Skip to main content

* Lucas Bezerra

Organizations, to defend their systems and processes, implement resources of different types, taking into account, among other factors, the criticality and complexity of these systems and processes.
As examples, we can find monitoring tools, vulnerability analysis, risk assessment, among others.

An unusual resource to be found in organizations being dedicated to Information Security is the Artificial Intelligence (AI). The rarity of this feature may be related the cost of implementation, maintenance and the lack of skilled labor for its use and control.

What is Artificial Intelligence?

Artificial intelligence it is a technological resource that allows machines to act and react like humans, making critical decisions and learning from experience. This feature enables machines to process large amounts of data in much less time than a human resource would be able to process.

The use of Artificial Intelligence for Information Security

Despite the difficulty of implementing and controlling Artificial Intelligence, this resource can be very useful for Information Security, offering controls to prevent, identify and mitigate possible threats to the business.

An example of the usefulness of this feature is the use of Machine Learning, to define operating standards, detect activities that deviate from this standard and assess whether this deviation poses a threat to the business. After assessing the threat, Intelligence may be able to identify its cause (s) and, from there, indicate adjustments to the system and / or processes to prevent recurrence of this threat or create controls that minimize the impact, in recurrence.

Another scenario in which IA it is used to ensure information security is in credit card companies, where the organization learns the customer's usage pattern in order to identify suspicious expenses, preventing possible losses for its users.

The number of tools that use artificial intelligence applied to information security is still not large, as well as the demand for the resource. Few suppliers were able to develop a tool and distribute it on the market.

Thinking about security, IBM developed the QRadar tool, used to:

• Gain insight into logs, flow and events to resolve security incidents
• Eliminate manual environment monitoring tasks, keeping analysts focused on resolving incidents
• Detect threats in real time, minimizing their effects
• Easily manage compliance with internal policies and external regulations.

This tool stands out for its multiple functionality and the relative ease in finding analysts and consultancies capable of operating it.

Final considerations

Artificial Intelligence is a powerful resource and its use optimizes an organization's information security. The growth in the number and complexity of threats can negatively affect the effectiveness of other security features. AI, in turn, is a difficult resource to be affected, since it learns from experience - that is: with each attack it faces, it increases its defense power.
The relatively high cost and scarce labor for tools that use the AI resource, among other factors, makes it difficult to find them in organizations. However, this difficulty may be related to the “age” of this resource - over time, the number of analysts trained to operate and control these tools tends to increase, as knowledge about the technology is disseminated.

* Lucas Bezerra is Consultant in GRC & Information Security at [SAFEWAY]

About [SAFEWAY]

SAFEWAY is an Information Security consulting company, recognized by its customers for offering high value-added solutions, through projects that fully meet the needs of the business. In these years of experience, we have accumulated, with great pride, several successful projects that have earned us credibility and prominence in our clients, which constitute in large part, the 100 largest companies in Brazil.

Today, through 17 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best solutions for technology, processes and people. SAFEWAY's SOC uses QRadar to monitor customer environments.