Infoblox Inc. revealed today that it is leveraging artificial intelligence (AI) to identify websites that are sources of malware. These websites can then be blocked to make IT environments more secure.
Craig Sanderson, vice president of product management for Infoblox, said SOC Insights applies machine learning algorithms to the data being collected by Domain Name Servers (DNS) by the BloxOne Threat Defense platform to identify, for example, a website that is using typosquatting tactics to distribute malware to unsuspecting end users. Once identified, cybersecurity teams can then apply policies to prevent end users from accessing those sites, he added.
That approach eliminates malware threats long before they ever make it to a network firewall, said Sanderson.
More than 90% of the malware that infests IT environments can be traced back to malicious websites, so preventing access to pages on those sites will dramatically improve the cybersecurity posture of an organization, he noted.
SOC Insights also streamlines alerts to make it simpler for cybersecurity and network operations teams to identify not only malicious websites but also what devices on their networks are accessing them, said Sanderson. That capability will substantially reduce mean-time-to-resolution (MTTR) for teams tasked with identifying and thwarting potential threats, he added.
In addition, that approach reduces the amount of data that might need to be stored in a security information event management (SIEM) platform, said Sanderson.
In the longer term, Infoblox also plans to add generative AI capabilities to the platform to enable those teams to use natural language to investigate those threats, he noted.
It’s not clear to what degree AI will transform how cybersecurity is achieved and maintained, but the more it is applied beyond the perimeter of a corporate network the more likely it becomes that threats can be neutralized. No matter how effective a cybersecurity team, organizations incur costs anytime compute resources must be allocated to detect and remediate malware infestations. Infoblox is making a case for a Big Data analytics approach that promises to reduce the total cost of cybersecurity, said Sanderson.
Of course, cybercriminals may adjust their tactics and techniques when confronted with different types of countermeasures. In fact, cybersecurity teams should assume their adversaries are already leveraging AI to craft attacks that will become harder to detect. In effect, organizations have been caught up in a cybersecurity arms race.
The challenge, as always, is securing additional funding. Business and IT leaders have made steady investments in cybersecurity. It is, however, difficult to determine if those investments have materially reduced the level of risk any organization faces. Cybersecurity teams need to explain why additional investments in cybersecurity are required to keep pace with rapid changes to the tactics and techniques being employed by cybercriminals and various nation-states.
In the meantime, at this point, it’s only a question of to what degree AI is going to be applied to cybersecurity as organizations that are slow in making these investments increasingly discover they are being victimized a lot more than those that do.
Recent Articles By Author