In today's cyber warfare, traditional defense strategies fall short against the relentless onslaught of threats. At ActZero, we are on a mission to revolutionize cybersecurity by leveraging Artificial Intelligence (AI). With our expert team, we're dedicated to building the ultimate defense system – an autonomous SOC (Security Operations Center) designed specifically for small and medium-sized businesses. As AI evolves, making tasks significantly more efficient in cybersecurity, here are the most advanced areas where AI makes a difference for both attack and defense.
AI at the Endpoint
Vulnerabilities lurk behind every line of code, and AI emerges as a game-changer in cybersecurity. There’s somewhere between 7-12 vulnerabilities for every line of code. To put that into context, Windows 11 is about 50 million lines of code and TikTok is about 15 million. Just like gold mining, it takes work to mine the vulnerabilities from that code.
Imagine a tool capable of slashing the time required to detect bugs from 16-20 engineering hours to mere minutes. That tool is called a large language model or LLM, and it’s what ChatGPT, Bard and LLaMA are based on.
Envision a world where 600 million potentially exploitable Windows vulnerabilities could be mined every minute. Such a reality renders platforms like TikTok obsolete in the realm of cyber threats.
With an average of 50 applications on Windows and 80 on iOS and Android, in addition to the operating systems themselves, the endpoint emerges as a critical battleground in combating cybersecurity threats.
Over the past four years, our Machine Learning (ML) detections on endpoints and mobile operating systems have surged, accounting for approximately 40% of the blocks that safeguarded our customers. This achievement is particularly noteworthy given the immense number of attempted exploits—some months witnessing nearly 850,000 attacks. This makes block rates just under 100%, which as mentioned in an earlier post is key criteria when buying security for your endpoint.
Notably, our approach encompasses not only traditional endpoints but also mobile devices like iOS and Android. While many Managed Detection and Response (MDR) providers overlook mobile devices as a threat vector, we recognize their significance. Our ability to protect and monitor these devices reveals that they are targeted in roughly 40% of cyber attacks, further emphasizing the importance of comprehensive endpoint and mobile security solutions.
AI in Log Analysis (Cloud, Firewall and Email)
Deep within your Office365 and G-Suite lie logs teeming with valuable information: records of user sign-ins, alterations made, origins of access, browser preferences, and data transmission details. For years, these logs accumulated aimlessly, waiting for a crisis to justify their existence. It fell upon overwhelmed admins and forensic specialists to sift through this sea of data, to ‘zero in’ on critical events – a daunting task indeed.
For most organizations, the volume of these logs may seem manageable, perhaps a mere 5 gigabytes per day. Yet, within each gigabyte reside a staggering 100,000 logs, with hundreds generated every second per user or device. Navigating this labyrinth of data resembles the proverbial search for needles in haystacks, a task made feasible only through the application of advanced machine learning techniques.
We recognized the potential of machine learning in taming this data deluge. By deploying pre-trained models, we've augmented our detection capabilities, transcending cloud boundaries to identify account takeovers across platforms like Google, AWS, Azure, and Salesforce. The key lies in proactive detection and response – swiftly identifying unauthorized access attempts and automatically blocking them.
This approach addresses a longstanding cybersecurity challenge: how to detect and mitigate threats arising from compromised credentials – your password, MFA token, or API key.
By leveraging machine learning to analyze system logs, we've streamlined the detection and response process, particularly within the domains of cloud services, network firewalls, and email systems. Through automation and intelligence, we equip our customers with the means to safeguard their digital assets effectively.
AI Unravels Cyberattack Complexity
Attacks rarely target a single entity in isolation. Much like the movie Oceans 11, successful cyberattacks often involve a series of interconnected vulnerabilities and oversights. Whether the IT team missed an installation of Endpoint Detection and Response (EDR), a lapse in Multi-Factor Authentication (MFA) implementation, or an unexpected breach in a seemingly unrelated system like our Voice network, the complexity of modern threats demands a comprehensive approach to defense.
We embarked on a quest to develop AI-driven solutions capable of piecing together the puzzle of cyberattacks. Our objective was clear: to provide analysts with a holistic view of adversary activity and even predict potential threats before they materialize. After years of dedicated research and development, our team cracked the code, unveiling ActZero ZeroIn™.
ZeroIn represents a paradigm shift in cybersecurity, offering analysts unprecedented insights into attack vectors and vulnerabilities. By correlating data from various sources, ZeroIn illuminates critical questions: Are users accessing email from unprotected devices? Which systems lack crucial protections like CrowdStrike? What pathways did the attacker traverse, and which systems remain vulnerable to exploitation?
Through ZeroIn, organizations can proactively identify and mitigate cyber threats, transforming reactive defense strategies into proactive, predictive measures. With ZeroIn at their disposal, analysts can stay one step ahead of adversaries, safeguarding digital assets with unparalleled precision and foresight.
AI ChatBots and Search
Whether you watch Star Trek, Marvel Movies or Knight Rider an AI isn’t just a query language: it embodies a wealth of knowledge and serves as a trusted companion, akin to a reliable butler. Through Large Language Models (LLMs), we've unlocked a lot of creative functions to enhance user experience, but search is definitely the best. By seamlessly integrating LLMs into our query system, we've tapped into the full power of SOC data.
This integration empowers us to swiftly address pivotal questions: Which systems or users face the greatest vulnerability? What measures can be promptly implemented to fortify defenses against potential attacks? The ability to engage with threats, vulnerabilities, remediation processes, and logs in a seamless manner accelerates forensic analysis from days to mere minutes. Furthermore, it facilitates efficient triage, remediation, and communication protocols, ensuring rapid and effective response to emerging threats.
While our primary objective remains the prevention of adversarial actions, simplifying communication and reducing the skill barrier in executing defensive measures levels the playing field against cyber adversaries.
Adam Mansour, ActZero's Chief Security Officer, brings over two decades of experience in cybersecurity. He spearheads the company's VCISO and tech integration, driving ActZero's MDR services to the industry forefront.