This week at Black Hat, one researcher hopes to contribute to the discipline by showing off a new automated AI agent that probes the data science behind machine learning malware detection models and looks for mathematical weaknesses. "All machine learning models have blind spots. The agent essentially inspects an executable file and uses a sequence of file mutations to test the detection model. The idea of machine learning and AI hardening is generally gaining momentum with data scientists and security specialists of late.
Financial institutions are increasingly deploying Robotic Process Automation (RPA) and other early-stage AI technologies to the front lines, identifying the behavior of trustworthy users and detecting emerging threats. We are beginning to see both offense and defense using automation, machine learning and artificial intelligence (AI) to counter each other's moves. AI-supported visualization is becoming a core element of enterprise cybersecurity strategy, helping cyber defense teams harness and amplify humans' ability to zero in on patterns quickly and pick out anomalies. Financial institutions have historically held the upper hand as they benefit from enterprise-wide investment strategies in artificial intelligence (AI) and machine learning.
UEBA uses machine learning and data science to gain an understanding of how Users (humans) and Entities (machines) within an environment typically behave. Then, by looking for risky, anomalous activity that deviates from normal behaviour, UEBA helps identify cyber threats. BS: All of the biggest data breaches, judged either by number of records breached or the importance of the data stolen, have involved attackers leveraging stolen user credentials to gain access. Businesses need UEBA because their existing threat detection tools are unable to detect hackers that are leveraging stolen, but valid, user credentials.
The artificial intelligence technology is deployed by cybersecurity firms in an effort to keep pace with the evolution of cyberattacks, as machine learning algorithms are able to improve predictability the more it is used. But according to Guy Caspi, CEO of cybersecurity company Deep Instinct, machine learning is no longer enough in an age of unprecedented evolution and volume of cybercrime. Part of that is because machine learning relies on only two or three algorithms; deep learning deploys tens of algorithms, and complex math. But the ongoing evolution of corporate cybercrime means cybersecurity companies may no longer be able to afford relying solely on machine learning.
Many cybersecurity companies are starting to invest or implement AI in their cybersecurity solutions and it is giving their security teams a significant boost, according to a recently released report commissioned by McAfee. Cybercriminals are starting to use these solutions to sift through large amounts of data to "classify victims that have weaker defenses" so they can get the maximum "return on their investment," Steve Grobman, chief technology officer for McAfee, told Bloomberg BNA. Grobman told Bloomberg BNA that AI and machine-learning won't replace cybersecurity teams, rather "it will change the way that cybersecurity professionals will do their jobs." To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.
If you're not following great AI minds, you're missing a lot of important discussions. There are critical questions surrounding AI, and Yampolskiy, founder and director of Cybersecurity Lab, is delving into the dark side of it. As opposed to narrow AI (where nonsentient programs are focused on narrow tasks), Dube's research has focused on deep AI. Chetan envisions a world where man and machine work closely together to build a radically more efficient planet.
As a fellow of the U.S. Council on Competitiveness, a senior advisor to the United Nations Office for Project Services, and a member of both the World Artificial Intelligence Organization and B20, I've been researching AI (and sharing what I learn) for years. NEW YORK, NY - JUNE 16: Director of Facebook AI Research Yann LeCun attends the 2016 Wired Business Conference on June 16, 2016 in New York City. There are critical questions surrounding AI, and Yampolskiy, founder and director of Cybersecurity Lab, is delving into the dark side of it. Rather than copy human biology, he believes we should create a separate version of AI from scratch for artificially intelligent machines.
But on the other hand, the capability to collect, store, and analyze huge reams of data gives the good guys a powerful tool to thwart the bad guys. But there's another element of big data security, and it involves using advanced analytics to better detect when bad guys (or bad software) are trying to do us harm. Finding context in the data is critical to stopping cybercrimes, such as fraud, says Poornima Ramaswamy, vice president of business analytics and insights at Cognizant Digital Business, a technology consultancy. According to McAfee's Grobman, hackers are starting to use machine learning "poisoning" techniques that basically involve throwing a lot of white noise at the good guys' data receptors with the goal of confusing the model – and thereby throwing the good guys off their trail.
Millions of cars at risk as keyless entry systems can be hacked, report says Technology. Tens of millions of cars are made vulnerable to theft by their keyless entry systems, according to a report by computer security experts. They have devised two attacks: One that target cars of the Volkswagen Group (VW, Seat, Škoda, and Audi), and includes recovering the cryptographic algorithms and keys from electronic control units that allows them to clone the signal that will open the car, and Another that takes advantage of the cryptographically weak cipher in the Hitag2 rolling code scheme used by Alfa Romeo, Chevrolet, Peugeot, Lancia, Opel, Renault, Ford and other car makers. "Vehicle manufacturers expected the data/systems service providers to provide the security protection and the providers expected the manufacturers to do this" Are we really bothered though?
The result is increased cost and complexity of cybersecurity management, including increased number of false alerts and increased investment in the resources required to orchestrate the multitude of products and to train security personnel in the specific language and rules of each security solution. "Enterprises invest in so many security tools because there is not one product that can protect them from all types of attacks," says Avi Chesla, founder and CEO of cybersecurity startup Empow. The week's key event, the 7th annual cybersecurity conference held at Tel Aviv University, honored Gil Shwed, inventor of the modern firewall and founder and CEO of Check Point Software, with its first annual Award for Outstanding Achievement in Cyber. Replacing the security Tower of Babel of existing point solutions, Empow's "security language" allows the user to re-assemble the "security particles" in different ways, creating on-the-fly new defense models to deal with new attacks and new types of campaigns (Empow's customers can also download pre-configured defense models from Empow's "app store").