Skip to main content

The contribution of AI to a cyber defense system

 ARCHANGEL 2.0 NGFW from PT SYDECO

A burglar who wants to enter a building, however well guarded it may be, will always end up achieving his ends: No bastion is impregnable and all these lines of defense that were said during the previous world war , impregnable, have shown their limits.


Why should it be any different when it comes to the fortified digital systems that cyber attackers seek to penetrate?

Therefore, rather than seeking to further fortify what will always end up not being able to resist the enemy, why not change approach and concentrate on what can and must be protected within the enclosure, inside the systems?

During an attack, the attacker is always one step ahead. So, if you search for all the internet addresses that have been used by attackers, they can always come back with other addresses and when they have succeeded in penetrating the stronghold, it will be too late to ban this address which has become obsolete.

Don't they say that during a ZERO DAY attack it takes 275 days to create a patch?

During this time, how much damage could have been caused!

This is why we must focus on saving what can and absolutely must be saved and the use of technology just as advanced as the sophisticated methods used by attackers becomes a necessity.

The use of AI can perfectly play this role and become the solution to this challenge.

To find its place for AI in a defense system (cybersecurity) against cyberattacks, we must understand what a cyberattack is, what it targets and how it goes about achieving its goals.

A cyber attack is the action carried out by an individual, group of individuals or by a state with a view to obtaining a gain which could not have been obtained by the use of “conventional” means.

This gain will vary depending on the desired goal.

It can simply be to destroy what one's competitor or opponent has, in a spirit of revenge or in the spirit of acquiring or maintaining a dominant place in a defined environment (eradication of data and attack on operating systems).

It may be to obtain data from a company (data leak) to make a profit by monetizing their non-disclosure or by encrypting them, always for the same purpose (ransomware) or, in the case of a state or from a competitor, to acquire knowledge of projects or technologies developed by the victim (espionage).

What are the means used by attackers?

In all cases, without regard to the desired goal, the attacker must find a way to infiltrate his target's system with a tool (virus or worm) that he can activate remotely in order to destroy, steal, to encrypt or spy on or take over the entire system.

What it will penetrate into the target system will be a code, which will always include an execution command without which it will not be able to carry out its action. This code and its execution command do not necessarily have to be in the same attack packet, they can be sent at even distant intervals in time.

How to enter malicious code?

There are a number of vectors that the attacker can use, ranging from phishing, in all its forms, to social engineering (which requires action by a natural person who has an access code to the target system). ), to systems that do not require human intervention, such as brute force (to crack the target's access codes), attacks carried out via a supply chain, exploitation of application vulnerabilities (such as ZERO DAY) and systems accessible outside the company's perimeter, etc.

What will the attacker do once inside the target system?

Everything will depend on the goal he is looking for:

  • State or industrial espionage: the goal will be to steal the target's data by leaking it or by spying on the actions of operators using accessories such as the mouse, the keyboard or the camera incorporated in the monitor).
  • Revenge or elimination of a competitor: the goal will be to destroy your system, by rendering both the hardware and software inoperable and destroying the data.
  • Gain by encrypting the data contained in the target's servers.

Cybersecurity action will therefore tend to protect:

  • Data against encryption and evasion (ransomware and leakage),
  • System components against any attack on their integrity (manipulation of mice, keyboards, cameras with the aim of spying and/or gaining access to servers).
  • The systems themselves against any attempt to take them over by an attacker.

How AI can help protect?

As attackers use all possible means to hide their intrusion and the malicious side of the codes and its execution commands, in particular by using the process of obfuscation or encryption, AI can help to discover obfuscations by analyzing the logical sequence of the codes, deobfuscating them and revealing the real execution command hidden by the obfuscation.

The deobfuscation system that we created at PT SYDECO, using AI, allows a positive result of more than 98% in the discovery of hidden execution codes no matter in which language they are created.

