Machine learning algorithms and other forms of artificial intelligence (AI) obviously have a role to play in improving IT security. Darktrace, for example, has been employing AI to help customers discover anomalies indicative of cyber threats. Now the company is extending that capability to discover security attacks as they occur and remediate any associated vulnerabilities.
Justin Fier, director of cyber intelligence and analysis for Darktrace, says Darktrace Antigena extends the use of machine learning algorithms to enable IT organizations to detect cyberattacks in real time. As an extension of the agentless Enterprise Immune System platform Darktrace previously developed, Fier says Darktrace Antigena will automatically implement policies and rules as soon as a cyberattack is detected.
That’s critical, says Fier, because most existing security technologies depend on rules and signatures to defend against cyberattacks. But many of the attacks being launched today have never been seen before.
“There are no rules or signatures for them,” says Fier.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
Fier says Darktrace Antigena can be employed to continuously monitor any device on the network. It takes about a week for Darktrace Antigena to set a baseline for the normal state of the network. From there, Darktrace Antigena continuously learns how data should be accessed on the network. Any deviation can either then be automatically quarantined until it can be further investigated, or alternatively, Fier says, Darktrace Antigena can be configured to simply alert an IT administrator without taking any direct action.
It’s a little too early to say what impact machine learning and other forms of AI will have on the roles that IT security professionals play inside most organizations. Many of them spend an inordinate amount of time chasing down potential threats that wind up being false alarms. It may even turn out that demand for cybersecurity professionals will decline. Whatever happens, however, much of the drudgery associated with maintaining IT security is clearly about to be eliminated.