Diego Samuel Espitia Montenegro

Chief Security Ambassador at ElevenPaths

In recent years, artificial intelligence has found a space for itself in almost everything people do, or at least those activities where data is used to make them work. Cybersecurity is therefore one of the activities that has been most improved by this technology; in most cases, the processes it uses to manage information have significantly improved. However, there are some cases where cyber-risks have been increased thanks to this increase in artificial intelligence.

One way to analyze how much of an impact AI has had is to calculate the reduction in the time that Red and Blue Teams need to carry out different tasks. In this case, automation has a clear effect, reducing response time by around 40% for many of these tasks.

This is even more evident, and has greater application, in tasks that do not directly affect organizations’ processes, but that occur externally and need to be monitored and detected in as little time as possible to minimize the risk of information being exposed or suffering an undetected breach. These processes are Threat Hunting and identity management.

Let’s start with Threat Hunting…_

At the moment, this activity is essential to prevent incidents, as well as to discover the possible actors who are interested in or have attempted to carry out malicious actions on information. The reason for this is the fact that there is an increasing number of vectors, there is no longer a defined perimeter, and attacks can come from anywhere in the world.

This generates thousands of data points that need to be analyzed and monitored in as close as possible to real time. This means that it is nearly impossible to use traditional mechanisms. Here is where AI is a vital support mechanism when it comes to improving threat detection capabilities and false positive filtering.

But this isn’t something that can happen overnight. AI systems require a period to learn about network characteristics, discover IoC sources, determine the level of risk associated with detections, and validate strings of investigations that could be carried out. Other tasks that must be performed are confirming the information from different intelligence sources and discovering how to incorporate new sources, among other processes that are required before valuable intelligence data about threat detection can be acquired.

However, this period is not necessarily very long when you have the right collaborators and when you use services that have mature automation processes. In these cases, you can start with a baseline of IoCs and threat knowledge oriented at each economic sector that needs to start an effective threat hunting processes and generate value in detections over a short period of time.


Diego Samuel Espitia Montenegro, Chief Security Ambassador at ElevenPaths (Compañía de Ciberseguridad de Telefónica)

Now Identity Management…_

Most security incidents are cause by weaknesses in user authentication mechanisms, and more so now that collaborative tools, which are hosted in the cloud and available from any connection anywhere in the world, are an essential part of work.

This brings challenges that companies must begin to face by applying techniques that ensure secure authentication but do not involve much work for users. There has been a low uptake of multi-factor authentication in companies, most of which have been limited by users, who consider multiple requests or steps to log in to a service to be limiting, and prefer not to use such systems.

This kind of authentication employs fingerprints, or facial or voice recognition, using artificial intelligence mechanisms to reduce authentication errors. However, AI techniques can also be used to get around these authentication mechanisms. Known as deep fakes, many attacks have been developed that minimize systems’ capabilities to guarantee secure authentication for users.

This is why efforts have been made to make authentication processes as transparent as possible, using only data that the user has provided without realizing. This could include the device used to connect, the location of the connection, or behavioral analysis of the system. Many of these processes have already been implemented on social networks, operating systems, and some Internet services.

This is the basis of what is known as continuous authentication. The aim of continuous authentication is to guarantee users’ identity via artificial intelligence mechanisms that analyze people’s behavior through how they interact with devices. This allows each action to be a parameter to authenticate the user.

In conclusion_

As you can see, artificial intelligence has a wide range of applications in cybersecurity. This technology is used to improve detection and prevention processes, as well as to provide the tools needed to reduce risk exposure times.

It is also important, however, to remember that AI also provides cybercriminals with more effective tools to attack heavily monitored systems. This is why it is so important that prevention and identification mechanisms also have almost real-time detection and reaction capabilities.