Moving Away From Deterministic to Probabilistic Approach
Published on : Tuesday 10-12-2019
Cyber Security is essentially moving away from traditional ‘deterministic’ to ‘probabilistic’ kind of approach, says Utpal Chakraborty.
In this new age of cyber security the level of sophistication of the threats and malicious activities has significantly increased and the threats are becoming harder to detect and the damage caused in an enterprise has gone up many folds. Whatever security measures you may build around your organisation today, the shocking reality is no system or infrastructure till today is hundred per cent secure and neither we will be able to achieve such universal security at least in the near future. Considering this reality, the modern security systems and platforms are essentially moving away from the traditional ‘deterministic’ approach of dealing with security threats to a ‘probabilistic’ kind of an approach.
What that means is, in traditional approach we used to be very certain of an attack that already happened and then only take necessary remedial actions or take a stand on how to deal with the situation. Contrary to that, in modern probabilistic approach using Artificial Intelligence and Machine Learning techniques, we take a probabilistic approach to generate alert by continuously monitoring the network, devices and user behaviour patterns even when we are not very sure of an attack or malicious activity. This approach provides an advantage over the traditional deterministic approach because of its predictive nature. The same applies to the security strategy and model that we implement in an enterprise while dealing with such cyber security threats.
The approach is very similar to how human body fights against intruders. If you consider our DNA, it is essentially embedded information that can be damaged, altered or hacked by any external entity. Our immune system deals with those kind of attacks and risks every day. Millions of viruses attack our DNA all the time but our body has an amazing security system, which keeps monitoring the entire body even to the level of the DNAs all the time to safeguard us from any such attacks or threats. It generates early alerts and activates different hierarchies of defence mechanisms available in our immune system immediately to fight against such threats. The reason that our immune system is so effective is because it knows what is internal and what is external to our body, i.e., what is part of us and what is outsider, like various viruses. And this is how it knows how to protect our body from the external attacks.
With the above philosophy in mind few of the leading cyber security companies leveraged the power of Artificial Intelligence and Machine Learning and developed their ground breaking AI cyber defence platforms which mimic the human immune system. These platforms are self-learning, capable of understanding what is normal and what could be an emerging threat in real time and can take remedial measures accordingly. They are also capable of automatically modelling every network, device, user and other asset behaviour in an enterprise and not only provide early alert of any probable threat but also provide threat visualisation dashboard using tropological network projection techniques that allow security analysts to act on the security threats and thus preventing them rather than reacting to the attack after it has actually happened. One example of such an advanced platform, which is worth mentioning here, is Darktrace, which uses ‘self-learning AI to identify and respond to in-progress cyber-threats’. This proactive cyber risk management approach in an enterprise can reduce the risk of attacks and its consequences dramatically by safeguarding its resources and users well in advance of the attacks.
I personally believe that the firewalls and ‘Signature based Models’ such as conventional antivirus and other products are not going to be completely ineffective at least in the near future as claimed by many of the cyber security experts. Rather we should build a layered approach wherein the firewalls and ‘Signature based Models’ can be one level of security but there should certainly be an additional layer of AI and ML algorithms, which is going to help identifying unusual activities, unusual data flows and patterns and suspicious build-ups in an around your network and devices. This can tell you in advance with some degree of probability and confidence that there could be some security threat in your enterprise considering many such factors and thus shrink the attack surface which is otherwise simply impossible to deal with traditional approach.
Also, AI models once trained have the capability to detect the genome of many malicious entities. So, it can easily detect the advanced versions and different variances of such malicious programs. Any malware is often communicated within encrypted traffic through internet, and sensitive data passed across the cloud. AI can very well be used in this type of scenarios to be able to learn how to automatically detect unusual patterns in encrypted web traffic and can improve network security defenses dramatically. These category of products uses machine learning to process incoming threat samples to determine if they are malicious, based on the knowledge and the patterns that it learns every day. It can determine how likely an incoming pattern is a new malware and accordingly it can trigger the analysis to create patterns and signatures of the new malware and incorporate it into the core security fabric which in turn distributes to the cloud or as an update to all the subscribers. AI powered malware scanner products are becoming increasingly popular because of their various advanced capabilities.
Utpal Chakraborty is Head of Artificial Intelligence at YES Bank. He is an eminent Data Scientist, AI researcher and Strategist, having 21 years of industry experience, including working as Principal Architect in L&T Infotech, IBM, Capgemini and other MNCs in his past assignments.
