There is a lot of excitement and expectation around the role of AI in business, writes Thorsten Kurpjuhn, European Security Market Development Manager at cloud storage and IT software firm Zyxel.
From chatbots on your website offering an enhanced customer experience, to using third party programmes to analyse customer data. Machine learning is starting to find its feet within the SMB community, with many businesses already using it in one form or another – some without even realising it.
When it comes to security, AI has been heralded as the answer to our cybersecurity worries. With SMBs increasingly fighting a losing – and often invisible – battle against malware and cyberthreats. By adding an intelligent, machine-based layer to the traditional firewall approach can arm companies with the necessary tools to keep their networks impenetrable. To get the most out of AI in a security setting, it is vital to understand the key components that make up a robust and reliable solution and the main areas where AI can make a real difference.
Sandbox
It might sound like a holiday activity, but ‘sandboxing’ is an essential part of helping companies deal with the very real and rising threat of cyberattacks. Combatting cyberthreats is not an exact science and with new variants being developed all the time, it can be hard for IT teams to keep up and for a basic firewall to identify a suspicious file from a safe one. But with 53 percent of mid-market companies having fallen victim to a cybersecurity-based breach, and 40 percent of those experiencing eight or more hours of system downtime as a result[1], it is essential to keep all threats at bay.
With threats evolving so fast, the ability to immediately identify a file as unknown is the first step in securing the network. Sandboxing can give this reassurance, as it isolates and contains unknown programs in a safe cloud environment for further investigation away from the main network. Behaviour is then analysed, and the threat verified as malicious or not. The benefit of sandboxing is the speed of isolation and incident response which is only possible by using a secure cloud environment. Sandboxing also ensures that a firewall can continually learn and bolster its defences, by analysing the traffic and files which try to enter the network. This feature means that protection can constantly evolve to remain robust and reliable, no matter what is thrown at the network.
Mitigate the threat
Any solution deployed to secure your company from external threats is only as good as the very latest information it is based on. Using a firewall alone to block malware, is like relying on an old umbrella with holes to keep the rain off: it will get through and you will get wet. The only way to block the very latest malware is to empower and constantly update your defences.
In addition to sandboxing unknown threats, your defence strategy needs to be fed up to the minute information and insight in order to block and defy zero-day malware from taking hold. Indeed, research from the Ponemon Institute[2] found that advanced malware and zero-day attacks increased from 16 percent to 24 percent over the past year. By using reliable sources, including feedback from devices, third party data and top ranked threats, the firewall can be optimised to strengthen malware blocking capabilities.
As well as threats entering the network via malicious emails and file attachments, compromised websites can also cause a huge amount of damage to day to day operations. If your staff inadvertently visit a site which has been infected by a botnet or its command and control server compromised, then this could have disastrous consequences for your business.
Your own website is also prime target for attack and key gateway for criminals to infiltrate your network. With SMBs relying on their website as the main sales tool and window into their offering and brand identity, any compromise can be fatal. A data breach or halt to operations can cause reputational and financial damage, which many SMBs might simply never recover from. Indeed, figures from the (US) National Cyber Security Alliance suggest that the cost of a cyberattack can be high enough to put an SMB out of business, with 60 percent of those affected going out of business within six months.
To stop your staff putting the business at risk by unwittingly visiting infected websites, and to keep your own website safe from attack, you need to deploy an intelligent botnet and content filter as part of your firewall defences. This will ensure that all URLs visited by users are checked for cyberthreats, based on local and wider knowledge. If a site is malicious and riddled with malware and botnets, users will be blocked from accessing it.
Whilst these are just a few examples of the role that AI can play in keeping your network safe, the fundamentals can be applied to so many elements within the security landscape. Businesses are only just starting to scratch the surface of the capabilities of AI but what is clear is that it is essential to have a network security solution that can cope with change and deal with the known, unknown and threats closer to home. The only constant in an ever-changing threat landscape is AI.
