or at least the urgency) of keeping up with the latest security news or threat intelligence.
But, like anything else, don’t put all your eggs into AI’s basket. Everything can be hacked and broken. Everything has flaws, including AI and machine learning. For example, if cybercriminals were able to implant false information into a machine learning environment, they could trick the machine into finding false threats or missing positive threats. This isn’t meant to knock AI security solutions—to the contrary, tricking machine learning algorithms like this is very challenging. Instead, I mention it to say there’s no silver bullet in security. You still need multiple layers in your arsenal—from password protection to email security to backup. That said, don’t dismiss AI as a buzzword either. It can be an essential and effective tool to give you a leg up on the cybercriminals.
Smarter security with AI
Artificial intelligence should quickly become an essential tool in your security arsenal. As cybercriminals continue evolving, you can hopefully sleep a little better at night knowing that your security tools evolve with them. When added into the mix as part of a wider security strategy, AI tools can be an effective, practical defense against modern cyberthreats.
SolarWinds® Endpoint Detection and Response (EDR) is an endpoint protection solution designed to help detect threats to customer endpoints via AI and machine learning. And it’s available within both SolarWinds RMM and SolarWinds N-central®, allowing you to offer other important security layers like backup, patch management, email protection, and web protection. Learn more today.