AI for Cyber Security
Cyber Security is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, security includes both cyber security and physical security. Ensuring cyber security requires coordinated efforts throughout an information system. Elements of cyber security include application security, information security, network security, disaster recovery and business continuity planning, operational security, and end-user education. One of the most problematic elements of cyber security is the quickly and constantly evolving nature of security risks. The traditional approach has been to focus most resources on the most crucial system components and protect against the biggest known threats, which necessitated leaving some less important system components undefended and some less dangerous risks not protected against. Such an approach is insufficient in the current environment. To deal with the current environment, advisory organizations are promoting a more proactive and adaptive approach that involves continuous monitoring and real-time assessments.
CORTEX aiCYBER is a suite of AI-based solutions for Cyber Security related applications. One of these is a Vulnerability Management as a Service (VMaaS) solution that structures and operationalizes analytics, analysis rules and data enrichment & contextualisation tasks for a more rapid turnaround of received status data and the ability to extract system insights. The problem involves the analysis and visualization of client computer network information, a process between the collection of data and producing actionable analysis, that is costly, timely and involves a significant degree of human processing. This analysis can then be used to automatically instruct specific actors to perform remediating actions for certain vulnerabilities.
Threat modelling is a process by which potential threats can be identified, enumerated, and prioritized, all from a hypothetical attacker’s point of view. The purpose of threat modelling is to provide defenders with a systematic analysis of the probable attacker’s profile, the most likely attack vectors, and the assets most desired by an attacker. Example threats involves malware (includes ransomware), phishing (includes spam), insider abuse and negligence (includes information leakage), targeted attacks (includes exploit kits, botnets, web attacks, identity theft, and data breaches), business partners or service providers, physical loss, denial of service, and espionage. Threat agents can be cyber criminals (which is typically financially motivated, often indiscriminate), insiders (typically disgruntled or dishonest employees), script-kiddies (copycats and/or hack for fun, or grudge), cyber-spies (nation states or competitor sponsored actors), hacktivists, and cyber-fighters or terrorists (naturally or religiously motivated groups).