Skip to main content

The contribution of AI to a cyber defense system

 ARCHANGEL 2.0 NGFW from PT SYDECO

A burglar who wants to enter a building, however well guarded it may be, will always end up achieving his ends: No bastion is impregnable and all these lines of defense that were said during the previous world war , impregnable, have shown their limits.


Why should it be any different when it comes to the fortified digital systems that cyber attackers seek to penetrate?

Therefore, rather than seeking to further fortify what will always end up not being able to resist the enemy, why not change approach and concentrate on what can and must be protected within the enclosure, inside the systems?

During an attack, the attacker is always one step ahead. So, if you search for all the internet addresses that have been used by attackers, they can always come back with other addresses and when they have succeeded in penetrating the stronghold, it will be too late to ban this address which has become obsolete.

Don't they say that during a ZERO DAY attack it takes 275 days to create a patch?

During this time, how much damage could have been caused!

This is why we must focus on saving what can and absolutely must be saved and the use of technology just as advanced as the sophisticated methods used by attackers becomes a necessity.

The use of AI can perfectly play this role and become the solution to this challenge.

To find its place for AI in a defense system (cybersecurity) against cyberattacks, we must understand what a cyberattack is, what it targets and how it goes about achieving its goals.

A cyber attack is the action carried out by an individual, group of individuals or by a state with a view to obtaining a gain which could not have been obtained by the use of “conventional” means.

This gain will vary depending on the desired goal.

It can simply be to destroy what one's competitor or opponent has, in a spirit of revenge or in the spirit of acquiring or maintaining a dominant place in a defined environment (eradication of data and attack on operating systems).

It may be to obtain data from a company (data leak) to make a profit by monetizing their non-disclosure or by encrypting them, always for the same purpose (ransomware) or, in the case of a state or from a competitor, to acquire knowledge of projects or technologies developed by the victim (espionage).

What are the means used by attackers?

In all cases, without regard to the desired goal, the attacker must find a way to infiltrate his target's system with a tool (virus or worm) that he can activate remotely in order to destroy, steal, to encrypt or spy on or take over the entire system.

What it will penetrate into the target system will be a code, which will always include an execution command without which it will not be able to carry out its action. This code and its execution command do not necessarily have to be in the same attack packet, they can be sent at even distant intervals in time.

How to enter malicious code?

There are a number of vectors that the attacker can use, ranging from phishing, in all its forms, to social engineering (which requires action by a natural person who has an access code to the target system). ), to systems that do not require human intervention, such as brute force (to crack the target's access codes), attacks carried out via a supply chain, exploitation of application vulnerabilities (such as ZERO DAY) and systems accessible outside the company's perimeter, etc.

What will the attacker do once inside the target system?

Everything will depend on the goal he is looking for:

  • State or industrial espionage: the goal will be to steal the target's data by leaking it or by spying on the actions of operators using accessories such as the mouse, the keyboard or the camera incorporated in the monitor).
  • Revenge or elimination of a competitor: the goal will be to destroy your system, by rendering both the hardware and software inoperable and destroying the data.
  • Gain by encrypting the data contained in the target's servers.

Cybersecurity action will therefore tend to protect:

  • Data against encryption and evasion (ransomware and leakage),
  • System components against any attack on their integrity (manipulation of mice, keyboards, cameras with the aim of spying and/or gaining access to servers).
  • The systems themselves against any attempt to take them over by an attacker.

How AI can help protect?

As attackers use all possible means to hide their intrusion and the malicious side of the codes and its execution commands, in particular by using the process of obfuscation or encryption, AI can help to discover obfuscations by analyzing the logical sequence of the codes, deobfuscating them and revealing the real execution command hidden by the obfuscation.

The deobfuscation system that we created at PT SYDECO, using AI, allows a positive result of more than 98% in the discovery of hidden execution codes no matter in which language they are created.

