Cyber experts ponder whether next generation firewalls (NGFW) would be able to block cyber attacks involving artificial intelligence (AI) and machine learning. The methods and tools for cyber security have evolved over the years, and so have the threats, technologies, and sophistication in attacks. It is feared that AI + machine learning would be able to breakthrough NGFWs.
Affordable Artificial Intelligence
AI, which was prohibitively expensive earlier has become comparatively more affordable, so that not only well-funded nation-state actors but even moderately funded cyber criminal groups are able to have a go. Penetrating through the firewall defenses of an enterprise network maybe just getting through a layer of defense. But, it is like breaching a fort.
Firewalls typically provide protection at the network layer. Cyber criminals are now utilizing transport layer security (TLS) and focussing their attacks on the application layer to hide their connections. These malicious connections are not detectable by most Firewalls.
Nowadays, it is not very difficult to build an AI hacking platform. The software required – such as OpenAI or TensorFlow – are quite easily available, and computing power can be stolen from compromised computers. Utilizing these resources, the threat actors focus their attacks on the application layer. They now attempt to exploit even known vulnerabilities using application security scanners.
Threat actors have resorted to sending traffic over TCP, wrapped in HTTPS, to thwart detection. Since it is https, most networks will allow it. Further, the cyber criminals run their command and control server from a legitimate (but compromised) website. To thwart these types of attacks, enterprise IT security administrators install web application firewalls. However, cyber criminals seem to have found out ways to penetrate these firewalls.
Hackers are employing numerous methods such as phishing attacks, spear phishing attacks, and drive-by-downloads to infiltrate an enterprise network. Penetrating the network and infecting an endpoint gives a foot-hold for the attacker. Once inside they are able to spread within the network and infect other endpoints. Removing an attacker and the malware from the endpoints is a cumbersome task. As always, prevention is better than cure. The use of public Wi-Fi by mobile employees to access the enterprise network on their devices (laptops, smartphones, etc…,) is a grave risk, which is capitalized by the attackers.
The Importance of Endpoint Security
This is where endpoint security (an antivirus solution) is of paramount importance. A robust endpoint security can detect real-time malicious activity based on behavioral monitoring.
How to Stay Secure
- Get an advanced firewall protection – web application firewalls (WAF) -that can detect and block AI + machine learning-based attacks
- Get robust endpoint point security