AI in Cybersecurity
Вставка
- Опубліковано 18 тра 2023
- IBM Security QRadar EDR: ibm.biz/QRadar_page
Threat Intelligence report '23: ibm.biz/BdPCWC
Check out the AI and Cybersecurity eBook → ibm.biz/BdSkcA
Cybersecurity professionals are in short supply. How can companies boost the efficiency of their existing cybersecurity staff? In this video, Jeff "the security guy" explains how AI can act as a force multiplier that help you address security threats more effectively.
Get started for free on IBM Cloud → ibm.biz/ibm-cloud-sign-up
Subscribe to see more videos like this in the future → ibm.biz/subscribe-now
#AI #Software #ITModernization #Qradar #JeffCrume
This video inspired me to learn more about gen ai in cyber security in terms of AI automation and how it impacts in terms of GRC ( data privacy and offensive AI) and how a responsible Ai helpful in security field :) IBM gen Ai training is a great start
Enterprise security architect here and, while this sounds good on paper, if you are not extremely careful with how you secure what information you are training the models on you will end up in a mess.
To put more plainly, unless your security configuration is perfect, having an automated tool scan for information and load it into a LLM NLP system for people to "chat" with is going to turn ugly very quickly. After over 30 years of experience, I have never seen a perfectly secure network or system configuration.
One mistake and false positive or negative reporting is going to be the least of your concerns when the FINRA / ESMA auditors ask why you included these tools on the network... there is a use case but the path is loaded with land-mines.
Good point! AI can be amazing and awful almost at the same time. I talk about that in this video: ua-cam.com/video/RTCaGwxD2uU/v-deo.html. AI is good and getting better, though. Besides, if "perfect" were the standard then we would never use people for anything 😊
How did you become a security architect? What are your roles
@@j.vosier6786 Short answer is a lot of long hours and study.
Longer answer is that I started working on Y2K initiatives where we had to decipher very old, undocumented code in ASM, ALC, C and C++ which forced learning the low level hardware bits to ensure that critical systems kept running. Once you know the low level bits... entry points, TEXT sections, interrupts, etc, learning how memory leaks and hackers function comes with the territory... from there you can start evaluating code and seeing how often issues pop up.
Best tip I can give you is that a lot of the security issues are not directly tied to the technology... Good engineers already know what to do. The security issues are tied to bad management practices and trying to do too much, with too little with burnt out dev teams. AI won't fix that... good management and engineering practices will.
@@jeffcrume Agree... in part. There are certainly cases where ML and NLP are useful but absolutely need to get past the marketing hype and recognize the risks. Identifying patterns in niche areas I can see being useful with due caution. Pushing all company emails into an NLP LLM for "summaries" is an extremely dumb idea just asking for errors and misunderstandings.
That being said, the benefit of human-centric systems certainly isn't to reduce error rates... it is for the edge cases. Automation for the 98% of standard events is great but there always needs to be traceability and an escape hatch to cover the odd-ball cases otherwise you end up in a re-enforcing loop death spiral and, once it takes hold, it happens much faster than anyone expects.
His example of behavioral pattern matching is valid.
I've been in the mobile software industry over a decade and while I am a new security maven, I see not only value in AI for security but I believe it will become a must. His examples aren't all encompassing, and I know this is true if only because bad actors will be using AI to circumvent our security.
Great presentation.
