What is Defensive AI and Why is it Essential in Bot Protection?
What is Defensive AI?
The definition of Artificial Intelligence (AI) has been thrown around whilst it has risen to the top of the tech agenda over the past couple of years. Security professionals have determined AI to be a risk to businesses, and also an opportunity. But could it also be a way to better defend your network against attacks?
For many years, AI and Machine Learning have gone hand in hand; with AI used to better determine defensive decisions and cut down on the human element in more basic functions. However now we’re in the world of generative AI, and of AI being used to process large amounts of data into usable and readable documents, and even replicate humans altogether.
A survey from the end of last year found that 77% of cybersecurity professionals believe that the capabilities of offensive AI are outpacing defensive AI. There are serious concerns about the rogue use of AI.
Another survey found that 48% of cybersecurity professionals anticipate a positive impact from AI. 72% of respondents believed that AI automation will play a key role in alleviating cybersecurity talent shortages.
That is one of the main concerns about AI being used in the defensive side. It is seen as an aid to the way professionals work, and not something that can change the way a model operates – as with the offensive side.
However the negative side of AI has often captured the headlines, with talk of deep fakes and malware being created and distributed by machines.
The Benefits of Using AI for Cybersecurity
With this in mind, could AI be used as a more defensive option, rather than one that is in the toolbox of the attacker? Is fighting fire with fire the best option to deal with automated attacks? Do we need to reply to the offensive capabilities with the same level of technology?
Firstly, we need to determine what exactly defensive AI is, and if it could be the best countermeasure to offensive AI. Matthew Gracey-McMinn, head of threat research at Netacea, determines defensive AI as “something capable of responding at machine speed” to developing attacks, particularly using AI’s capability of learning, particularly through trial and error.
“Defensive AI will allow you to adjust and react and manipulate and change defenses on the fly in order to protect against attacks,” he says, pointing out this is “pretty much the only way to try to battle offensive AI.”
Gracey-McMinn also claims that the era of person versus person, with each on a keyboard and one attacking and one defending trying to stop them, is coming to an end. “We’re moving more towards humans acting more like the conductor of an orchestra.”
Andy Still, CTO & co-founder at Netacea agrees, saying that defensive AI will “look at how we can use all the various sources of data that we’ve got about what’s going on, to aggregate those and run complex analysis for behavior and patterns across all those different systems to determine cause and effect.”
Defensive AI is Becoming More Accessible
According to Secure-IC, “the progress in AI acceleration is opening new doors” and can now allow AI to be used for defensive purposes. Past requirements for “high computing resource requirements” prevented its use, until now.
Now the uses of defensive AI can include the creation of attack detection models based on datasets of existing data, and on the rapid analysis of complex data to identify weaknesses and vulnerabilities. Also there is the use of AI in speeding up the process of reverse engineering, and the process of threat detection too.
That process of ingesting large amounts of data to produce readable results is one of the key facets of defensive AI, with Andrew Ash, CISO at Netacea saying trillions of log lines of data is ingested on behalf of customers, and then used in machine learning to provide protection for the customers.
He says: “Without that scale, without that AI, we wouldn’t be able to do that. This data isn’t human readable.”
Defensive AI in Bot Protection
If we can determine how AI can be used in a more defensive mode, we need to know if this can be used in defence against attacks, more specifically against an automated – or bot – attack.
Firstly, we need to understand what a bot attack is. A bot attack uses automated scripts to disrupt a site, steal data, make fraudulent purchases, or perform other malicious actions.
Last year, Netacea determined that it takes four months on average to detect a bot attack. 97% of surveyed security professionals admitted it takes over a month to respond.
Still says that defensive AI is essential to stop sophisticated bot attacks because of the complexity bot attackers are using. “We are seeing increasingly that the level of attacks, the number of attacks and the technology being used just can’t be stopped by any traditional defensive systems,” he says.
The most recent Netacea report determined that the main threats posed by bot attacks include credential stuffing, web scraping, and sniper attacks.
However, that research found that it can take between three and four months to realise that an attack is taking place, or that there is an attacking bot on the network. In fact, 97% of organisations researched said it will typically take over a month just to respond to a malicious automated attack.
Still says in the future, there will be less human involvement in the defense of attacks such as this, and a SOC engineer will not be required to respond. “Without having massively expanded teams of engineers available to respond to alerts, you will need automation around that.”
However, that SOC engineer can be given the information, processed by the defensive AI capabilities, to monitor the activities that are happening, and validate that the AI is working correctly.
The Benefits of Defensive AI in Bot Protection
This is where security professionals can use AI in a more defensive manner: if detections can be done using automated techniques, then it cuts out the time taken by the human factor and should make detection and response more rapid.
In time this capability could become more present on the edge, with the ability to spot bot attacks quicker and as they make an initial attempt to attack. Rapid analysis of large amounts of data allows for analysis of which actions are malicious.
“Attackers these days can blend in very effectively with what looks like legitimate behavior; you need that level of sophistication to be able to effectively extract that malicious behavior from the very large crowd,” Still concludes.
Embracing Defensive AI in Your Bot Protection Strategy
Since launching in 2018, Netacea has fully embraced defensive AI as our primary strategy against bot attacks. Machine learning is a core building block of the Netacea Bot Protection platform, meaning we are well ahead of the curve in dealing with today’s complex attacks.
Find out more about how our platform uses AI to stop bot attacks, even those we’ve never seen before, with speed and accuracy.