当AI进入网络安全迷宫时
Broadly, the focus was on how to secure the cyberspace, protecting the digital services and infrastructures that nations and citizens have come to depend upon, implementing the right tools to protect data, “a strategic asset” as put it Juri Luik, Estonia’s Minister of Defence who came to testify how his country had been the first in Europe to suffer a full-out cyberattack from its Russian neighbour.
“Unlike in the past, the defence sector depends on the civilian sector that is driving the technology, innovation is led by the private sector and the state has to adjust to that. All states shall invest in cybersecurity as national borders do not exist in the cyberspace where everything is merged into one battlefield”, Luik said during a plenary session titled “Innovation and Cybersecurity”.
“It is not just a technical matter for tech junkies, but it impacts politics too” he added, mentioning last year’s European-level cyber defence exercises focusing on situational awareness, crisis response mechanisms and strategic communication.
Florence Parly, France’s Minister of the Armed Forces joined Luik on stage to highlight the necessary cooperation between all the European states on cybersecurity. “Everything is connected, the IoT collects data, analyse it and with this hyperconnectivity, all our society and e-lifestyle is threatened by invisible untraceable enemies” Parly said. “The digital space is structuring the battlefield, at home and abroad, and if we don’t innovate and invest in research for cybersecurity, others will do it in our place. But I won’t let this happen”, she added before discussing the need for reorganizing Europe’s numerical resilience, to better anticipate threats, protect our networks and fight back when necessary.
As cyber-sovereignty as become a major stake, the French Minister of the Armed Forces unveiled plans for the French army to invest 1.6 billion Euros for cyber-defence between 2019 and 2015, increasing the ranks of its cyber-soldiers from 3,000 today to 4,000 by 2025. She also announced the creation of a European kernel of cyber-defence to share incoming threats in real time.
A plethora of encryption and network traffic monitoring solutions were on display, but among the 350 exhibitors were also companies offering cyber security testing environments and so-called ethical hackers ready to safely hack into your system and disclose your network’s vulnerabilities.
In the European context, security consulting company Yes We Hack claims to offer the first Bug Bounty platform in Europe. One that allows companies to crowd-source their security tests, relying on so-called “white hats” or ethical hackers who’ve agreed to follow responsible vulnerability disclosure procedures, abiding by the rules, principles and legislation of the European economic area.
Yes We Hack’s Bounty Factory helps companies create a Bug Bounty Program (BBP) which rewards individual hackers for finding bugs in code (software, web sites, network protocols etc.).
“All our servers are situated in France and our encrypted data is hosted by French cloud provider OVH in compliance with European laws” highlighted Nicolas Diaz, Communication Consultant at Yes We Hack during an interview witheeNews Europe。赏金工厂和3700 +注册ethical hackers, the company can offer continuous testing while federating and ranking the white-hats, also raising their profiles for would-be recruiters in cybersecurity.
One hot trend at the conference was the use of Artificial Intelligence (AI) to counter cyber-attacks or stop malware in its track. In a talk titled “Connected Intelligence”, Trend Micro’s technical director Renaud Bidou gave us his vision for 2020, arguing that learning from experience, more bugs and more patches would follow, opening room for new worms exploiting unpatched vulnerabilities. “What will never change is that there will always be bugs, patches, and users will click” (on links to malware or compromised documents), he said.
“黑客将是黑客,最终有人将进入您的系统,这将永远不会改变。最新的是,从包含服务器到工作站,笔记本电脑,智能手机,连接的手表,房屋,智能工厂和普遍存在的云”时,表面攻击将不太控制。”
“But the good thing is that we can now use AI to secure the connected world and detect on-the-fly suspicious unknown threats. Tomorrow, smart security won’t be good enough, we need intelligent security.”
CFO说,描述黑客可以用他的所有证书模仿同事的成功网络钓鱼场景,直接通过电子邮件向首席执行官询问了不寻常的货币转移,Bidou表示,即使是AI算法,建模也可以自动对此进行攻击公司中的所有人类行为以及网络上的流量模式,以确定与标准行为的任何偏差。“一个AI驱动的安全系统可以通过电子邮件将其发送回CFO并检查他是否真的提出了该请求,也可能会警告CEO。” Bidou举例说道。
“In 2020, data will overload our traditional analysis capabilities, but AI takes its value from data and it will have plenty of it from IoT. So let’s take advantage of this context to make security more reliable”.
Asked if AI would also benefit hackers in the arms race, Bidou noted that AI was already being used by hackers to scavenge data on social networks and identify the profiles that would be the most susceptible to phishing. “That way, they augment their chances to successful phishing. Some adverts on the web are even compromised and monitored in order to identify the most gullible profiles”, the technical director told eeNews Europe.
在展览楼上,Phishme的发言人以某种方式同意,随着终点的加密和安全检查,基于社会工程的网络钓鱼仍然是获得管理证书并妥协网络的最可靠方法。该公司在其网站上报告说,超过90%的违规行为可以归因于成功的网络钓鱼活动。因此,它建议培训员工和合作伙伴,以便他们成为网络安全解决方案的一部分。Phishme通过组织无害的网络钓鱼运动来做到这一点(将无术的点击最终用户进行意识到有关网络钓鱼的宣传)。
现在,黑客能否通过AI加强游戏来分析和了解同事如何交流以及他们使用哪些语言模式,以便他们的网络钓鱼活动将更加成功?这种可能性是存在的,尽管可能需要很长时间才能回报,因为人类在理解其合作者的特定社会特征和表达形式方面是独一无二的。
回到使用AI进行网络安全的使用,美国公司Vectra利用人工智能自动化安全操作,从端点开始,通过检测整个网络的异常数据流量来识别威胁。无论是要淘汰数据还是用勒索软件进行加密,黑客都需要首先损害端点并扫描到适当的保护措施。Vectra的Cognito工具分析了整个网络上所有设备和所有用户的行为,并确定了与标准的任何偏差。该工具可以自动寻找网络攻击者,并可以立即优先考虑最高风险的威胁,从而触发即时响应,例如端点隔离,如有需要。分销合作伙伴独家网络的David Clarys解释说:“他们使用的算法中有80%是针对某些模式进行训练的,但有20%的人在网络中学习,因此Cognito的操作可以对环境进行定制。”AI算法和数据分析集中在专用的Vectra设备中。去年,该公司报告了三位数的收入增长,即季度季度。
Likewise, Cambridge startup Darktrace leverages unsupervised machine learning to detect data anomalies and threats across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. The company likes to describe its security solution, the Enterprise Immune System, as a set of AI algorithms that does not require previous experience of a threat or pattern of activity in order to understand that it is potentially threatening. The Enterprise Immune System works automatically, without prior knowledge or signatures, detecting and fighting back against subtle, stealthy attacks inside the network, in real time. On its website, the company claims its unique, unsupervised machine learning has already identified over 63,500 previously unknown threats in over 5,000 networks, including zero-days, insider threats and subtle, stealthy attacks.
相关文章:
Liverpool cyber-attack sparks debate
