The evolution of AI within the cybersecurity landscape has led to the discovery and mitigation of new cyber-events and attack vectors . The result is a rush by organisations to build more automated and intelligent security defences using techniques like Machine Learning , Deep Learning and Natural Language Processing . In this article , Lori MacVittie , Distinguished Engineer at F5 , explains how organisations can use Artificial Intelligence to ensure a seamless automation approach within their security .

n the popular story , The History

Mesopotamian tale highlighting the cruellest threat to the region ’ s water supply – jihadists destroyed human life in the Iraqi town of Snune and further poisoned every well they could get their blood-stained hands on .

Some wells they choked with oil , while others were jammed with ragged metal debris . All in a bid to kill every functioning water outlet left and reduce the agriculturally rich district to nothing .

The bigger lesson was that whether by cutting off access to wells or using wells as a force multiplier for spreading diseases , the town well is always a significant attack vector to the enemy .

In today ’ s cybersecurity context , we can liken the analogy of the town well to a script or an API endpoint that initiates automations to drive change into infrastructure , applications and digital services within an organisation .

F5 ’ s 2022 State of Application Strategy Report stated that 78 % of organisations employ a rich set of automation across IT for the above purposes , highlighting the prevalence of automation to drive changes into complex , hyperscale systems operated by tech giants like Facebook , Twitter , Amazon and others .

Just like the ancient well , today a single script can affect thousands of systems within minutes , unlike years ago when it should have taken days or weeks .

Automation is a force multiplier allowing operations of all kinds to scale in ways that human beings could never achieve . It is the cornerstone of scaling processes , practices and business . It is always said that an organisation cannot become a digital business without automation as it is one of the six key capabilities organisations need to successfully capitalise on data , adopt Site Reliability Engineering ( SRE ) operations and infuse digital services with the ability to adapt through modern app delivery .

As the meaning goes , automation is automatic . Once begun , it is difficult to intercept the cascading changes across systems and its speed is impossible to stop .

Several instances of automation propagating unintended changes have impacted large swathes of the Internet as a bad parameter pushed into a script is almost impossible to recall . So , the well becomes poisoned once the enter button is pushed or when the API endpoint is invoked .

Also , threats of human error and the security of IT automation are overlooked attack vectors that can eventually be exploited , even if it takes a decade . According to the latest Uptime Institute research , ‘ nearly 40 % of organisations have suffered a major outage caused by human error over the past three years .’ This is where AI and Machine Learning ( ML ) come in .

The use of Machine Learning to protect IT automation

Machine Learning is adept at uncovering patterns and relationships between data points . Today , most industries utilise Machine Learning to solve security and operational challenges like identifying humans and bots , recognising attacks and predicting imminent outages .

An unexplored area is app infrastructure protection ( AIP ). For example , F5 Distributed Cloud AIP uses Machine Learning to understand how operators and admins interact with critical systems and immediately notices when an interaction deviates from the norm .

This is useful for detecting attackers attempting to access directories they shouldn ’ t or when intruders invoke commands with parameters outside normal usage .

Detecting anomalous parameters or attempting to execute an unusual command means this technology could easily be applied to IT automation to catch human errors or malicious commands .

Final takeaway

Assuming the right level of access to target systems , such a Machine Learning solution could certainly offer a path to protecting systems against bad parameters , lateral communication attempts and other attacks .

Infrastructure for apps , app delivery and automation are still attractive attack vectors . As organisations move to adopt more automation , they need to simultaneously consider the accidental or intentional ramifications of its use . From here , it is necessary to consider how to protect it against the inevitable fat finger or malicious keystroke .

Automation is a force multiplier ; it is useful for both intended and malicious use cases which highlights a need to protect it . Machine Learning may be one way to integrate AI with ops to protect the infrastructure that remains a vital component of any digital business . u intelligent SOFTWARE SECURITY www . intelligentciso . com

61