INFO LEAK

System firewalls are being breached. Computers hacked. Personal information stolen. However AI/ML is now being used to stop these hackers, and Sathish Krishnan is at the forefront of this technology.

By Adam Darby for The National Business Post

August 1, 2023

As technology continues to play a more centralized role in collecting, storing, and managing critical enterprise data, organizations face a greater possibility of compromised information falling into the wrong hands. Cyberattacks are growing at an exponential rate and research shows that the cost of cybercrime is expected to hit $8 trillion in 2023 and will increase to $10.5 trillion by 2025.

One of the biggest cyberattacks in recent news happened to T-Mobile in May 2023. The well-known cellphone vendor suffered from data breaches with hacks revealing PINs, full names, and phone numbers of over 800 customers. Earlier in the year, the company discovered that an attacker gained access to their systems, stealing personal information including names, emails, and birth dates from over 37 million customers. Cyberattacks like these not only affect the status and reputation of a major business, but also the trust and safety of its customers.

According to a 2022 report, cyberattacks occur every 39 seconds, with global breaches rising by seven percent in 2023 alone. According to the Reversing Labs Software Supply Chain Risk Survey, in the last year, technology professionals discovered major risks in their software chain, with more than 70 percent reporting that existing application security solutions aren’t providing essential protections. Because these breaches often involve the privacy and security of customer data, organizations are often forced to pay costly ransom fees in addition to consumer settlements, losing enterprises millions of dollars.

It’s not only big businesses that are targeted. Because small and mid-sized businesses often have less stringent technological defenses, they are an easier target for hackers. Several reasons behind these attacks include a lack of security assistance, system vulnerabilities, and underestimating potential risks. To protect themselves from malicious actors, businesses need to implement efficient and reliable protection to ensure that sensitive data remains private and protected.

The first line of defense for many businesses is a firewall. Technology solutions provider Cisco defines a firewall as “a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules or standards.” Traditional firewall protection has relied on manual programming and input from experts before putting these measures into action. However, the expanding role of artificial intelligence (AI), machine learning (ML) for modern business, allows for more automated security processes across an entire operating system, creating new concerns for a tech-centric landscape.

Today, businesses must lean on cybersecurity specialists to protect their organization from oncoming threats and the potential vulnerabilities that attract them.

As a development security operations (DevSecOps) specialist, Sathish Krishnan implements AI/ML firewalls and security solutions for organizations spanning multiple industries, including healthcare, manufacturing, and financial services. Through his passion for solving problems and protecting others, he resolves daily issues concerning perimeter protection, offering his expertise and perspective on the future of AI and ML-powered firewalls for global cybersecurity.

“Traditional firewalls exhibit several deficiencies. Inadequate predictions result in blind spots for regular system inspections,” Krishnan says. “These remain a fundamental problem. By launching automated measures with AI/ML-powered processes, companies are offered enhanced safety and security when deploying modern firewall solutions.”

There are several advantages to implementing AI/ML firewalls compared to traditional port-based firewalls. AI/ML offers an enhanced ability to mechanically identify threats with and train threat detection models. This enables further detection of advanced or unknown security threats. Organizations can also rely on intelligent AI/ML protection for other common uses, including application/user identification, policy control, real-time protection, traditional firewall capabilities, and deployment of existing firewalls. AI/ML firewalls extend visibility and security to all network devices. Recently, Krishnan developed cybersecurity policies for a large financial tech provider with the help of next-generation ML firewalls.

When the provider’s security administrators could no longer provide the manual input necessary to keep up with the rapid attack rate, he suggested developing an ML model for a next-gen firewall solution. This allowed the organization to establish more proactive policies to reduce and further eliminate attacks.

By doing this, the firewall “was able to analyze vast amounts of business data and automatically suggest security policies based on the business’ unique network,” according to Krishnan. This solution provided the tools necessary for the business to launch automated policies for stronger, faster, and easier security enforcement.

Advancements in AI/ML firewalls

AI/ML firewalls prevent cyberattacks in their earliest phases before becoming a serious threat. As attackers seek out potential weaknesses and vulnerabilities within a business, they gather sensitive information while deploying automated scanners that detect the type of security systems they’ll have to bypass. AI/ML firewalls alert business users of unwanted scans and eliminates vulnerabilities to give them a heads up on security breaches.

“It is important to develop AI/ML firewalls that deliver instantaneous protection against new attacks,” Krishnan says. “This may require a developer to design the firewall to push back on threats or attacks in seconds rather than minutes to ensure immediate prevention.”

It’s important for business leaders to understand that next-gen firewalls can still do everything that traditional firewalls can do, all the while adding additional capabilities, which include enhanced identification and performance. DevSecOps experts must immediately identify a potential breach or threat upon firewall detection and greatly reduce the time it takes to push back and prevent an attack.

“AI/ML firewalls must quickly and easily identify all network traffic that comes through the system to ensure potential threats are fully detected. It is intelligent, scalable, extensible, and always on,” Krishnan explains. “Despite having adept security models, traditional firewalls presently lack the intelligence of AI and ML approaches.”

Cybersecurity challenges and the AI/ML solution

AI/ML solutions can prevent most, but not all, threats from the start. According to Krishnan, the biggest challenge for implementing this solution is providing the correct data for training the next-gen firewalls. If the firewall is unable to identify a threat, it won’t serve a sufficient purpose and hence will provide little to no security. With an increased focus on OpenAI and resources like ChatGPT, many organizations are leveraging it to conceive security rules and policies. But these applications aren’t bulletproof.

“It may appear plausible to use ChatGPT to generate firewall rules, but they are often too general and don’t offer advanced levels of protection,” Krishnan says. “Attackers can collect these generated firewall rules and create malicious attack methods based on OpenAI suggestions. It is important to deploy security models that predict these methods by learning from previous attacks.”

The future of AI/ML firewalls in cybersecurity

As AI advances and continues playing a larger role in modern businesses, many wonder what this means for the future of cybersecurity. Advanced AI firewalls will identify new threats and attacks while leveraging established detection measures. Rather than sending data to system users like traditional firewalls, AI/ML models will provide efficient detection approaches that block unauthorized communications based on different types of data.

“Traditional network security solutions have failed to keep pace with changes to applications, threats, and the networking landscape,” Krishnan says. “Over the years, enterprises have tried to compensate for their firewalls’ deficiencies by implementing a range of supplementary security solutions, often in the form of standalone tools. These may include intrusion prevention systems, antivirus gateways, web filtering products, and application-specific solutions such as dedicated platforms for instant messaging security. For a number of reasons, these firewall helpers fall short and have little to no effect on perimeter protection and cybersecurity. We need to embrace change and new technologies as network security is reinvented for the modern business landscape.”

As we have witnessed in recent years, businesses and their systems continue to have vulnerabilities, However, now with the implementation of AI/ML firewall solutions and the continuous efforts and collaborative research by development professionals like Krishnan, these next-gen AI/ML solutions will help ease the concern of business professionals worldwide, making sure valuable information remains locked away and in the right hands for years to come.

Adam Darby is a freelance writer for various magazines and news publications. He also serves as a content writer for professional websites, blogs, podcasts, and social media accounts. For additional information, contact adamdarby4@gmail.com.