close
close

Association-anemone

Bite-sized brilliance in every update

Three ways generative AI and data flow are improving cyber security in EMEA
asane

Three ways generative AI and data flow are improving cyber security in EMEA

(© kentoh via Canva.com)

For malicious actors, generative AI (gen AI) presents stealthier, more efficient and increasingly effective methods for launching cyber attacks. Cybercriminals can now scan entire organizational data infrastructures, create highly convincing fake identities, and infiltrate critical IoT systems faster than ever before.

In response, governments and businesses are ramping up their defenses. In EMEA, cyber defenders are leveraging AI in innovative ways to counter these rapidly evolving threats. Their not-so-secret weapon? Real-time data streaming.

The combination of generative artificial intelligence and stream processing is proving to be a powerful defense for organizations navigating this complex threat landscape. Here are three compelling examples that demonstrate how.

1. Real-time threat detection and response

A real-time threat requires a real-time response. The faster an organization can identify and react to a breach, the lower the impact. Batch data processing, which analyzes stored data, is insufficient when systems are actively under attack.

Real-time generative analytics based on artificial intelligence enables continuous monitoring of data flows in networks, enabling security systems to detect anomalies and potential threats as they occur.

Beyond detection, generative AI automates response processes along the entire security chain. From identifying the threat to isolating compromised systems, automation dramatically reduces the time it takes to contain and resolve incidents. It also minimizes the risk of human error, preventing a panic response from exacerbating damage in an attack.

British telecoms giant Vodafone has invested heavily in real-time threat detection and response systems as part of its wider cyber security strategy. Its global in-house cybersecurity arm employs 900 people to manage trillions of events and sensor logs from all the countries in which it operates.

This advanced network monitoring enables Vodafone to gain real-time visibility into all data traffic, detecting anomalies such as spikes in usage or unusual access patterns to identify threats before they can cause damage. AI and machine learning (ML) enhance these efforts by detecting anomalous behaviors, predicting potential vulnerabilities, and automating routine security tasks.

Incident response automation ensures that the organization reacts quickly to detected threats. Automated AI and ML ledgers and workflows trigger immediate actions such as isolating affected devices or redirecting traffic during DDoS attacks. By automating responses and reducing human error, Vodafone ensures rapid mitigation of cyber risks across its vast and complex infrastructure.

2. Real-time behavioral analysis for insider threats

Another compelling way data flow strengthens cybersecurity is through behavioral analytics. By establishing a baseline of normal user and device behavior, organizations can more easily detect anomalies that signal potential threats. For example, compromised credentials can be flagged when a user’s actions deviate from typical patterns. In the IoT space, device profiles can track normal resource usage, alerting security teams when unusual activity suggests a problem.

Both illustrate the crucial need for data to be processed and analyzed in-stream so that information can be as immediate and accurate as possible to prevent fraud or device disruption. These examples highlight the critical need for real-time data processing and analysis to generate immediate and accurate insights.

One area where behavioral analytics shines is in insider threat detection, especially in organizations that handle high-risk information. Continuous monitoring of user behavior against established profiles helps prevent both intentional and accidental breaches, reducing the risk of costly incidents.

For example, a bank could use AI to track employee activities across its network. By analyzing login times, file access, and data transfers, AI can detect suspicious behavior—such as an employee accessing sensitive files outside of normal business hours—and flag it for investigation.

3. Real-time sharing of threat intelligence to fight APTs

In EMEA, cyber security threats frequently cross national borders. As cyber-attacks become more sophisticated, defenders must analyze larger and more complex data sets from a wider range of sources, making intergovernmental collaboration paramount.

Generative AI and data streaming technologies simplify this process by quickly correlating data from various sources, giving organizations a more comprehensive view of the expanding threat landscape. Multiple organizations can collaborate simultaneously to detect, monitor and respond to cybersecurity threats in real time.

The European Union Agency for Cyber ​​Security (ENISA) plays a crucial role in promoting the real-time exchange of threat information between Member States. The agency encourages collaboration through the EU Cybersecurity Act and coordinates initiatives such as Cyber ​​Threat Intelligence (CTI) platforms, where different sectors share critical data in real-time to mitigate cyber threats.

For advanced persistent threats (APTs)—sophisticated, long-term attacks often supported by nation states or well-funded groups—combining generative AI with stream processing is critical to identifying the proverbial needle in the haystack.

UK cybersecurity firm Darktrace has developed an AI-based cybersecurity platform that leverages machine learning, including AI-like capabilities, to detect and respond to sophisticated APTs.

The platform uses self-learning AI models to detect abnormal behavior in real time, identifying subtle signs of long-term APTs, such as unusual network traffic or lateral movement (where cyber attackers move from one system to another to gain deeper access to critical information). infrastructure). Darktrace’s AI technology can also simulate potential APT scenarios, helping to anticipate new attacks.

In March 2024, Darktrace has detected suspicious emails on a customer’s network, sent from addresses associated with a well-known international fast-food chain. Attackers have used trusted domains and hidden malicious links in QR codes in an attempt to evade traditional email security measures. Darktrace’s AI flagged unusual behavior, scanned QR codes, and identified the threat before any compromise.

The case highlights the changing nature of cyber security threats – what was considered safe yesterday is vulnerable today. Organizations must work together to match the pace of cybercrime development.

Strengthening defenses through AI advances

The combined potential of generative AI and streaming data is something I find more exciting than daunting. Businesses already see significant returns on their data flow investmentsdriving improvements in operational efficiency, customer experience and accelerating AI/ML adoption.

However, these tools can be used by both attackers and defenders. To stay ahead, we need to invest in the right infrastructure, talent and expertise to ensure we’re on the winning side.