The internet was never designed to be a safe place. Despite at least part of its roots being in the post-WWII military complex, its primary purpose was simply to ensure the efficient digital distribution of information. Early users included high-ranking military personnel, academics, and researchers – a well-behaved, respectful group whose mutual interest precluded any thought of the need for protective layers of security.

As it became clear that cyber security was a necessary next step, the early defense systems implemented were concentrated on fortifying the network perimeter – keeping ‘known bad’ outside the network walls. Moving forward a few decades, the development of smart devices – such as the personal computer and latterly, the smartphone – introduced endpoint security software, to be implemented on each device as the new security standard.

Unfortunately, these techniques proved to be unsuccessful, even when joined by SIEM databases and logfile tools. It fast became clear that relying on historical data about yesterday’s attack was not sufficient enough to catch tomorrow’s threat. And as the introduction of the Internet of Things caused businesses to explode with digital complexity, attempting to install security software on every connected device in the enterprise proved to be a losing battle.

Many large organizations today deploy a smorgasbord of measures, where around the clock security teams attempt to identify the needle in the haystack and mitigate the threat before it’s too late. Unfortunately, companies with multiple tools at their disposal and the wherewithal to use them are by no means the majority. And even despite their additional resources, some large businesses have lax approaches to cyber defense. Perhaps more importantly, at the end of the day even the most security-aware employee may click a rogue attachment in a sophisticated phishing email, or lose an unencrypted USB stick.

Thus in this new era of cyber defense,  it is crucial that organizations prepare for ‘when’ cyber-attacks happen, not ‘if’ they happen.

Today. the fundamental constraints on most businesses’ cyber security measures are:

• The need to gather, normalize, and effectively disseminate information (in signature-type information) about all previous attack methods.
• Little capability to quickly hand-craft security policies for different groups in the enterprise, or for the individual business, and the ability to enforce compliance with the security policies.
• An inability to predict what the attacker’s next move might be (tomorrow’s zero-day).

While the inability to predict the future might be considered an unfair criticism, it does make apparent that never-before-seen threat types emerge nearly every day. And even more commonly, new variants of existing threats – which are different enough to slip through signature-based or perimeter defenses – appear on networks constantly. A technology capable of identifying never-before-seen attacks has thus never been more crucial in the modern age of cyber warfare.

Practical use of artificial intelligence (AI) in cyber security

The answer to this fundamental challenge lies in artificial intelligence (AI). Inspired by the principles of the human immune system, global cyber defense company Darktrace has taken a different approach – secure the network from the inside out. Powered by cyber AI, Darktrace self-learns the typical pattern of life for users, devices, and containers across the entire digital estate. From this rich understanding of what’s normal and not normal for the business, it can then identify and autonomously neutralize sophisticated threats that bypass legacy defenses – all within seconds of the threat emerging.

Across cloud, email, networks, and industrial IoT, the Cyber AI Platform – which is comprised of the self-learning Enterprise Immune System and Antigena Autonomous Response technology – has been proven across thousands of customers to identify sophisticated attacks missed by other tools.

For example: recently at a financial services organization, a senior executive received an email from a known contact using language and style that were familiar to the recipient. However, unlike previous emails, this one contained a link to a domain that no one in the company had ever visited – and indeed had never been visited by the target. Darktrace’s cyber AI quickly discerned that this was suspicious behavior indicative of a threat, and revealed this ‘trusted contact’ to be a hijacked account controlled by an attacker. The AI was able to identify the threat due to its recognition that the email and its content were outside the typical pattern of life of the supposed sender. Within seconds, Darktrace alerted the security team and autonomously neutralized the malicious payload.

At another high-profile retail company, an unsecured internet-connected CCTV system was compromised by a sophisticated attacker. The perpetrators could not only use the device to gain a foothold into the corporate network, but also watch all of the camera’s video recordings – leaving the organization vulnerable to corporate espionage. The hijacked camera thus became a security risk in itself, as the system was installed to monitor the entire office space – from the CEO’s office to the boardroom. Darktrace’s AI quickly detected something was amiss when it identified massive volumes of data moving to and from the unencrypted CCTV server, as the attacker gathered data in preparation to exfiltrate sensitive information. In seconds, Darktrace Antigena took action to neutralize the threat, stopping the exfiltration of data before potentially irreparable damage could be done.

The Enterprise Immune System develops a holistic understanding of the cyber DNA of an organization, learning what’s normal for the everyday activity of the business. Using this critical business context, the AI can accurately discern the subtle differences between threatening and non-threatening activity. For instance, if the IT team’s laptops were used to portscan client nodes, that would be classified as part of that group’s normal ‘pattern of life’. However, the same activity by an IoT camera would raise alarm bells.

Once the threat is detected, Autonomous Response AI steps in and responds in a controlled way: flagging the incident, isolating a single machine, an entire subnet, or just closing down ports suspected of carrying malicious intent. Darktrace Antigena is highly targeted and surgical in its actions – meaning that it does not disrupt day-to-day business activity, working behind the scenes to proactively protect the business.

From start to finish, Cyber AI defense takes only seconds to detect and respond to ongoing cyber-threats rather than the dozens of days, or even weeks, timescales that are typically involved in simply identifying a cyber-attack. The Darktrace Cyber AI Platform works 24/7, oversees gigabytes of data per second if necessary, and buys security teams crucial time to respond. And because it doesn’t rely on pre-defined knowledge of known bad, it can even fight back against novel threats.

More than 3,000 organizations across the world rely on Darktrace’s Cyber AI Platform to spot and stop sophisticated and fast-moving cyber-attacks. The technology is vendor- and protocol-agnostic, enabling the technology to work just as well across all types of organizations, including those with bespoke industrial IoT devices.

We’ve definitely entered a new era of cyber warfare – and it’s only a matter of time before we start seeing offensive AI emerge on corporate networks. It will be a battle of algorithm vs algorithm, and cyber AI capable of neutralizing never-before-seen attacks will be our fundamental ally.

To learn how your organization can benefit from a practical implementation of AI in cyber security, start a 30 day trial today – installation only takes an hour.