close
close

Association-anemone

Bite-sized brilliance in every update

Threat mitigation for AI-based attacks
asane

Threat mitigation for AI-based attacks

Artificial intelligence (AI) is transforming an endless number of industries and business processes, a fact that has not been lost on cybersecurity threat actors.

Artificial intelligence is already being used by cyber adversaries of all kinds, from amateurs to nation states. A popular technique is to use AI to create more credible phishing and spearphishing content. By collecting information readily available in sources such as social media posts, AI can create malicious emails, documents and websites that are both targeted at individuals and highly credible.

The goal is to make it even harder for employees to reliably detect these fakes, so the attacker can penetrate the network faster and easier.

It is axiomatic that end users constantly struggle to identify phishing emails and fake websites, even with regular security awareness training. The attacker only needs to succeed once to get in, and many staff roles (accounts payable, public-facing government employees) require opening emails from unknown sources.

Given that successful phishing attacks were common without AI, the conclusion must be that new approaches are needed to deal with the onslaught of AI-enhanced attacks.

Trustless protection against AI-enhanced attacks

The rise of AI-enhanced social engineering attacks requires a Zero Trust approach. All emails received or clicks on untrusted websites should be considered risky.

This is exactly the assumption used by HP Threat Containment technology. This approach assumes that all such content cannot be trusted, and therefore opens it only in isolated “micro virtual machines” (micro-VMs) created in software on the end computer. A micro-VM, enforced by the CPU hardware, is opened for each web page tab or email attachment. The tightly controlled attack surface of the micro-VM makes it almost impossible for an attacker to compromise the terminal computer or any other device on the network. When the task finishes, the micro-VM is destroyed, taking the malware instance with it.

Five essential benefits

Unlike other cybersecurity technologies, Threat Containment offers five benefits that include risk management, user experience, and operational efficiency:

  1. Inherent Protection – Protects by default without trying to detect attacks. Assuming all content is malicious, Zero Trust security is achieved, including against AI-based attacks.
  2. Visibility – It monitors activity in micro-VMs and feeds threat information to the centralized Wolf controller. This facilitates analysis and integration with threat intelligence analysis platforms using industry standards such as STIX and TAXII.
  3. Positive user experience – Users are relieved of the burden and anxiety associated with trying to identify phishing attacks or fake websites designed to steal credentials. They can “work without worry” knowing that HP Threat Containment will prevent attackers from using social engineering to trick them.
  4. Efficiency of security operations – Reduces the volume of urgent tickets due to false positives caused by detection technology failures. It also decreases the amount of remediation required for compromised endpoints. Finally, there is less reliance on security awareness training to detect phishing, so training time can be redirected to higher value goals.
  5. Effective compliance control – Compliance and audit directives require proof that security controls are continuously active. Threat mitigation works without a complex process, making it trivial to operationalize and therefore demonstrate compliance when requested by auditors.

Bottom Line: A superior defense against AI-enhanced attacks

AI empowers threat actors with more credible content at increased volume and speed. The HP Threat Containment system used in Sure Click Enterprise and Wolf Pro Security is well suited to defeat such attacks. Zero Trust, hardware-enforced content isolation assumes everything is suspect, eliminating the impossible task of accurately “detecting” every attack. It also provides comprehensive benefits in terms of visibility, user experience, security and compliance operations. Organizations of all sizes looking to improve their defenses against AI-based attacks should consider Threat Containment from HP for the best combination of protection and operational efficiency. Read here to discover how HP can help you enhance your endpoint protection.