CIOReview
Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
| | December 20189CIOReviewUsing artificial intelligence (AI) or machine learning to determine network baselines, even as those baselines shift, allows CIOs to identify model breaches based on abnormal user behaviorof the file would automatically send the newest credentials. Mind blowing simple and sophisticated all at the same time.To the traditional firewall, segmentation, intrusion detection, or endpoint protection security software, this transaction would look normal, and no intrusion would be detected. It is believed the Russians were embedded in our critical infrastructure for over two years, and still are today. This leads me to a fear I have had for as long as IT and OT networks have become one: what if the hackers are already inside. How do I know?No longer can CIO's rely on traditional methods of intrusion detection, but instead must look outside the box, beyond the normal "signature" patterns. New technology is beginning to emerge that could have successfully detected this sort of attack which traditional signature based technology missed. Using artificial intelligence (AI) or machine learning to determine network baselines, even as those baselines shift, allows CIOs to identify model breaches based on abnormal user behavior. Even though, in the fore mentioned case, the Russians were able to access ICS devices with actual credentials, connecting to certain devices at abnormal hours, using abnormal client-server relationships, or even abnormal user-device relationships would have been identified in real-time. Networks have a unique pattern of life which hackers are not privy to. Outsiders, working in any network, inherently will change this unique pattern, and be identified.We can't know of, or have perfect foresight into, the next attack on our critical infrastructure. But we can identify what is normal network behavior. We can start using the normality of network usage against the hacking community, adding another layer of defense. As with any technology, our goal is to identify breaches as quickly as possible, and then properly respond to those breaches. Relying on past attacks is a poor way to defend. Getting ahead and defending against the attacks we don't know about is the future. Human behavior used to be a cyber-security deficit. With AI, we are able to turn that human behavior into an advantage, and should be something every CIO should be looking to implement. Ian Fitzgerald
< Page 8 | Page 10 >