Threat hunting analyzes large, noisy, high-dimensional data to find sparse adversarial behavior. We believe adversarial activities, however they are disguised, are extremely difficult to completely obscure in high dimensional space. In this paper, we employ these latent features of cyber data to find anomalies via a prototype tool called Cyber Log Embeddings Model (CLEM). CLEM was trained on Zeek network traffic logs from both a real-world production network and an from Internet of Things (IoT) cybersecurity testbed. The model is deliberately overtrained on a sliding window of data to characterize each window closely. We use the Adjusted Rand Index (ARI) to comparing the k-means clustering of CLEM output to expert labeling of the embeddings. Our approach demonstrates that there is promise in using natural language modeling to understand cyber data.

Human intelligence and intuition are vital to training artificial intelligence (AI) and machine learning (ML) models to provide enterprises with hybrid cybersecurity at scale. Combining human intelligence and intuition with AI and ML models helps catch the nuances of attack patterns that elude numerical analysis alone. Experienced threat hunters, security analysts and data scientists help ensure that the data used to train AI and ML models enables a model to accurately identify threats and reduce false positives. Combining human expertise and AI and ML models with a real-time stream of telemetry data from enterprises' many systems and apps defines the future of hybrid cybersecurity. "Based on behaviors and insights, AI and ML allow us to predict [that] something will happen before it does," says Monique Shivanandan, CISO at HSBC, a global bank.

What happens when cyber criminals face robots? What happens when they use robots? How will offensive and defensive strategies of cybersecurity evolve as artificial intelligence continues to grow? Both artificial intelligence and cybersecurity have consistently landed in the top charts of fastest growing industries year after year¹². The 2 fields overlap in many areas and will undoubtedly continue to do so for years to come. For this article, I have narrowed my scope to a specific use case, intrusion detection. An Intrusion Detection System (IDS) is software that monitors a company's network for malicious activity. I dive into AI's role in Intrusion Detection Systems, code my own IDS using machine learning, and further demonstrate how it can be used to assist threat hunters.

Artificial intelligence (AI) and machine learning (ML) give security teams the ability to catch bad guys with the power of math. Through the use of effective analytical methods, organizations can become more cyber resilient. With statistical learning; supervised, semi-supervised, and unsupervised ML; advanced visualizations; and other principled approaches tailored for cybersecurity, you will be one step ahead of the game. Here are six ways AI and ML, along with analytics, can boost your company's cyber resilience. AI and ML can remove friction in managing identities through adaptive authentication, which dynamically escalates the factors needed to verify an identity based on risk.

Cyber-defense systems are being developed to automatically ingest Cyber Threat Intelligence (CTI) that contains semi-structured data and/or text to populate knowledge graphs. A potential risk is that fake CTI can be generated and spread through Open-Source Intelligence (OSINT) communities or on the Web to effect a data poisoning attack on these systems. Adversaries can use fake CTI examples as training input to subvert cyber defense systems, forcing the model to learn incorrect inputs to serve their malicious needs. In this paper, we automatically generate fake CTI text descriptions using transformers. We show that given an initial prompt sentence, a public language model like GPT-2 with fine-tuning, can generate plausible CTI text with the ability of corrupting cyber-defense systems. We utilize the generated fake CTI text to perform a data poisoning attack on a Cybersecurity Knowledge Graph (CKG) and a cybersecurity corpus. The poisoning attack introduced adverse impacts such as returning incorrect reasoning outputs, representation poisoning, and corruption of other dependent AI-based cyber defense systems. We evaluate with traditional approaches and conduct a human evaluation study with cybersecurity professionals and threat hunters. Based on the study, professional threat hunters were equally likely to consider our fake generated CTI as true.

Cyber Security is a rapidly evolving industry, projected to become a $232 billion global market by 2022. This estimated valuation reflects a significant rise from last year, in which the market value reached $137.8 billion worldwide in 2017. The emergence of mobile platforms and cloud-based enterprise apps, coupled with the increased adoption of advanced technologies such as fingerprint identification and biometrics have collectively fueled a notable spike in the space. Although cyber security is attracting greater attention across the globe, the United States stands as the dominant force leading the charge for innovation. Brian Beyer serves as the CEO of Red Canary, a cyber security company that combines machine learning and human intelligence to develop cutting edge detection and response software to mid-market businesses.

Threat hunters are able to see related behaviors and entities, and search and filter without having to master a query language. Because the platform connects users, devices, and IP addresses, hunters always know the "who" behind every indicator. Threat hunters can seamlessly explore data from disparate sources, pivot on behaviors and interesting data facets, and visualize data and relationships in multiple ways. E8's platform enables behavior hunting, allowing threat hunters to key in on the abnormal behaviors of internal resources that are typically the early warning signs that a threat is present. E8 Security's Fusion Behavioral Intelligence Platform enables security analysts to detect and hunt for unknown threat indicators, and respond before a breach occurs.