Threat mitigation for AI-based attacks

Artificial intelligence (AI) is transforming an endless number of industries and business processes, a fact that has not been lost on cybersecurity threat actors.

Artificial intelligence is already being used by cyber adversaries of all kinds, from amateurs to nation states. A popular technique is to use AI to create more credible phishing and spearphishing content. By collecting information readily available in sources such as social media posts, AI can create malicious emails, documents and websites that are both targeted at individuals and highly credible.

The goal is to make it even harder for employees to reliably detect these fakes, so the attacker can penetrate the network faster and easier.

It is axiomatic that end users constantly struggle to identify phishing emails and fake websites, even with regular security awareness training. The attacker only needs to succeed once to get in, and many staff roles (accounts payable, public-facing government employees) require opening emails from unknown sources.

Given that successful phishing attacks were common without AI, the conclusion must be that new approaches are needed to deal with the onslaught of AI-enhanced attacks.

Trustless protection against AI-enhanced attacks

The rise of AI-enhanced social engineering attacks requires a Zero Trust approach. All emails received or clicks on untrusted websites should be considered risky.

This is exactly the assumption used by HP Threat Containment technology. This approach assumes that all such content cannot be trusted, and therefore opens it only in isolated “micro virtual machines” (micro-VMs) created in software on the end computer. A micro-VM, enforced by the CPU hardware, is opened for each web page tab or email attachment. The tightly controlled attack surface of the micro-VM makes it almost impossible for an attacker to compromise the terminal computer or any other device on the network. When the task finishes, the micro-VM is destroyed, taking the malware instance with it.

Five essential benefits

Unlike other cybersecurity technologies, Threat Containment offers five benefits that include risk management, user experience, and operational efficiency:

1. Inherent Protection – Protects by default without trying to detect attacks. Assuming all content is malicious, Zero Trust security is achieved, including against AI-based attacks.
2. Visibility – It monitors activity in micro-VMs and feeds threat information to the centralized Wolf controller. This facilitates analysis and integration with threat intelligence analysis platforms using industry standards such as STIX and TAXII.
3. Positive user experience – Users are relieved of the burden and anxiety associated with trying to identify phishing attacks or fake websites designed to steal credentials. They can “work without worry” knowing that HP Threat Containment will prevent attackers from using social engineering to trick them.
4. Efficiency of security operations – Reduces the volume of urgent tickets due to false positives caused by detection technology failures. It also decreases the amount of remediation required for compromised endpoints. Finally, there is less reliance on security awareness training to detect phishing, so training time can be redirected to higher value goals.
5. Effective compliance control – Compliance and audit directives require proof that security controls are continuously active. Threat mitigation works without a complex process, making it trivial to operationalize and therefore demonstrate compliance when requested by auditors.