AI DISRUPTORS
“ATTACKERS WILL ALWAYS DEVELOP THEIR METHODS TO FIT THE TARGET ”
DAVID WARBURTON PRINCIPAL THREAT RESEARCH EVANGELIST , F5
finite and hard choices have to be made as to which areas to defend .”
With such attackers able to rapidly evolve their methods , companies need to adapt their own defences at the same speed , as David Warburton , Principal Threat Research Evangelist , F5 , explains : “ Attackers will always develop their methods to fit the target . That said , one concept that would make a massive difference for companies targeted for state-sponsored attacks , is the idea of ‘ shifting security left .’ Shifting security left refers to the idea of introducing security controls closer to the beginning of the software development process . It is no new concept , and one many understand at a top level . But the public discussion focuses too much on tools for code scanning and automated patching . Legacy tools such as web application firewall ( WAF ) are often ignored and perhaps seen as outdated now , but in fact , they still have their uses when adapted for the function . Combatting advanced nation-state attacks requires a multi-layered approach .”
It ’ s not just about technology , but also approach . “ Ensuring organisations know who is accessing what data and that systems are patched and monitored , are just some of the key processes that are sometimes not followed ,” says Manoj Bhatt , Head of Cybersecurity and Advisory at Telstra Purple .
“ This can leave organisations vulnerable to basic security attacks . Technical security controls are a great start ; however , security awareness and cultural investment is key .”
Keeping up with the pace of such threats is an inhuman task . Luckily , AI is there to pick up the slack . One such example is “ AI ’ s automation of mundane security tasks such as vulnerability management , antivirus , identity management , and mail hygiene ,” says Warburton . “ Google did this to good effect by employing AI to block an additional 100 million spam messages per day . Another example of AI ’ s use is its ability to analyse high volumes of signals to identify and block seemingly legitimate transactions generated by bots . This is something humans could never achieve without a considerable investment in time and money .” AI ’ s capacity to trawl through vast reserves of data means it can also spot patterns outside the reach of humans . “ AI and Machine Learning can help in the fight against cyber-crime , by learning
aimagazine . com 69