TDWI | Training & Research | Business Intelligence, Analytics, Big Data, Data Warehousing

Improving Cybersecurity with Artificial Intelligence Solutions

There are countless statistics that indicate how badly organizations are losing the battle to protect data on their networks. AI-based behavioral analysis provides immediate protection against today's advanced attacks.

• By Dave Rosenberg
• September 13, 2016

Database infrastructures are riddled with security blind spots. Evidence from many recent high-profile breaches revealed that attackers operated undetected for many months -- stealing, or in some cases corrupting, the organizations' mission-critical data.

Organizations Need Intelligent Security

There are countless reports and statistics that indicate how badly organizations are losing the battle to protect data on their networks.

According to the IDC study "U.S. Private Sector Cybersecurity Best Practices" from earlier this year, 76 percent of identified vulnerabilities in enterprises were more than two years old. If you believe that's someone else's problem, think again. The same study found that in the past year 70 percent of organizations were compromised by a successful cyberattack.

However, there are reinforcements on the horizon. Attacks against information systems, including databases, can be identified and addressed quickly because of a simple truth -- "the network doesn't lie." Deep protocol analysis of network activity enables advanced analysis techniques derived from artificial intelligence (AI) research to immediately identify unusual behavior. Such approaches can cleanly separate attacks from normal activity in real time.

Information security is witnessing a growing interest in highly intelligent security solutions and moving away from signature-based solutions (blacklists and whitelists). The latest in AI-based security technologies, including deep learning and behavioral analysis, are being deployed to identify and prevent information security breaches such as zero-day attacks and advanced persistent threats (APTs).

Why Legacy Security Is Not Enough

There are two main forces driving this transformation to new AI-based approaches for information security.

First, security professionals have found that signature matching is no longer an effective way to identify modern attacks. Cybercriminals obfuscate their attacks to be unrecognizable to signature matching security systems, and legacy security approaches don't know what the latest threats look like. They can never keep up with today's complex, dynamic attacks by continually fighting yesterday's war. Cybercriminals also automate these attacks to continuously test endless combinations of obfuscated attacks, and eventually they penetrate the target organization undetected.

Second, information security teams are severely understaffed. There are more than 200,000 open positions in cybersecurity in the U.S. alone .

Security operation centers are constantly deluged with alerts and are able to respond to only a small fraction of them. Many traditional signature-based solutions require constant maintenance of their signature files, further taxing already overloaded security teams.

These two dynamic forces are causing security teams across all industries to look to AI-based cybersecurity to alleviate the stress their organizations are now facing. IT teams are beginning to see how accurate AI-based solutions are and how they can improve staff efficiency. One benefit: fewer individuals are required to handle tasks that a smart machine can perform.

Evaluating AI-Based Security Solutions

When considering the move to an AI-based alternative, organizations should look for solutions that non-intrusively analyze traffic. Solutions based on deep protocol extraction, statistical modeling, machine learning, and behavioral analysis help organizations gain real-time, continuous situational awareness of the database infrastructure.

Leveraging machine learning, organizations can automatically create a model of de facto application behavior. Should an application be attacked in an attempt to gain unauthorized access to data on its connected databases, the AI-based solution must be able to identify the resulting behavior as "not normal" and alert appropriately.

As an example, Web applications often produce dynamic and extremely complex structured query language (SQL) as they converse with their connected databases. The application behavior associated with the observed SQL can be modeled in detail. AI-based solutions such as DB Networks leverage deep protocol extraction to discover all SQL statements utilized by applications and the complete client server context over which they interact.

The solution then uses machine learning to construct a unique multidimensional behavioral model of each application. The model uses comprehensive lexical, syntactic, and semantic analyses of the SQL to describe how the applications and databases interact by the meaning of the interaction.

Any SQL statement executions not consistent with the established behavioral model are identified as likely attacks and graded in terms of associated risk. With concrete actionable intelligence, organizations can rapidly react to a security situation with an appropriate and targeted response.

Solutions with deep learning algorithms have the advantage of improving the model over time, so the more SQL statements and execution contexts they analyze, the better they can respond to future threats. Also, if the deep learning process is automatic, there's nothing to configure or maintain. This type of behavioral analysis has proven to be highly accurate at identifying even the stealthiest database attacks in some of the world's largest database infrastructures.

Immediate Protection and Future Trends

With such new approaches being leveraged today, we expect a trend over the next several years of individual AI-based security systems being integrated into organizations' comprehensive, autonomous cybersecurity architecture. In the future, intelligent security sensors will be deployed throughout the network to immediately and accurately identify security events and remediate them with no human intervention.

AI-based behavioral analysis provides immediate protection in the battle against today's advanced attacks and zero-day threats. Although modern attacks are often extremely complex and always changing, what remains constant is that these attacks are inconsistent with normal activity. Exploiting that fact is how they can be defeated. AI has proven its cybersecurity capabilities and is now being widely deployed to accurately identify database attacks and reduce stress on security operations.