The premise of AI taking over conventional roles may not be so bad in one particular category – security. Darktrace’s Antigena is a security automation tool, part of its Enterprise Immune System solution, that is well on the way for exactly that. Imagine it as a virtual cop monitoring your entire system – but much more sophisticated than your average antivirus. Antigena reacts autonomously to cyber-threats as they are being executed – performing specific and complex tasks that would otherwise require human intervention. So you can essentially say that the machine has had enough of those pesky bugs and viruses, and now it wants to fight back.
Modelled after the human immune system, the system works on machine learning and mathematical probability to establish ‘routine’ behaviour for devices on the network. Based on this behaviour, it identifies anything out of place and taking action which is proportionate to the threat – for example, isolating a compromised device from the network. Needless to say, this gives the IT team the invaluable lead that allows them to catch up to the threat. This is where it behaves similarly to the human immune system by targeting only the affected areas like a digital antibody.
Check out the product demo below:
So what can an AI-based security software actually do?
Actual threat scenarios that Darktrace Antigena has already mitigated in its limited trial period include:
- Stopped sensitive customer information from being stolen by an external attacker by creating an automatic response when an attacker was detected making suspicious connections to a device inside the network while conducting reconnaissance.
- Mitigated a malware attack when a device was infected by a malicious Trojan which was scanning hundreds of devices for open channels of communication in a suspected attempt to exploit vulnerabilities. Blocked outgoing connections from the device, allowing it to be isolated and cleaned before the infection could develop further.
- In a healthcare organisation, an employee accidentally downloaded a malicious file received in an email — the malware immediately started to encrypt data on the employee’s computer. Within thirty seconds, Antigena isolated the device and stopped the attack before it spread across the network.
And all the security jobs?
If you’re already going into ‘I-told-you-so’ mode about AI taking over human jobs, you can hold your horses right there. First of all, Antigena’s true usefulness lies in firefighting (something that is prone to human error), and will allow actual security specialists to spend more time on designing and implementing better security systems – time that they would have spent fighting live threats otherwise. And as with any new technology, this will open up new job roles if we are ready for them. An AI that learns from device behaviour over the network could also be an invaluable teaching tool to any new security staff. The possibilities in this area are only limited by our applications.