Enterprise networks are growing ever larger with a rapidly expanding attack surface, increasing the volume of security alerts generated from security controls. Security Operations Centre (SOC) analysts triage these alerts to identify malicious activity, but they struggle with alert fatigue due to the overwhelming number of benign alerts. Organisations are turning to managed SOC providers, where the problem is amplified by context switching and limited visibility into business processes. A novel system, named AACT, is introduced that automates SOC workflows by learning from analysts' triage actions on cybersecurity alerts. It accurately predicts triage decisions in real time, allowing benign alerts to be closed automatically and critical ones prioritised. This reduces the SOC queue allowing analysts to focus on the most severe, relevant or ambiguous threats. The system has been trained and evaluated on both real SOC data and an open dataset, obtaining high performance in identifying malicious alerts from benign alerts. Additionally, the system has demonstrated high accuracy in a real SOC environment, reducing alerts shown to analysts by 61% over six months, with a low false negative rate of 1.36% over millions of alerts.

Kurt'The Cyberguy' Knutsson weighs in on the new artificial intelligence bot known as ChatGPT that could potentially allow students to cheat in school on'Fox & Friends Weekend.' AI chatbots are one of the hottest tools being discussed right now. Like OpenAI, Google, Microsoft and others, many companies are hopping on the bandwagon and making their version of chatbots. However, with an invention comes a new way for cybercriminals to attack you. Now, crooks are turning to fake AI chatbot apps to swindle you. Let's dive into what to look for and how to avoid being tricked.

Any major trend or world event, from the coronavirus pandemic to the cryptocurrency frenzy, will quickly be used as fodder in digital phishing attacks and other online scams. In recent months, it has become clear that the same would happen for large language models and generative AI. Today, researchers from the security firm Sophos are warning that the latest incarnation of this is showing up in Google Play and Apple's App Store, where scammy apps are pretending to offer access to OpenAI's chatbot service ChatGPT through free trials that eventually start charging subscription fees. There are paid versions of OpenAI's GPT and ChatGPT for regular users and developers, but anyone can try the AI chatbot for free on the company's website. The scam apps take advantage of people who have heard about this new technology--and perhaps the frenzy of people clamoring to use it--but don't have much additional context for how to try it themselves.

New Delhi, NFAPost: Sophos, a global leader in innovating and delivering cybersecurity as a service, released new research on how the cybersecurity industry can leverage GPT-3, the language model behind the now well-known ChatGPT framework, as a co-pilot to help defeat attackers. The latest report, "GPT for You and Me: Applying AI Language Processing to Cyber Defenses," details projects developed by Sophos X-Ops using GPT-3's large language models to simplify the search for malicious activity in datasets from security software, more accurately filter spam, and speed up analysis of "living off the land" binary (LOLBin) attacks. Sophos Principal Threat Researcher Sean Gallagher said Since OpenAI unveiled ChatGPT back in November, the security community has largely focused on the potential risks this new technology could bring. "Can the AI help wannabee attackers write malware or help cybercriminals write much more convincing phishing emails? Perhaps, but, at Sophos, we've long seen AI as an ally rather than an enemy for defenders, making it a cornerstone technology for Sophos, and GPT-3 is no different. The security community should be paying attention not just to the potential risks, but the potential opportunities GPT-3 brings," said Sophos Principal Threat Researcher Sean Gallagher.

Machine-learning algorithms have become a critical part of cybersecurity technology, currently used to identify malware, winnow down the number of alerts presented to security analysts, and prioritize vulnerabilities for patching. Yet such systems could be subverted by knowledgeable attackers in the future, warn experts studying the security of machine-learning (ML) and artificial-intelligence (AI) systems. In a study published last year, researchers found that the redundant properties of neural networks could allow an attacker to hide data within a common neural network file, consuming 20% of the file size without dramatically affecting the performance of the model. In another paper from 2019, researchers showed that a compromised training service could create a backdoor in a neural network that actually persists, even if the network is trained to another task. While these two specific research papers show potential threats, the most immediate risk are attacks that steal or modify data, says Gary McGraw, co-founder and CEO of the Berryville Institute of Machine Learning (BIML).

In the present scenario, techniques like AI and machine learning are involved in almost all sectors. These techniques help organisations by various means, starting from getting insights from raw data to predicting future outcomes, and more. Focussing all the benefits of AI and ML, the utilisation of machine learning techniques in cybersecurity has been started only a few years ago and still at a niche stage. AI in cybersecurity can help in various ways, such as identifying malicious codes, self-training and other such. Here is a list of top eight machine learning tools, in alphabetical order for cybersecurity.

Younghoo Lee is a Senior Data Scientist at Sophos. Together with Joshua Saxe, Sophos Chief Scientist, he recently presented these findings at DEFCON 28 AI Village. Business Email Compromise (BEC), is a form of targeted phishing where attackers disguise themselves as senior executives to dupe employees into doing something they absolutely shouldn't, like wire money. It started out as an evolution of the fraudulent international money transfer scams, and the messages were often riddled with poor punctuation and grammar, misspelt names and more that made them relatively easy to identify. Yet they still made money.

Artificial intelligence and machine learning are persistently in the headlines with rich debate over its next advances. Will cybercriminals further leverage machine learning to craft attacks? Can defenders build a machine learning model capable of detecting all malware? We believe machine learning is an essential and critical piece of cybersecurity, but it must be only one part of a broader solution to be effective. It's unwise for any security product to rely solely on machine learning as its primary or singular layer of defense.

Cyber security vendor Sophos is invoking the spirit of famed English evolutionary scientist Charles Darwin to rally the security industry around its vision for connected cyber defence, opening the company up to working with APIs and other third parties to tackle sophisticated threats. Former Sophos product SVP Dan Schiappa, who is now the company's chief innovation officer, said the industry should take a joined-up approach to applying artificial intelligence to security decisions. Speaking with Computerworld UK, Schiappa explained how the company's internally named'Darwin Project' evolved from its previous work. "About four years ago we introduced the concept of'synchronised security' and this is where security products speak directly to one another, and share information," he said during a telephone interview. "The simplest example was, if we saw a compromise at an endpoint, it would share that information to the firewall and then the firewall would eliminate that endpoint from being able to talk to the outside world."

Next-generation endpoint security provider Sophos is taking advanced deep learning neural networks to the fight against malware through the release of a new detection tool called Intercept X. According to the company, deep learning takes machine learning to the next level by being able to learn the entire observable threat landscape. It is also able to process many millions of samples for a faster prediction rate and fewer false positives. According to Enterprise Strategy Group senior validation analyst Tony Palmer, traditional machine learning models still depend on expert threat analysts for training; they also get more complex and slower as more data is added. "These models may also have significant false positive rates which reduce IT productivity as admins try to determine what is malware and what is legitimate software," Palmer explains.