Security

Artificial Intelligence Can Look Backward So People Can Move Forward

Through data analysis, AI can make a big difference in cybersecurity initiatives.

Linus Barloon II is global head of threat detection and response for CDW.

A few years ago, CDW restructured our cybersecurity team, and we made it similar to the one at my previous job, where I was CISO for the U.S. Senate. In the Senate, we focused on how we could be more proactive, predictive and adaptive and how to use threat intelligence to gain a better understanding of adversaries and what they can do. We sought to be more aware of what adversaries are doing and how to pivot as they pivot.

As cyber operators, our challenge is understanding who the adversaries are, who our customers are and how our networks look, then sitting within that matrix to observe any change. Applying that on Capitol Hill led us to understand how we could be more proactive.

Around 2007, when I was in the U.S. Air Force, I led a mission to see how we could go toe-to-toe with the National Security Agency’s red team. In this exercise, the NSA won the first match, but it lost the second one. We became the first Department of Defense entity to take down the NSA’s red team. While we were proud of that achievement, it was important we learned from the experience.

We were able to learn through analysis. And that’s exactly how artificial intelligence can help cybersecurity operations.

Click the banner below to begin developing a comprehensive cyber resilience strategy.

x-cyberresillience4-static-2024-na-desktop

x-cyberresillience4-static-2024-na-mobile

Protect Users by Learning How They Operate

In the U.S. Air Force, we were able to find adversaries by determining what made them look different than anyone else. How can you use AI or machine learning to look for the blue M&M in a bag of blue Skittles? How can that help us understand what adversaries are doing? By doing so, we can be more adaptive and predictive rather than reactive.

From a cyber defense perspective, think about what the attack surface looks like today. Adversaries, of course, will look for the weakest link in the chain and go for the easy targets. They will attack endpoints without firewalls, but they are also going after our coworkers and our users. It’s users who click on malicious links and who go to malicious websites. It’s users that click on ads that pop up on their profiles. That’s where adversaries are hiding.

From a perspective of scope and scale, one of our challenges is understanding who the customer is. At CDW, my customers are our sellers. These vendors are reading every email that comes in to say, “I have this proposal or this request for information, and I need to respond.” And they have to read their email to conduct business.

Click the banner below to see which IT professionals who had the biggest impact on government in 2024.

FTQ4-itinfluencerlist-static-2024-clickhere-desktop

FTQ4-itinfluencerlist-static-2024-clickhere-mobilep

Use AI to Produce Content to Alert Users to Cyberthreats

It might be easy for me to question why you must open attachments or click on links, but the truth is that my customers are driven to conduct their business. You have to look through the eyes of the customer, and the customer has to open that message. So, the challenge that we are tackling is how we can use AI to share awareness information. We want to share that information to educate coworkers on what adversaries look like today.

As a cybersecurity professional, I may write in geek speak. It may make sense to me, but it may not make sense to my customers. How can we understand our adversaries and create content to educate our coworkers?

How can we leverage AI to create that content? From a staffing perspective, we have successfully grown our team, but we have to apply a certain level of prudence because we cannot hire everyone. How do we develop that content to distribute to our users so they understand the next trick an adversary will use to ensnare you?

In the cybersecurity equation, it’s always going to be the adversary, the cybersecurity program and then the user. The user and the cybersecurity professional must partner to combat what the adversary can do. The cybersecurity program cannot succeed without the user.

If the only time user see something from the cybersecurity program is once a year in a training session, I have failed in my job of telling users what the adversary looks like. How can we use the awareness program to advise the user community on how we have seen the adversary change and provide them with actionable information to defend themselves?

UP NEXT: GSA is assessing generative AI.

Analyze Patterns with AI to Thwart Malicious Activity

AI allows us to look backward to empower people to move forward. When you look at AI and cybersecurity, it’s all about analysis. Use analysis to understand what daily routines look like and how they might change. You can certainly throw more people at the problem of looking at logs or alerts or things that don’t seem quite right.

How can the machines learn what the network is doing on a day-to-day basis to look for anomalies, then pass this information off to our analysts?

Instead of focusing on 15,000 devices with a standardized image, look for the one that demonstrated different activity. Allow ML to absorb what the network looks like and to determine what’s normal and when something is wrong.

This article is part of FedTech’s CapITal blog series.