AI may turn the tide against cybercriminals

Dave West and Jeetu Patel

Dave West and Jeetu Patel— Doris Dumlao-Abadilla

MELBOURNE, AUSTRALIA— In the never-ending cat-and-mouse game between cyberattackers and defenders, the bad guys had the upper hand for the longest time. After all, hackers just had to get it right once while the cybersecurity teams must get it right all the time.

But for the first time in three decades, the scale is starting to tip in favor of the defenders, says Jeetu Patel, executive vice president and general manager for security and collaboration at technology conglomerate Cisco.

Speaking at the Cisco Live conference here, Patel tells how artificial intelligence (AI) can predict cyberattacks and enable defenders to make near real-time responses, highlighting the key role of AI in finally reversing the tide in favor of the good guys.

“It’s not that bad actors won’t have access to AI. But AI is only as good as the data that you have and the correlation of data telemetry that can actually give you better insights than what you would have had otherwise. And I just think that corporations are going to have a data advantage if they do it right,” Patel says in a press briefing.

As AI gets more prominent, he says companies will pour more investments into data layers. To date, most of the alert signals get ignored—not because people are careless but because it’s impossible to check out all the signals and notifications. There’s just too much “noise” around. But by doing cross-domain telemetry correlation, low-level alerts that appear in multiple places could trigger high-level alert as patterns emerge, he says.

“It’s going to be a very exciting place where you can start to predict threats before they actually occur, rather than just respond reactively.”

Dave West, Cisco senior vice president and president for Asia Pacific, Japan and Greater China, says the attackers will boost their own war chest for sure, mostly probing tools. But he notes that the defenders of data, network and applications will have better and better models to “predict those probing attacks and the ways that attackers are coming in the door.”

“Instead of being on the backfoot all the time, I think customers can begin to lean in and really proactively watch everything that’s going on and take action. It’s going to create a much more difficult environment for attackers,” he says.

But make no mistake, Patel says as attacks will get more and more sophisticated and it will be harder to distinguish legitimate activity from malicious attacks. In the past, it was easy to identify as hoax a “prince” from an exotic country emailing with glaring typo errors asking you to click on a link to “receive” $10 million.

“It’s much harder when they say, ‘Hey, Dave, good to see you at the basketball game last night. Here are some pictures of our family,” he says. “They will be very bespoke.”

“We have to make sure that we are prepared for that. But If we if we do our job right as an industry, we will actually be able to do a much better job of correlating data sets across different domains and being able to drive insights from them that otherwise in the past didn’t exist as much,” he says.

Ransomware and extortion attacks make up 20 percent of Cisco Talos Incident Response engagements this year, according to the new Cisco Talos 2023 report. The study also observed an increase in sophisticated attacks on networking devices this past year, particularly by “state-sponsored” actors.

AI Assistant

At this tech conference that drew 5,500 participants, the Cisco AI Assistant for Security was unveiled, touted as a major step in making AI pervasive in Security Cloud, Cisco’s unified, AI-driven, cross-domain security platform. It is thus seen as Cisco’s latest contribution to global cybersecurity efforts.

AI Assistant is designed to help customers make informed decisions, augment their tool capabilities and automate complex tasks.“To be an AI-first company, you must be a data-first company. With our extensive native telemetry, Cisco is uniquely positioned to deliver cybersecurity solutions that allow businesses to confidently operate at machine scale, augmenting what humans can do alone,” Patel says.

The new AI Assistant has been trained on one of the largest security-focused data sets in the world, analyzing more than 550 billion security events each day across web, email, endpoints, networks and applications.

Cisco also introduced its AI Assistant for Firewall Policy, which tackles the challenge of setting and maintaining complex policies and firewall rules. With this, administrators can use natural language, similar to ChatGPT, to discover policies and get rule recommendations, thus eliminating duplicate rules, misconfigured policies and complex workflows, while improving troubleshooting and configuration tasks.

Meanwhile, Cisco Encrypted Visibility Engine leverages billions of samples, including sandboxed malware samples, to detect if the encrypted traffic is transporting malware. It can tell which operating system the traffic is coming from and what client application is generating without the need for decryption.

 ASK ANYTHING Firewall AI Assistant helps tech administrators via natural language, like ChatGPT —DORIS DUMLAO-ABADILLA

“Three-horse race”

There are thousands of cybersecurity vendors in the global market today, but Patel says common data platforms can enhance collaboration even as key players compete for market share.

“The real enemy is not the competitor,” he stresses, adding that integration even with fierce competitors will allow better coordination of defenses to isolate cyber attacks.

“But I do think that security is going to become a three-horse race. And you will not go out on that on a single platform. In most cases, you will have a couple of platforms…I think the three horses are going to be, in no particular order, Cisco, Microsoft and Palo Alto Networks.”

Asked about how Cisco safeguards data while using AI to sift through them, Patel says Cisco never lays claim on customers’ data as its own.

“We don’t train the models based on [those] data,” he says, adding that synthetic data are instead used.

“Every once in a while, we do need to use customer data. We will actually ask them for terms of service and they have to agree to that before we would use any of that, so there’s no kind of data that get utilized without the customer’s knowledge for training,” he explains.

Apart from leading security collaboration, Patel leads Cisco’s “Responsible AI” initiative.

“Fairness, transparency, ethical use — those are things that we actually have every engineer within the company, across all of us, think about very carefully,” he says.

Read more...