The evolution of AI within the cybersecurity landscape has led to the discovery and mitigation of new cyber-events and attack vectors. The result is a rush by organisations to build more automated and intelligent security defences using techniques like Machine Learning, Deep Learning and Natural Language Processing. In this article, Lori MacVittie, F5 Distinguished Engineer, explains how organisations can use Artificial Intelligence to ensure a seamless automation approach within their security.
In the popular story The History of Poisoning Wells, an ancient Mesopotamian tale highlighting the cruellest threat to the region’s water supply, jihadists destroyed human life in the Iraqi town of Snune and further poisoned every well they could get their blood-stained hands on.
Some wells they choked with oil, while others were jammed with ragged metal debris.
All in a bid to kill every functioning water outlet left and reduce the agriculturally rich district to nothing.
The bigger lesson was that whether by cutting off access to wells or using wells as a force multiplier for spreading diseases, the town well is always a significant attack vector to the enemy.
In today’s cybersecurity context, we can liken the analogy of the town well to a script or an API endpoint that initiates automations to drive change into infrastructure, applications and digital services within an organisation.
F5’s 2022 State of Application Strategy Report stated that 78% of organisations employ a rich set of automation across IT for the above purposes, highlighting the prevalence of automation to drive changes into complex, hyper-scale systems operated by tech giants like Facebook, Twitter, Amazon and others.
Just like the ancient well, today a single script can affect thousands of systems within minutes, unlike years ago when it should have taken days or weeks.
Automation is a force multiplier allowing operations of all kinds to scale in ways that human beings could never achieve. It is the cornerstone of scaling processes, practices and business. It is always said that an organisation cannot become a digital business without automation as it is one of the six key capabilities organisations need to successfully capitalise on data, adopt Site Reliability Engineering (SRE) operations and infuse digital services with the ability to adapt through modern app delivery.
As the meaning goes, automation is automatic. Once begun, it is difficult to intercept the cascading changes across systems and its speed is impossible to stop.
Several instances of automation propagating unintended changes have impacted large swathes of the Internet as a bad parameter pushed into a script is almost impossible to recall. So, the well becomes poisoned once the enter button is pushed or when the API endpoint is invoked.
Also, threats of human error and the security of IT automation are overlooked attack vectors that can eventually be exploited even if it takes a decade. According to the latest Uptime Institute research, ‘nearly 40% of organisations have suffered a major outage caused by human error over the past three years.’ This is where AI and Machine Learning (ML) get involved.
The use of Machine Learning to protect IT automation
Machine Learning is adept at uncovering patterns and relationships between data points. Today, most industries utilise Machine Learning to solve security and operational challenges like identifying humans and bots, recognising attacks and predicting imminent outages.
An unexplored area is app infrastructure protection (AIP). For example, F5 Distributed Cloud AIP uses Machine Learning to understand how operators and admins interact with critical systems and immediately notices when an interaction deviates from the norm.
This is useful for detecting attackers attempting to access directories they shouldn’t or when intruders invoke commands with parameters outside normal usage.
Detecting anomalous parameters or attempting to execute an unusual command means this technology could easily be applied to IT automation to catch human errors or malicious commands.
Final takeaway
Assuming the right level of access to target systems, such a Machine Learning solution could certainly offer a path to protecting systems against bad parameters, lateral communication attempts and other attacks.
Infrastructure for apps, app delivery and automation are still attractive attack vectors. As organisations move to adopt more automation, they need to simultaneously consider the accidental or intentional ramifications of its use. From here, it is necessary to consider how to protect it against the inevitable fat finger or malicious keystroke.
Automation is a force multiplier; it is useful for both intended and malicious use cases which highlights a need to protect it. Machine Learning may be one way to integrate AI with ops to protect the infrastructure that remains a vital component of any digital business.