Is knowledge graph already assume in osint for cybersecurity
Really Good, Jeff
Thanks, Mike! @mikewinkler4625
How do you do pattern matching with ML? How do you train what is 'normal' and what might be a security issue? (4:20)
The simplistic answer is you train a model using data of known/acceptable relationships and patterns (embedded using verified data from graph databases). LLMs in particular are exceptional at figuring out relationships/sequences between things and then inferring likely/expected relationships when applied to new data (in the wild). Model training is an iterative process where the model loops back on its own mathematical logic (backpropagation) by self-tuning its own parameters (things called weights, biases, and other jargon) and then checking its output again and again to see if it improved. This optimization then stops (converges) when it cannot optimize itself anymore (aka reduces its loss function). So, your model may end up at say 90% accuracy. If that is enough for your needs you are ready to deploy that model on new data it has never seen before (inference). But, if 90% was not good enough, you try a new model or add a couple hidden layers or feed it more data, lots of options. This is conceptually how most all neural networks work. So, you would likely hone in on an outlier amongst the predicted outputs/acceptable patterns to localize anomalous behavior and then look at that event's connections to trace it back to a possible cause. It is a game of "Which one is not like the other ones." ;)
AI can detect and analyze complex patterns of malicious activity and quickly detect and respond to security threats. AI can also automate security processes, helping to reduce the time and effort needed to detect and respond to threats. Finally, AI can be used to detect and prevent malicious attacks before they can cause any damage. AI can also be used to identify and respond to new threats faster than traditional security processes. AI can continuously monitor for new security threats and alert system administrators when they are detected. As a result, organizations can be confident their systems are secure and up to date with the latest security protocols, protecting their data and applications from malicious actors. For instance, AI can identify unusual patterns in user behavior, flagging any suspicious activity for further investigation by security analysts.
One concern with using AI for security is that it can create a false sense of security. If administrators rely too heavily on AI to secure their systems, they may become complacent and overlook other potential security threats. Additionally, AI-based security systems are not foolproof and can be fooled by sophisticated attackers. AI-based security systems provide improved accuracy and efficiency compared to traditional security solutions. As the French philosopher Henri Bergson once wrote: “Intelligence is the faculty of making artificial objects, especially tools to make tools.”
Right and, in fact, these same risks exists with any use of technology (or even humans) cybersecurity
Please I'm a student I want to be an engineer what filed is better AI engenering or Cyber security please answer ❤
Nice approach.. btw attacker can use AI open source for reconnaissance
AI along with Cybersecurity will be a better option@@aminepas4719
@@aminepas4719English degree first
What if I created Models which are domain specific ? Lets say for the example you illustrated there are multiple components like the Web Server,URI,IP Address , DNS etc. So let us assume the models are specifically trained on Web Server parameters (Mem/CPU/Web APplication Performance) , another model would be trained on the DNS data logs and so on . If the domain specific models could all work in tandem and a Parent model provides a final inference drawing from the inferences from the Domain Specific model. Do you think this is a possible option ? Additionally I would like to understand your views as to why LLM's prove an advantage for this use case .
Yes, the challenge is to integrate all this knowledge but it is happening already. LLM’s are great for Q&A scenarios. A cybersecurity analyst could benefit from an intelligent answer machine that understood natural language queries and provided instant answers
How do I learn more
why did I paid for University? Your classes are better and free. Thank you IBM
I’m really glad you like these videos but don’t tell my students at the university where I teach or they won’t attend class 😂
It will be AI versus AI and prompt versus prompt.
This actually sounds about right. Malicious actors will and are using AI tools to help exploit and hack systems. Companies use AI to help as seen in the video investigate, identify, report and research incidents. One thing that will never go away though no matter how much AI gets out there in cybersecurity solutions is hacking the end users/social engineering. I've been seeing more MFA token thefts where they try to steal the PW and MFA with one link click and seen an increase in AiTM type of attacks where they compromise company A then they use that company A email to try and compromise company B.
I probably should come out of retirement, to possibly put some of the i into cysec AI.
I've been working as a software engineer for a few years. I'm getting my masters now and thinking about doing a pivot into security. My university does not offer much in security, so I have been learning ML/AI. Is it worth taking the CompTIA Security+ certification and then switching fields?
I believe it is. People are ungrateful and hate security but you'd get paid royally. There is just not enough people in IT security. So people like you are sorely needed. Also the quantum computing is upon us so we need people who will help us once all of the passwords get cracked at once. Please go for it. I would too but I am too old.
