Unraveling Cyber Defense Model Secrets: The Future of AI in Cybersecurity

By: Arijit Dutta, Director of Data Science 

Welcome to the Unraveling Cyber Defense Model Secrets series, where we shine a light on Adlumin’s Data Science team, explore the team’s latest detections, and learn how to navigate the cyberattack landscape. 

The increasing threat landscape for organizations has forced cybersecurity teams to adopt digital transformation. The COVID-19 pandemic has further complicated matters by accelerating the adoption of cloud services, leading to a proliferation of cloud providers and a surge in the number of IoT devices transmitting data to the cloud.  

This complex web of interconnections has brought about greater scale, connectivity, and speed in our digital lives but has also created a larger attack surface for cybercriminals. Responding to these challenges, cybersecurity teams are turning to AI-powered automation, especially machine learning, to uncover, evaluate, and effectively counter system, network, and data threats. Understanding the role of AI in cybersecurity is critical for organizations to protect themselves against malicious cyber activities effectively. 

In this blog, we explore the current technologies available, the exciting developments on the horizon, and the transformative impact of AI. 

Current, Upcoming, and Future AI Technology  

As in most industries, AI technology is indispensable in organizations today for distilling actionable intelligence from the massive amounts of data being ingested from customers and generated by employees. Organizations can choose from various available data mining and AI methods depending on desired outcomes and data availability. For example, if the goal is to evaluate each customer for digital marketing suitability for a new product, “supervised” methods such as logistic regression or decision-tree classifier could be trained on customer data.  

These use cases require customer data on prior actions, such as historical responses to marketing emails. For a customer segmentation problem, “unsupervised” methods such as density-based clustering algorithm (DBSCAN clustering) or principal component analysis (PCA) dimensionality reduction are called for, where we don’t impose prior observations on specific customer actions but group customers according to machine-learned similarity measurements. More advanced methods, such as Artificial Neural Networks, are deployed when the use case depends on learning complex interactions among numerous factors, such as customer service call volume and outcome evaluation or even the customer classification and clustering problems mentioned earlier. The data volume, frequency, and compute capacity requirements are typically heavier for artificial neutral networks (ANNs) than for other Machine Learning techniques. 

The most visible near-term evolution in the field is the spread of Large Language Models (LLM) or Generative AI, such as ChatGPT. The underlying methods behind these emergent AI technologies are also based on the ANNs mentioned above – only with hugely complicated neural network architectures and computationally expensive learning algorithms. Adaptation and adoption of these methods for customer classification, segmentation, and interaction-facilitation problems will be a trend to follow in the years ahead. 

Cybersecurity Solutions That Use AI 

At Adlumin, we develop AI applications for cyber defense, bringing all the techniques above to bear. The central challenge for AI in cyber applications is to find “needle in haystack” anomalies from billions of data points that mostly appear indistinguishable. The applications in this domain are usefully grouped under the term User and Entity Behavior Analytics, involving mathematical baselining of users and devices on a computer network followed by machine-identification of suspicious deviations from baseline. 

To skim the surface, here are two solutions cybersecurity teams use that incorporate AI: 

Two Automation Cybersecurity Solutions for Organizations  

User and Entity Behavior Analytics (UEBA)

UEBA is a machine learning cybersecurity process and analytical tool usually included with security operation platforms. It is the process of gathering insight into users’ daily activities. Activity is flagged if any abnormal behavior is detected or if there are deviations from an employee’s normal activity patterns. For example, if a user usually downloads four megabytes of assets weekly and then suddenly downloads 15 gigabytes of data in one day, your team would immediately be alerted because this is abnormal behavior.

The foundation of UEBA can be pretty straightforward. A cybercriminal could easily steal the credentials of one of your employees and gain access, but it is much more difficult for them to convey that employee’s daily behavior to go unseen. Without UEBA, an organization cannot tell if there was an attack since the cybercriminals have the employee’s credentials. Having a dedicated Managed Detection and Response team to alert you can give an organization visibility beyond its boundaries. 

Threat Intelligence

Threat intelligence gathers multi-source, raw, curated data about existing threat actors and their tactics, techniques, and procedures (TTPs). This helps cybersecurity analysts understand how cybercriminals penetrate networks so they can identify signs early in the attack process. For example, a campaign using stolen lawsuit information to target law firms could be modified to target organizations using stolen litigation documents.

Threat intelligence professionals proactively threat hunt for suspicious activity indicating network compromise or malicious activity. This is often a manual process backed by automated searches and existing collected network data correlation. Whereas other detection methods can only detect known categorized threats.   

AI Risks and Pitfalls to Be Aware of 

When building viable and valuable AI applications, data quality and availability are top of mind. Machines can only train on reliable data for the output to be actionable. Great attention is therefore required in building a robust infrastructure for sourcing, processing, storing, and querying the data. Not securing a chain of custody for input data means AI applications are at risk of generating misleading output. 

