AI in cybersecurity: real-world examples of how AI can be used

In 2022, it’s hard to think of an industry that hasn’t undergone an AI transformation — and for good reason. Those involved in cybersecurity have already seen how AI can be used to better safeguard a business, from analyzing mobile endpoints, detecting AI-powered threats, identifying sophisticated cyber-attacks, reducing response time, reducing alert fatigue and more.

It’s also no secret that the Samurai team are big advocates of AI in cybersecurity — that's why we’ve built it into our solutions too! In this post, we take a closer look at some real-world examples of how AI is being used in cybersecurity.

7 examples of AI in cybersecurity

We’ve already touched on a long list of ways that AI is being used in cybersecurity today. So let’s unpack each of those use cases in a little more detail.

AI-powered threat detection

AI-powered threat detection is a process of using AI to detect and respond to cyber threats. AI can be used to detect threats that may be missed by traditional security measures.

AI can be used to identify patterns in data that may indicate a threat. It can also be used to identify malicious traffic or activity. AI can also be used to automatically block or flag suspicious activity.

Samurai uses Artificial Intelligence and Machine Learning (ML) algorithms to model out threats and provide responses. Identifying patterns of behavior using large amounts of data requires ML. Samurai ML classifies threats like DGA, C2; using models that look at behavior such as patterns, signatures and rules in addition to anomaly detection. Threat classification and anomaly detection allows Samurai to detect new unseen threats that may use evasive techniques to remain hidden as long as possible. Samurai then adds to its AI, advanced correlation spanning multiple sources. Combined with our patent “BOOST” scoring technology, we are able to provide high confidence alerts, true positives. Examples where our capabilities excel is in malware, BOTNET and lateral movement detection. An example, Samurai detected Cryptomining by leveraging our unique DGA detection logic and BOOST scoring, identifying and flagging this high risk threat to an analyst as WannaCry in its early stages.

Detection of sophisticated cyber-attacks

AI is becoming increasingly important for the detection of sophisticated cyber-attacks. Sophisticated cyber-attacks can be difficult to detect with traditional security measures, but AI can be used to identify them.

AI can be used to analyze data for signs of an attack. It can also be used to identify malicious traffic or activity. AI can also be used to automatically block or flag suspicious activity.

In a recent blog post NTT Security Holdings Analysts unpack the TrickBot group’s recent exploit known as PowerBrace malware which targets the banking industry by installing a backdoor to compromised systems. With Samurai’s detection capabilities leveraging AI, Machine Learning and Threat Intelligence, we are able detect Trickbot activity including variants.

Reducing threat response time

AI can also be used to reduce the time it takes to respond to a threat. AI can be used to automatically detect and respond to threats. This can help reduce the time it takes to contain and mitigate an attack.

In one example, a global bank needed to improve its threat detection and response following advanced cyber threats and sophisticated attacks. Following the deployment of AI, the bank's threat detection and response capabilities for sophisticated attacks improved.

Identification of zero-day exploits

Zero-day exploits are a type of cyber-attack that can be difficult to detect. That’s because zero-day attacks take advantage of a security flaw that has not been publicly disclosed — meaning that the exploit has not been patched and there is no protection against it.

But AI can be used to identify zero-day exploits and help mitigate them. AI can be used to analyze data for signs of an attack, identify malicious traffic or activity, and then automatically block or flag suspicious behavior.

Samurai’s AI and ML algorithms are used to detect stealthy / unknown threats. Approximately 70% of security incidents responded to with our MDR service, were attributed by unique events detected from our AI. As an example, our analysis engine detected a zero day Crypto Mining exploit using our proprietary DGA (domain Generation Algorithm) logic. This logic (part of our AI/ML) identified the suspicious DNS requests. Our customers were protected whilst the malware was still yet to be publicly discovered.

Advanced malware detection

AI can also be used for advanced malware detection. AI can be used to detect previously unknown malware and help mitigate the threat it poses.

"The availability of tens of millions of labeled samples from both malware and benign applications have rendered this one of the most successful applications of deep learning and AI in cybersecurity" according to SearchSecurity.

Analyzing mobile endpoints

One of the ways AI is being used in cybersecurity is by analyzing mobile endpoints. Mobile devices are increasingly becoming the target of cyber-attacks, and AI can be used to help mitigate those threats.

For example, AI can be used to detect if a device has been rooted or jailbroken, which could indicate that it has been compromised. AI can also analyze patterns of behavior on devices to identify suspicious activity, such as unusual app installations, strange data usage, or anomalies in behavior that may indicate a potential attack.

Reduction of alert fatigue

Alert fatigue is a condition that can occur when security professionals are bombarded with too many alerts. AI can be used to reduce alert fatigue by automatically sorting and prioritizing alerts, by raising the baseline levels of threat intelligence requiring human intervention.

We know the impact on scalability when it comes to information overload, especially when it comes to delivering a high quality MDR service. With several thousands of subscribed devices, the amount of data to be analyzed is simply not possible for a service provider without AI. Without high quality AI we wouldn't be in business! Our AI identifies and responds to high risk alerts - some we identify as part of zero-day and many cases leveraging security vendor technology detections together with correlation and enrichment with our threat intelligence. It all contributes to faster detections. With SamurAI XDR SaaS, customers now have the ability to consume what we have built out of necessity, as a self service. Alternatively as a managed service with our MDR.

These are just a few examples of how AI can be used in cybersecurity. AI is a powerful tool that can be used to detect and respond to threats — and as the use of AI in cybersecurity increases, we will likely see even more examples of its powerful, game-changing benefits.

Keep coming back to the Samurai blog for more insights into the future of cybersecurity and how to keep your business safe.