Symantec: artificial intelligence empowers humans

Vendor increasingly sees AI as part of the enterprise security architecture

Tags: Cyber crimeSymantec Corporation
  • E-Mail
Symantec: artificial intelligence empowers humans The next front in AI technology in cyber security is to figure out human behaviour,or user entity behaviour analytics, says Pasha.
By  David Ndichu Published  June 30, 2018

Artificial intelligence (AI) and machine learning can contribute significantly to cyber security through human augmentation.

A powerful AI-backed computer can process large amounts of big data in a very short time to help the human make faster decisions. For example, an AI-backed SOC can easily process millions of logs being received from various sources that would simply overwhelm a team of analysts, notes Haider Pasha, chief technology officer, emerging markets at Symantec.

On the flip side, AI and machine learning can also be used for nefarious aims. Simply put, machine learning can be corrupted or used to attack innocent parties. “One can actually send a machine false data and if that happens over a period of time and in large enough volume, it could potentially change the confidence score of what that system deems to be good or bad,” says Pasha.

Additionally, a lot of attack groups are starting to employ some form of machine learning and AI technologies to carry out decryption, DDoS attacks, or in using vulnerable IoT devices to generate attacks, Pasha observes.

Symantec is increasingly employing AI and machine learning in its solutions. In the latest version of data loss prevention (DLP) solution, AI allows the system to independently take decisions on what is sensitive data and what is not, based on how users are creating that data. Symantec has also deployed AI and machine learning as part of the Symantec Endpoint Protection solution to protect against zero day attacks as one of its 14 different engines in that solution.

Pasha says Symantec is also using machine learning in its SOCs and managed security, enabling the system to ingest logs of data in their billions within seconds and generate results almost in real time, a task that would require a Level 1 human SoC analyst, spending far greater amounts of time.

The next front in AI technology in cyber security is to figure out human behaviour – or what is referred to as user entity behaviour analytics (UEBA). “As a security process, UEBA takes note of the normal conduct of an IT user in the organisation, enabling a machine learning system to work out what is typical behaviour for that individual. If the employee appears to deviate from this standard practice, the system will catch that and flag that to an administrator,” explains Pasha.

A significant development to IT security is SSL. Encryption was just a buzzword just ten years ago – now most of the traffic seen on major websites is encrypted and Symantec believes 90% of all the internet traffic in the next 12-18 months will be encrypted, says Pasha.

Symantec’s latest solutions seize on some of the biggest trends in the cyber security industry. The first one is Web Isolation. Enterprises typically block potentially malicious websites from employees, regardless of actual standing. The Web Isolation service will allow access to that site but executes the potentially troublesome web session in a web isolation appliance. Any content from that site does not come into contact with the endpoint. All related data in that appliance gets erased immediately when the user logs off that website. “This technology will support organisations that want to give privileged users the wider web access they require while ensuring their devices are protected,” explains Pasha.

Symantec has a similar isolation service for email to protect against phishing attacks. If users click on a malicious email link, it is executed in the isolation appliance preventing malware from reaching endpoints, explains Pasha.

Symantec has also added deception technology in its latest endpoint solution. This technology allows IT security to dupe attackers by leaving fake assets for them to target. Any engagement with these assets triggers an alarm, which allows system administrators to block the intruder’s progress.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code