Regarding the packets which enter the target system and whose signature or content is encrypted, here again the system implemented at PT SYDECO, using AI, makes it possible to avoid their entry into the system or to attract the attention of the security officer as appropriate, always using the same method of scanning and analyzing the content.

The best contribution of AI in a cyber defense system is the detection of execution codes which in itself is already an effective defense against any intrusion attempt: A virus without its execution code is inoperative . And it is by scanning every entry into the system and everything that circulates in the network and analyzing it using AI that we can best protect this system. Whatever the aim sought by the attacker, whatever the type of attack or whatever the family to which the malware used belongs.

AI can also play a key role in early detection of attacks and protection of systems.

In conclusion, we can therefore say that AI has its place in a cyber defense system in that it allows us to scrutinize and analyze what enters a system with a view to only letting in what is not suspicious. AI can also play a key role in the early detection of attacks and therefore of the content of systems, if not the systems themselves.

We cannot ignore that an error is always possible and that there will always be flaws in applications.

When we focus on defending what can and must be defended in a system, whether the attack is of the ZERO DAY type or not, whether it is a ransomware type attack or with a view to installing a backdoor, you will get significantly better results than if you waste your time tracking down the adversary before they have entered the system.

#cybersecurity #AI #PTSYDECO #Archangel #ZERODAY

Comments

Post a Comment

Popular posts from this blog

QUIZZ

The 3 first ones who will give the right answers to the 10 following questions will win a Personal Firewall ARCHANGEL© PICCOLO   1.       What is the relation between the 3 background photos that are on the profile page of Mr. Patrick HOUYOUX President-Director of PT SYDECO? 2.        How many devices does the Firewall of Next Generation ARCHANGEL© 2.0 series SA1470 protect and how many secure tunnels does it create? 3.       What is the price of a one-year licence that a user of ARCHANGEL© PICCOLO will have to pay to continue protecting his or her IT installations from the second year onwards? 4.       What are the three programs which are housed in a single server that enable PT SYDECO's Integrated Protection System, to protect data at all times? 5.       Can PICCOLO protect a Smartphone? 6.       When (D/M/Y) did PT SYDECO signed a MOU with the Faculty of Engineering of University Gadjah Mada Yogyakarta? 7.    What are the three main features that make SydeCloud©, PT SYDECO'
Post a Comment
Read more

A lesson in cyber safety

In an article published on 19 June 2023 in globalsecuritymag.fr/, Benoit Grunemwald, cybersecurity expert at ESET France, recounts the cyberattack suffered by REDDIT, an American social news aggregation, content rating, and discussion website, in February of the same year, and draws some lessons from it. This article follows the hackers' attempts, last repeated on 16 June, to obtain a ransom of 4.5 million dollars in order to delete the 80 GB of data stolen from the company, to which the company did not respond. The data was not encrypted, so the company did not lose it. However, the same cannot be said for its reputation.  Benoit Grunemwald explains that " It all started with a phishing email to harvest employee account data. All it takes is for a single employee to be trapped for cyber criminals to gain access to internal documents, software code, employee data , etc." He goes on to stress the " need to integrate in-depth security methods and resources, such as zer
Post a Comment
Read more

IDS – IPS – DPI – FIREWALL

Understanding Key Elements of Cyber Defense Against Attacks  In the realm of network security, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Deep Packet Inspection (DPI), and Firewalls are vital concepts, each with distinct roles, functions, and purposes. This study delves into these components, their capabilities, and the significance of their integration in a holistic cybersecurity strategy. The landscape of cybersecurity hinges on the interplay of IDS, IPS, DPI, and Firewalls, each addressing different facets of network protection. This study elucidates their core functions, while emphasizing their symbiotic relationship within an efficient defense system. This while keeping in mind that the capabilities that will be described are those that each of the components should ideally have but whose effectiveness actually depends on the functions they are equipped with, the quality with which these functions have been created and the level of excellence with which
Post a Comment
Read more