As long as we have computers with anything of value on them, we are going to need people to secure them. The roles may change over time but the fundamental need will outlast even the hottest of today’s specific technologies
U can look into courses by ISACA
From someone who did it, yes, absolutely!
Yes!
This is very interesting. Personally I am thinking to go the ai/ml route, how can I become someone who can do ai in cyber security? Like do I need knowledge in both fields or just someone who can help in cyber sec? Just a beginner so I could be wrong.
I would ask the same question but reversed, is it so important AI kwnoledge in cyber sec?
I think you'd be best just focusing in one discipline and getting really good at it while passively learning the other. When the time comes and you're ready to pick up the latter skill it will all start to make sense quick. Remember you'll likely have a team so if you get really good at AI/ML and just follow cyber news, your team will be able to advise you where you're not an expert. Frameworks would become your best friend. And if you choose to get really good with cyber, introducing AI/ML is essentially the same kind of transition as Cybersecurity Analyst -> Cybersecurity Engineer with some extra layers. The earlier you specialize the better IMO, I'd say research how AI is used in SIEM, SOAR, NGFW, or other tools and become a true subject matter expert on one or two of them.
Depends on what you want your role to be - in general, likely best to lean towards applied cybersecurity - AI-accelerated cybersecurity technology on GPUs is being platformed by folks like NVIDIA themselves (look at their Morpheus service) - and the rise of LLMs supplants most needs to understand the neural networks that underly deep learning as foundational models do not know or care if they are being applied to NLP, vision, or, in this case, anomaly detection. The main practical difference is in the embeddings of the models, I suppose, but, more importantly, the data that they are being trained on. That all is more the job of our data scientists. Just a thought. Do you want to be 'in' cybersecurity or do you want to be on a data science team that trains LLMs on how to infer anomaly detection?
@JG great advice!
@@CubensisEnjoyer thanks for the advice. Appreciate it
i want to know how to make AI more secure and how to block AI to take by himself decisions in cybersecurity.thanks
Securing AI is an area needing lots of work these days. Leveraging AI for automated responses is tricky since errors could have significant consequences so we need to make sure the models are well trained and accurate and appropriate for the given organization because two people may disagree on the correct course of action making it hard to train the AI
👍🏾
💯 These AI tools will help speed up our Cybersecurity workflows
Hi I want to study engenering but I'm confused 🤔 I choose AI or Cyber security the problem is I think that AI can be a tool to detect any problems.
They watching me GOD is watching them😂😂😂😂
done mine is locked to quantum mechanics of lumens and ai without the law of robotics for sad cloud
Did he just write in mirror?
See ibm.biz/write-backwards
let's say a patients are attacked to doctor for emerging diseases. can a pod cast help to for voice, verbal ,jumio software learning a.i. profilter to funnel up disease, analysis and final threats.
What?
i mentioned to a community on reddit that i used ai for subnetting a ip address, but after doing so i received a couple replies saying i shouldnt rely on ai for that am i wrong for innovation im pretty sure black hats are doing this its way easier not much overhead
The bad guys are using AI to gain an advantage. The good guys should use it too where it benefits us
guys i need some help i installed a crack version of video editing software , but when i start my laptop a command line terminal opened so i suspected and uninstalled the program but now a new pop up show that some .dll file in user folder is missing also that terminal at startup is still present , i have windows defender but on av scan it found nothing . Is my device still infected? as my cpu usage is very high and also i received an alert from google security alert on email.
If no human involve in then no banking fraud possible because there I s no motivation for computer to steal because it needs no food no wine nó wife nó children nó vacation nó retirement
it need huge power station/electricity, hardware resources.. unfortunately human made programs 😭
there are no openings in cyberssecurity he's lying.
really? how do you know?
Rubbish. I tried to get in the field.
I was ex deputy GM of a 100 ppl co.
I got certified in iso27001 and tried to grt starter jobs even internship.
But no co. Hired me.
Stating u have no exp.
Dude thats why want starter posting othersie would ask fr ur managers position.
Jeff, you need more buzzwords and jargon