The FortiGuard report security trends clearly pointed out that "cyber attackers have begun to try AI methods", and the speculation, exploration and facts at the time of ChatGPT's popularity are becoming evidence of this assertion. With the blessing of AI elements, the way of offense and defense is also quietly undergoing drastic changes. Fortinet believes that the essence of the countless possibilities for attackers to use AI methods such as ChatGPT to attack is actually a subversive improvement in the efficiency of the attacker and a significant reduction in the attack threshold. As a defender, network security products and solutions should also keep pace with the times and give full play to the power of AI.
"Cage the Magic"
"Comparable to the birth of the PC and the Internet", "over 200 million users in two months"... Whether it is the praise of industry leaders, factual data, or the dominance of the social circle, the impact of ChatGPT is obvious to all. However, in addition to its popularity, issues such as privacy, security, ethics, and regulations are constantly being raised.
"Don't enter key information into ChatGPT", "ChatGPT will use all inputs for training, and inputting sensitive information may cause leaks", these are the advice given by world-renowned companies such as Microsoft and Google from a security perspective. The overturning phenomenon caused by ChatGPT, such as fake news and foul language, has made people in various industries put forward the idea of "locking magic in a cage".
In short, the revolutionary productivity of AI is unquestionable, but in order for AI to play a positive role, known and potential risks must also be avoided. Especially for the network security industry, the addition of AI is completely affecting the way of network security offense and defense. When dealing with AI, cybersecurity not only needs to "put magic in a cage", but also needs to "defeat magic with magic".
The situation in the way of offense and defense has changed dramatically
Jim Reavis (Ji Ruiwei), CEO of the International Cloud Security Alliance, raised four questions to ChatGPT, discussing the impact of ChatGPT on security from four aspects, including "How is ChatGPT used by malicious actors for network attacks?" ChatGPT improve network security plan?" Two questions, showing the impact of AI on the way of network security offense and defense.
In fact, before the popularity of ChatGPT, the Fortinet security report has clearly pointed out that network security attacks have already begun to try AI technology. At present, in the stages of intelligence gathering and other stages before the attack, attackers have already begun to try AI and other automated methods. ChatGPT's answers to the first question are "social engineering", "credential stuffing", "spam and fake news", "production of malware", "creation of false information", etc. Applications are extended to a larger area.
Facts have proved that just after ChatGPT became popular, some network security personnel have used simple natural language to ask ChatGPT to give the corresponding attack code, verifying the conjecture of "malware generation". The emergence of ChatGPT-based spam also verified the conjecture that ChatGPT provides assistance to "spam and false news" attacks.
It can be seen that whether it is an authoritative report, the assumptions and guesses given by ChatGPT, as well as the emerging facts, it is inevitable for people to see that AI is used for network security attacks. Fortinet believes that whether it is ChatGPT or other AI means, the essence of the application in cyber attacks is to improve efficiency and lower the threshold.
The advantage of AI is not that it surpasses the innovation of human attack capabilities, but that it can greatly reduce the attack threshold and improve attack efficiency through automation capabilities, which directly leads to an epoch-making change in the network security offensive and defensive situation. The first and most direct impact is the significant increase in the number of attacks. The Fortinet report shows that with the blessing of technologies and models such as automation, AI, and "as-a-service", network security attacks have shown a skyrocketing trend.
Simply put, AI can allow people who were previously incapable of launching attacks to use AI to launch cyber attacks. At the same time, AI can greatly increase the success rate of attacks through the generation of more realistic fraudulent content, automated scanning, data mining, and intelligence creation, and realize 24-hour unattended, uninterrupted attack, expanding the attack time range.
"Defeat magic with magic"
Fortinet pointed out that with the application of AI in the field of network security attacks, cybercrime and attack methods will continue to expand rapidly in the future. Fortunately, many of the tactics and strategies used by attackers are largely consistent, which is conducive for security teams to adopt effective strategies in a timely manner and proactively block threats. Security teams should step up the deployment of security solutions that are continuously empowered by advanced automation technologies such as machine learning (ML) and AI, to detect attack patterns in real time and block threats, "defeating magic with magic".
