This fall, we’re sharing a series of blog posts exploring AI’s impact on highly regulated industries and the major compliance barrier that stands in the way: the “black box” problem.

In this week’s post, Recorded Future’s Staffan Truvé explains how AI-driven threat intelligence is changing cybersecurity.

Cyber Security’s White Knight: AI for Threat Intelligence

While statements like, “AI’s impact on the business world is unilateral,” are true, they don’t really convey the gravity of revolution we’re seeing unfold. The devil, they say, is in the details, and any true understanding of the technology’s present and future power lies buried in thousands of niche applications.

So, instead of gesturing to some great, vague conceptual expanse like “the private sector,” I’d like to focus on a particular space. Namely, my field of expertise: threat intelligence for cybersecurity. The organizations we work with are seeing three major advantages in applying AI to combat cyber attacks and reduce risk:

1. Identifying breached customer payment data or healthcare records.
2. Uncovering emerging threats to data and technology.
3. Measuring real-world risks from active vulnerabilities and malware. Let’s take a look at each, and explore in detail how AI is being leveraged in this critical space.

Finding the Data Leak

Today it’s a fact of life that companies who transact business online find their data targeted by various forms of cyber fraud. Organizations in highly regulated industries carry a weight of justifiable expectation from users, customers, and patients. They are expected to do everything they can to protect personal information: information that if breached could cause not just significant personal impact on victims but also result in financial loss. In fact, recent research from IBM and the Ponemon Institute puts the average cost of a data breach globally at $3.86 million, a 6.4 percent increase from 2017.¹

Applying AI to collect data from hard-to-reach sources where breached information like payment card numbers or healthcare records are being advertised or traded is vital intelligence for these businesses. Natural language processing is particularly useful in analyzing discussions in foreign language forums on the dark web, and pattern matching can help to reveal relevant BINs (Bank Identifier Numbers), specific payment card types or healthcare information. Applications of this technology mean that when Russian criminal actors, for example, are discussing new cyber threats or selling compromised data security, teams can be alerted in real-time.

Identifying Weaknesses

Businesses are investing significantly in ways to uncover cyber threats before they hit. Research Firm KBV estimates that the threat intelligence market will be worth $9.6bn globally by 2023.²

With traditional threat intelligence methods, human analysts would sift through raw data from sources hunting for relevant information around a potential threat. Today, AI helps scale up that data collection from huge numbers of sources, and machine learning can be applied to keep the intelligence delivered to a human as relevant as possible. The system I work on collects data from over a million sources and can process 350 facts per second.

The ultimate aim is to arm the security analyst with the kind of information they care most about, like a potential threat that targets a business’ technology or is already targeting companies in the same industry.

The Most Vulnerable Vulnerabilities

Managing software vulnerabilities is a key part of every information security strategy. The challenge is there are so many vulnerabilities, and it’s hard to know which ones are actually being exploited. Manually gathering and analyzing all of the references to a new vulnerability from official sources, hacker forums, social media, etc. would be next to impossible.

Here AI can rapidly uncover references from all of those sources, but also use sentiment analysis to determine language that implies that vulnerability is being exploited in the wild or has become part of a commoditized exploit kit.

AI’s Impact on Cyber Security

The overwhelming amount of available threat data is challenging the capacity of human analysts to effectively identify potentially useful information, including uncovering emerging threats that could be relevant to their business. Applying machinery to the collection of data unburdens human analysts to focus on refining new intelligence, which is considerably less time-consuming than gathering, reading, and understanding information from intelligence sources manually.

From a rough calculation, I estimate it would take more than 10,000 humans to collect and process data the way that the system my team and I have built can.

Another big advantage of tasking machines with collecting and processing this kind of intelligence is that it can be made available to other software used by security teams. This portability means even if a security analyst isn’t a threat analysis expert, they can correlate our intelligence with other sources or get a consumable summary that helps them make a fast and confident decision.

What’s Next for AI & Cyber Security

Highly regulated industries will continue to be high-value targets for cybercriminals. As these criminals see declining revenues from their current tools, they will likely also start using AI to launch more sophisticated attacks. Unfortunately (in this case), AI is only getting easier to use…meaning that one can expect this to happen sooner than later.

The targeted industries therefore also need to ramp up their defenses with even more sophisticated applications of AI and machine learning. It is also safe to assume that government agencies monitoring these regulated industries will start using AI to monitor compliance, and thus also drive these companies to invest in new technology to ensure compliance with regulatory requirements.

While it’s all a bit overwhelming, this application is just one of the universe of ways AI is making its presence felt. It’s taken over 60 years for AI to make its way from a summer camp slogan to the forefront of every industry, and, as a lifelong technologist, I am thrilled to witness what applications the coming years will bring.

References

1. For more information, visit www.ibm.com/security/data-breach.
2. Contact Recorded Future for source.

---

About the Author

Staffan Truvé is the Co-Founder and CTO of Recorded Future. He has co-founded over 15 software companies, including visualization pioneer Spotfire (acquired by Tibco) and Appgate (now Cryptzone) for network security. Staffan holds a Ph.D. in computer science from Chalmers University of Technology. He has been a visiting Fulbright Scholar at MIT. His research interests include threat intelligence, machine learning, natural language processing, and information visualization. He is a member of the Royal Swedish Academy of Engineering Sciences.

---

About Recorded Future

Recorded Future arms security teams with the only complete threat intelligence solution powered by patented machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources and provides invaluable context in real-time and packaged for human analysis or integration with security technologies. Visit their website at https://recordedfuture.com