The Standard | 是敵是友？人工智能是對抗網絡威脅的雙刃劍 (English only)

The world is buzzing with excitement over AI. From conducting thorough research to writing witty poems, AI has won the hearts of tech enthusiasts, business executives, and consumers. But, it is also gaining attention among hackers and defenders.

A Forrester Study indicates close to 80% of cybersecurity decision-makers anticipate offensive AI to increase the scale and speed of attacks, and 66% also expect AI to conduct attacks that no human could conceive of.

AI, a double-edged sword for security

AI is a game changer for both businesses and attackers. While businesses are experimenting with AI to drive digital business, threat actors also use AI to power more sophisticated attacks.

The cheap and easily accessible Generative AI (GenAI) tools allow attackers to quickly launch social engineering attacks, such as creating deep fake social media campaigns that destroy businesses' reputations or hyper-realistic phishing that disrupts communications. AI is also a great tool to automate threat actors’ operations by processing more stolen data and launching faster attacks. All these tools are speeding up cyberattack operations, making it extremely difficult for businesses to detect and prevent attacks simply with their legacy tools.

To sharpen their defense strategies, businesses should also turn to AI to transform their cybersecurity operations. Aiming to help enterprises take advantage of AI, CITIC Telecom CPC recently launched TrustCSI™ 3.0. This AI-powered suite of cybersecurity solutions and services is designed to strengthen the red/blue practices—a simulation of offensive and defensive cybersecurity drills.

With the support of AI, the red team can conduct comprehensive assessments and attack simulations, while the blue team offers all-encompassing defense services. This holistic approach covers the entire cybersecurity service stack, from staff training and offensive and defensive drills to network protection solutions, security strategy, and service consultation.

Sharpening the Red Teams

To perform effective cybersecurity assessments, more red teams are using AI the way threat actors are. Like attackers, more businesses are turning to intelligence to rapidly analyze networks and applications to uncover potential vulnerabilities.

Designed to identify vulnerabilities across the network infrastructure and web applications, TrustCSI™ IAS Information Assessment Service performs a comprehensive vulnerability scan. On top of assessing web applications, network equipment, and IT infrastructure, IAS also offers thorough service planning, risk prioritization, remediation recommendations, and re-auditing. This comprehensive assessment identifies the enterprise’s vulnerabilities, allowing the red team to understand potential attack paths and use AI to design customized penetration tests.

Hacking without breaking

Penetration test is the essence of offensive cybersecurity. The red team designs and simulates real-world attacks to actively attempt a breakthrough. It is a great exercise to assess an organization's risk posture, but it could be very time-consuming and sometimes costly. The traditional periodic penetration test also falls short of addressing the increasingly dynamic threat landscape.

CITIC Telecom CPC’s Penetration Test with AI provides a lightweight and routine self-testing solution. This automation tool allows businesses to schedule and customize tests to specific targets, like weak password testing, SQL injecting, or XSS testing. By leveraging this tool, businesses can robustly defend against potential threats cost-effectively, fortifying their security measures.

Empowering the Blue Teams

If the rd teams pretend to be the “bad guys,” the blue teams are genuinely the “good guys.” But the “good guys” always have a more demanding job. While the attackers need only one successful exploitation to launch an attack, the defenders must successfully guard every attack.

To help blue teams maintain their success rates, TrustCSI™ 3.0 introduces AI-powered monitoring and protection. The latest SOC-as-a-service (SOCaaS) integrates our local security experts with two global Security Incidents and Events Management (SIEM) technologies to provide intelligent round-the-cloud monitoring.

Instead of relying on a single technology, we use dual SIEM platforms to aggregate and cross-correlate threat intelligence data to identify and highlight potential threats. This Dual SIEM operation revolutionizes threat intelligence management, accelerates detection, and boosts security visibility.

Visualize hidden threats

On top of monitoring known threats in the network, businesses are encountering more unknown threats emerging with the rise of AI. For active investigation and real-time anomalous activity detection, businesses are turning to our Secure AI.

Supported by an advanced machine learning algorithm, Secure AI conducts User and Entity Behavior Analysis (UEBA) to identify the root cause of the anomaly detected quickly. It also formulates findings into actionable insights to predict whether the abnormal behaviors are significant enough to cause harm.

Seeing is believing, especially when it comes to evasive malware. Through the combination of malware detection technologies and visual computing with our classification algorithms, malware can no longer be hidden.

CITIC Telecom CPC’s AI Visual Security effectively processes massive amounts of data to discover hidden features of suspicious files. It also analyzes and classifies the files and turns them into graphic images. The visual presentation allows the blue team to quickly identify different types of malware without going through the file contents and uncover muted threats under the same family, even before they pose any risk.

AI and humans to defend against massive attacks

To prepare for a massive surge of attacks, businesses also turn to automation tools like Security Orchestration, Automation and Response (SOAR) to simplify and speed up remediate processes.

Such automation is only meaningful with a playbook that customizes the business environment and addresses its unique needs. This is when security professionals are essential to integrate experiences from business best practices with efficiencies from machines.

AI is transforming the way attackers operate, and so is the way businesses protect themselves. It uses data and automation across all stages of the cybersecurity framework - Identify & Predict, Protect, Detect, Respond & Recover - to bring faster and more cost-effective cybersecurity.

However, applying AI in this cybersecurity framework is more than investing in the latest AI tools. Human intelligence is crucial in developing a customized, comprehensive, proactive cybersecurity strategy.

With the rapid advancement of AI, it’s only a matter of time before businesses face AI-powered cyberattacks head-on—time to make AI your ally, not your enemy. Harness the power of AI with your trusted security partner to elevate your security measures in the ever-evolving threat landscape.