AI-powered cyber platforms will be vital to tackle federal security initiatives
Cyber security has become one of the biggest challenges facing the public and private sectors. Nearly two-thirds of companies worldwide have experienced at least one form of cyber attack. Total attacks are now up to 2,200 per day, or one every 39 seconds.
Federal agencies are not immune to these attacks. In fact, they are often high value targets. Last year, the Government Accountability Office included federal cybersecurity as part of its “High Risk Series,” saying…
READ MORE
Cyber security has become one of the biggest challenges facing the public and private sectors. Nearly two-thirds of companies worldwide have experienced at least one form of cyber attack. Total attacks are now up to 2,200 per day, or one every 39 seconds.
Federal agencies are not immune to these attacks. In fact, they are often high value targets. Last year, the Government Accountability Office included federal cybersecurity as part of its “High Risk Series,” saying the federal government must urgently address major cybersecurity challenges. The GAO report showed that civilian agencies alone reported 28,000 security incidents to the Department of Homeland Security in fiscal year 2019.
Recognizing the growing threat, Congress passed several major legislative initiatives designed to strengthen defenses and reduce the chances of attack. Many of these initiatives highlight information sharing as a critical piece of the federal cybersecurity puzzle.
For example, the recently established Cyber Incident Review Office collects information about cyber attacks to identify successful tactics and procedures and shares that information between agencies and the private sector. That kind of cross-sector collaboration is critical to understanding the threat landscape and predicting when and where attackers will strike.
]]>
New initiatives and regulations seek to neutralize the effectiveness of modern cyberattacks, and much of this comes through information sharing. Much of the congressional and executive branch effort to improve cybersecurity includes regulations governing how and when information should be shared with the private sector, as well as state and local governments. In June, President Biden signed legislation establishing a two-way exchange of information.
The law directs the Department of Homeland Security’s National Center for Cybersecurity and Communications Integration (NCCIC) to help state and local agencies share threat indicators and information about cybersecurity risks and incidents with federal agencies and other SLG organizations. NCCIC must notify state and local agencies of certain incidents and malware that may affect them or their residents.
The directive seems simple enough, but this data sharing only provides insight into known attacks, and this can potentially motivate attackers to become more sophisticated and bypass these security measures. This means that new attacks may still go undetected, as they are unknown and would not have been detected based on data collected on existing incidents.
To identify threats that are unknown or not seen before, artificial intelligence methodologies such as unsupervised learning and natural language processing (NLP) are used. Maintaining data center security requires insight into an ever-increasing amount of data: server logs, application logs, cloud logs, and sensor telemetry are just some of the data sources that need to be addressed. The volume of data makes it a challenge for security operations teams to monitor, analyze and protect organizations from cyber attacks.
Analyzing all the data across the network using traditional solutions is expensive and extremely difficult, which is why cyber breaches are often only discovered after the fact. The combination of GPU acceleration and AI software frameworks helps organizations analyze up to 100% of their data, providing much-needed visibility into often overlooked and underutilized sources of information.
How an AI and GPU-based platform can help
All of this reinforces the basic idea that cybersecurity is a data problem. The best way to solve that problem is to use a GPU platform that uses AI to capture and analyze data that agencies don’t even know they have.
Take the concept of uncaptured and unused data. For a typical enterprise, that amount can be up to 80% of their total data volume that does not have visibility into the security operations center. This dark data is accumulated during operations, but is not used to extract insights. Artificial intelligence-driven technology like NLP is critical to analyzing all the data coming through an organization.
NLP is built to be fast, flexible and adaptable. Language has subtleties that are important to understanding intent in a given context, and these principles can be grafted from the domain of speech to cyber security.
]]>
Modern NLP implementations use transformers as a basic architecture. This type of implementation allows us to understand the subtle context in the language, analyze intent more precisely, and take a more flexible, less fragile approach to the overall solution compared to rule-based approaches.
The acceleration provided by GPUs makes it practical to analyze 100% of an agency’s data in a timely manner. By opening the hatches and letting NLP and unsupervised learning algorithms work, agencies can gain insights using custom models.
Unsupervised learning helps address the lack of available labeled datasets in cybersecurity. Information sharing between federal agencies and SLG organizations will help compare attacks and share key data. However, data sensitivities, such as private sector IP and confidential government data, will prevent full transparency. With unsupervised learning, you can analyze data without having to label it and identify patterns across multiple dimensions to better understand typical patterns of behavior versus anomalies.
Additionally, AI can be used to address more cybersecurity use cases that can identify anomalies faster than before, such as detecting sensitive information, phishing attacks, and malware.
The best platforms include real-time telemetry, policy enforcement, and GPU-driven edge processing to analyze more security data without sacrificing performance. This is achieved by leveraging every computing node in the network as a cyber defense sensor, increasing the power agencies can use to combat cyber threats.
Defending federal, state, and local cyber borders will require an incredible amount of teamwork, and that sharing will also increase the sophistication of future attacks. It will not be easy for agencies to defend against future attacks without unsupervised learning how to deal with new, unfamiliar techniques. But with an AI and GPU-based solution, organizations and governments will be able to collaborate while being armed with a proactive approach to defend against future attacks and protect America’s most sensitive data.
Bartley Richardson is Director of Cybersecurity Engineering at NVIDIA.
]]>
Comments are closed.