At present, for attackers using AI to launch faster, more, and more concealed variant viruses, phishing emails, extortion, credential stuffing and other attacks, Fortinet provides users with the ability to collect and provide global threat intelligence at the first time, to establish local AI-based A comprehensive AI security protection solution for unknown threat detection and defense systems.
Specifically, as Fortinet's threat intelligence brain, FortiGuard Labs is Fortinet's global network security research team dedicated to discovering and addressing network threats. They use AI technology to analyze, monitor and identify network security threats, thereby improving the efficiency and accuracy of network security defense. FortiGuard's AI-driven security suite delivers market-leading security features designed to protect applications, web traffic, devices, data, and users deployed anywhere, continuously assessing risk and automatically responding to known and unknown threats across distributed networks risk. Its real-time threat intelligence service helps customers defend against the latest AI-accelerated attacks. The latest threat intelligence can be deployed near important assets to ensure fast, real-time detection and response.
At the AI level, FortiGuard Threat Intelligence Center has the following features:
Real-time threat intelligence: Assisted by AI, FortiGuard Labs employs tens of billions of neural network nodes to help Fortinet's security experts develop across the Security Fabric based on internal research on the changing threat landscape, zero-day discoveries, and through industry consortia Ongoing security updates.
Trusted Machine Learning and AI: Provides a unique combination of local learning and static analysis to identify Anomaly learning for fast intelligent local augmentation of artificial intelligence (AI) and machine learning (ML) models, etc.
Threat hunting and outbreak alerting: AI-accelerated alerting, analysis and detection, prevention and remediation tools for mitigating explosive cyber threat events, using MITER ATT&CK methodology for analysis, and linkage with global threat intelligence partners.
FortiGuard Labs experts and AI work together to provide real-time protection for Fortinet users all the time. Here are some data:
With the powerful real-time threat intelligence provided by FortiGuard Labs, each product in Fortinet Security Fabric, such as FortiGate, FortiSandbox, FortiMail, FortiWeb, FortiEDR, FortiClient, etc., can provide customers with world-class protection ability.
In addition, Fortinet's answer to the advanced user's request to establish a private, AI-based real-time threat intelligence detection center for their own unique network, application and computing resources is yes! FortiNDR is just the right choice! This is an AI-based network detection and response (Network Detection and Response) solution, which can be deployed on the customer's private network (On-Premise), through FortiNDR's AI chip and algorithm acceleration, to build a second-level unknown threat detection technology , and automatically generate private threat intelligence. This private threat intelligence complements the cloud threat intelligence provided by FortiGuard, allowing both local and cloud AI to provide customers with the ability to fight against "black" AI.
Specifically, FortiNDR uses technologies such as machine learning (ML) and artificial neural network (ANN) to detect network anomalies and malware, analyze network traffic and files, track the cause of attacks, and respond to new and unknown attack threats in real time, thereby reducing Impact of cyber threats on organizations. It has the following characteristics:
Monitor and detect network threats: Use AI technology to identify and monitor network traffic to quickly discover threats in the network. AI technology can automatically learn and recognize normal network traffic patterns and alert on unusual activity.
Automated response to security incidents: Leverage AI technology to help automate security incident response. When a security incident is detected, the AI system can automatically initiate corresponding security measures to prevent the attack, thereby reducing the impact of the security incident on the network.
Quickly investigate security incidents: Automatically collect and analyze incident data and compare it to historical and baseline data. This helps to more quickly determine the scope and impact of a security incident.
It is true that the addition of AI has brought both offensive and defensive parties into a new era, but for network security, Al such as ChatGPT can only provide assistance in certain links and functions: for attackers, it may be a function For defenders, it may be some intelligence information, etc., but it cannot complete a complete security defense independently. In other words, AI still has to return to its "tool" standard.
In this regard, Fortinet pointed out that simple superimposed single-point security solutions have long been unable to effectively deal with advanced and complex threat attacks. Enterprises urgently need to deploy a network security grid platform with comprehensive coverage, deep integration and dynamic collaboration to improve security flexibility and achieve tighter integration . , deeper visibility, and faster, more consistent, and effective threat response across your entire network.