Awareness of any machine-learned prediction’s limitations and “biases” is also critical. Organizational leadership needs to maintain visibility into AI model characteristics like “prediction accuracy tends to falter beyond a certain range of input values” or “some customer groups were underrepresented in the training data.”

Operationally, an excellent way to proceed is to build and deploy a series of increasingly complex AI applications rather than being wedded to a very ambitious design at the get-go. Iteratively adding functionality and gradually incorporating more data fields can make measuring performance easier and avoid costly mistakes. 

Organizations Embracing AI 

Organizations need to build a cybersecurity infrastructure embracing the power of AI, deep learning, and machine learning to handle the scale of analysis and data. AI has emerged as a required technology for cybersecurity teams, on top of being one of the most used buzzwords in recent years. People can no longer scale to protect the complex attack surfaces of organizations by themselves. So, when evaluating security operations platforms, organizations need to know how AI can help identify, prioritize risk, and help instantly spot intrusions before they start. 

Stay Informed

Subscribe to Adlumin’s blog series and gain access to actionable advice and step-by-step guides from cybersecurity experts. Join our community and be part of the frontlines against cyber threats.

CUInsight: 3 Questions with Adlumin’s Jordan Gackowski

In this episode, CUInsight’s Publisher & CEO, Lauren Culp, interviews Jordan Gackowski, Adlumin’s Senior Sales Engineer. They delve into critical strategies to combat social engineering attacks within the credit union sector. The discussion revolves around three key questions:

  1. What are effective strategies credit unions can adopt to fortify their defenses against cyber-attacks, particularly phishing and pretexting?
  2. How do you secure sensitive data storage and transmission, especially when collaborating with external partners and vendors—a crucial concern for credit unions?
  3. How can credit unions harness technologies like artificial intelligence and machine learning to bolster their cybersecurity posture?

How Adlumin’s Progressive Penetration Testing Helped a Financial Institution Immediately Identify Vulnerabilities

Discover how Adlumin’s Security Operations Platform empowered this financial institution to take control of their security and compliance, uncover hidden cyber threats, and streamline data analysis and compliance workflows.

In this paper, you’ll learn how, using Penetration Testing, they successfully identified and remedied critical security gaps within minutes, providing actionable insights to safeguard against potential breaches.
Curious about the potential benefits of Penetration Testing for your financial institution? Download this paper today.

The LifeLong Customer: Navigating Cybersecurity's Seas of Trust and Growth with Robert Johnston, CEO at Adlumin

Join host Brad Hammond in this episode of the Lifelong Customer podcast, as he dives into a conversation with Robert Johnston, CEO of Adlumin. A former Marine with a strong cybersecurity background, Robert shares the genesis of Adlumin and its transition from military operations to private sector entrepreneurship.

Explore the vital role of cybersecurity in today’s digital landscape and how Adlumin revolutionizes security operations with its unique command center approach. Robert discusses the company’s market niche and the effectiveness of a channel-based go-to-market strategy. Gain insights into Adlumin’s growth journey from humble beginnings to a significant industry player, all while prioritizing customer value.

This episode offers a wealth of advice, from navigating product-market fit challenges to transitioning from founder-led efforts to professional management—a must-listen for those navigating the complex waters of cybersecurity entrepreneurship.

Listen on Apple Podcasts or Spotify.

Adlumin Helps a Healthcare Provider Defend Against 250,000 Daily Attacks

This paper highlights the cybersecurity challenges faced by Sky Lakes, a custodian of sensitive patient data vulnerable to cyberattacks due to limited resources. They lacked effective security tools to investigate external endpoints and needed to prevent another technology infrastructure loss after a ransomware attack. Sky Lakes sought a solution to meet regulatory requirements like HIPAA. The results reveal that Adlumin’s Security Operations Platform successfully defends against daily attacks, saving time and resources through tool consolidation into a user-friendly dashboard. Adlumin’s one-touch compliance and reporting also facilitated quick cybersecurity enhancements, ensuring comprehensive protection and valuable insights.

School District Boosts Security for 19,000 Students and 2,600 Employees with Adlumin

This paper discusses the implementation of a Security Operations Platform (SOP) to address challenges in centralizing data, streamlining alert monitoring, and optimizing a lean security team across 27 schools in Southwest Utah. By adopting Adlumin’s SOP and Managed Detection and Response solution, the organization achieved impressive results. They reduced ticket closure times to just 5 minutes, swiftly addressed potential vulnerabilities in 15 minutes, and gained enhanced visibility through Google Workspace integration. Continuous vulnerability management also played a key role in minimizing response times and improving overall team productivity by consolidating event management into a single platform.