Regarding the packets which enter the target system and whose signature or content is encrypted, here again the system implemented at PT SYDECO, using AI, makes it possible to avoid their entry into the system or to attract the attention of the security officer as appropriate, always using the same method of scanning and analyzing the content.

The best contribution of AI in a cyber defense system is the detection of execution codes which in itself is already an effective defense against any intrusion attempt: A virus without its execution code is inoperative . And it is by scanning every entry into the system and everything that circulates in the network and analyzing it using AI that we can best protect this system. Whatever the aim sought by the attacker, whatever the type of attack or whatever the family to which the malware used belongs.

AI can also play a key role in early detection of attacks and protection of systems.

In conclusion, we can therefore say that AI has its place in a cyber defense system in that it allows us to scrutinize and analyze what enters a system with a view to only letting in what is not suspicious. AI can also play a key role in the early detection of attacks and therefore of the content of systems, if not the systems themselves.

We cannot ignore that an error is always possible and that there will always be flaws in applications.

When we focus on defending what can and must be defended in a system, whether the attack is of the ZERO DAY type or not, whether it is a ransomware type attack or with a view to installing a backdoor, you will get significantly better results than if you waste your time tracking down the adversary before they have entered the system.

#cybersecurity #AI #PTSYDECO #Archangel #ZERODAY

Comments

Post a Comment

Popular posts from this blog

KEUANGAN & DATA PRIBADI PEMAIN GAME ONLINE DALAM BAHAYA

Melindungi Gamer Online: Memahami Risiko dan Solusi Dalam beberapa tahun terakhir, dunia game online telah mengalami pertumbuhan eksponensial, sejalan dengan meningkatnya nilai aset game. Namun, lonjakan popularitas ini juga membawa segudang risiko yang mengancam para pemain dan operator. Dari upaya peretasan dan pencurian akun hingga transaksi yang tidak sah dan eksploitasi data, bahaya yang mengintai di dunia digital selalu ada. Mengingat tantangan-tantangan ini, sangat penting untuk menjelaskan pentingnya langkah-langkah perlindungan yang kuat dan solusi inovatif. Memahami Lanskap Aset game, yang terdiri dari mata uang virtual, item, dan akun, adalah sumber kehidupan ekonomi game online. Nilainya melampaui ranah virtual, bahkan sering kali melampaui transaksi di dunia nyata. Meskipun demikian, perlindungan konsumen tradisional yang diberikan oleh layanan perbankan dan pembayaran tidak ada di ranah game. Operator platform game sering kali mengadopsi pendekatan laissez-faire, membuat ...
Post a Comment
Read more
 Hospital Security in Question In a recent article titled "Cyberattacks: Public and Private Hospitals, Is the Worst Yet to Come?", Jean-Michel Tavernier1 provides a detailed analysis of why the medical sector is a prime target for hackers. He highlights the vulnerabilities that allow hackers to access sensitive data such as medical records, insurance information, and payment details. The compromise of this data can have severe consequences for individuals' privacy, financial security, and even personal safety, not to mention the financial damage to institutions and the risks to the quality of care provided to patients. System Vulnerabilities Tavernier points to the "excessive interdependence of the entire healthcare chain." Hospitals collaborate with a multitude of interconnected providers and partners, creating numerous opportunities for attackers. He suggests managing the attack surface (ASM), which means controlling and securing all entry points where unautho...
Post a Comment
Read more
                                                                     ERRARE HUMANUM EST   The Inescapable Nature of Human Error and Its Implications in Cybersecurity To err is human; one could even say it is a defining characteristic of humanity. Who has never made a mistake, whether out of distraction, ignorance, or because it was provoked? No one is immune to making mistakes, and most of the time, they are forgivable, even if their consequences can be very damaging. However, the fundamental, unforgivable error is doing nothing to avoid situations that lead to mistakes. Thus, to minimize errors due to distraction, one should avoid multitasking (for example, a surgeon operating should not be distracted by a nurse recounting her latest adventures) and refrain from performing actio...
Post a Comment
Read more