Threat intelligence increasingly depends on AI
Artificial intelligence is playing an increasingly critical role in preventing, detecting and remediating cyber-threats as the nature of attacks evolves, and adversaries operate in well-organized, highly skilled groups, says a global security and threat intelligence specialist.
Many of today’s adversaries work in large networks, capitalizing on a “crime-as-a-service” business model, involving hundreds of people working to make commission by distributing threats, says Derek Manky, chief of security insights and global threat alliances at Fortinet’s FortiGuard Labs.
He cites an example where FortiGuard Labs worked a case that involved a $60 million U.S. crime ring using email spearphishing to compromise the accounts of corporate chief financial officers.
“It’s a big business. There [can be] over 50 people in just one cybercrime ring, including money launderers, hacking units and different business units. Having A.I. in [enterprise] defense is critical,” Manky explains,
Additionally, threat actors are weaponizing automation to expand their reach. That places even more importance on having A.I.-enabled systems in place to parse through vast amounts of threat intelligence and respond quickly, Manky says in a new podcast produced by CyberScoop and underwritten by Fortinet.
Top security threats today
FortiGuard Labs data reveals an unprecedented shift in the cyber threat landscape in 2020. The dramatic scale and rapid evolution of attack methods demonstrate the nimbleness of adversaries to quickly shift their strategies as the network perimeter has extended into the home.
“We’ve directly seen a shift from email-based threats … to web-based threats,” he says. “By sending links, or even doing watering hole attacks — waiting for people to visit their favorite site that could be compromised and hacked — that is becoming the new normal for attackers.”
Another area of concern involves directly hacking IoT-based device, he says.” So, things like DVRs, printers, storage, gaming units that exists on these home networks … if attackers can get into those devices, they can then compromise laptops that have secure access to corporate networks.”
The best thing for enterprises today bringing more stakeholders to the table to discuss threat intelligence.
“Threat intelligence has become a board-level discussion and that’s very important, because [executives] are realizing that this is a real problem,” Manky says. Executive buy-in will be key to building a strategy for prioritizing response and risk mitigation.
Using threat intelligence and planning ahead
A lot of the times, when we see breaking cyber-intelligence research, it’s often framed as an end product. But in fact, it really should be a midpoint for organizations, according to Manky.
“If you know a lot about the attacker, that’s very important. But [organizations] have to actually take [intelligence to] the last mile to make it actionable. Intelligence is just intelligence until you actually act on it and do something. That’s where we start to mitigate the threats,” Manky says.
The business of cyberattacks is such that enterprises can no longer afford to rely on people alone, he explains. When you’re trying to fight automation and defense humans are great, and we’re intelligent, but we can be slow.
“Oftentimes you have a human going to look at a security log, they analyze that security log, then they set up a policy against that, but oftentimes, it’s too late.”
Manky says that while enterprises generally have data and processing power they need to analyze threat intelligence, AI is still maturing as a means for speeding up response.
“It takes five years [or more] for these models to become accurate. … There’s a lot of issues to overcome, but the good news is we’ve started.”
Listen to the podcast for the full conversation on security transformation augmented with AI and machine learning capabilities. You can hear more coverage of “IT Security Modernization” on our CyberScoop radio channels on Apple Podcasts, Spotify, Google Play, Stitcher and TuneIn.
This podcast was produced by CyberScoop and underwritten by Fortinet.
Derek Manky brings more than 15 years of experience as a global strategist. Derek has worked a wide range of Fortune 500 companies worldwide over his career, as well as with a a variety of public sector organizations. Most recently he has worked on fostering important partnerships with organizations like WEF, Interpol and others.