Is it true that artificial intelligence and machine learning are the future of cybersecurity?

The essential thing to consider is that today's use of the internet has extremely low costs and attack procedures are in the reach of many, even without a big investment, while defending requires high costs and complex structures. This contrasts with today's very vulnerable traditional network systems.

In traditional networks, security features ( firewalls and IDS / IPS ) are generally implemented on proprietary devices that usually lack a general programming interface. Their flexibility and versatility are therefore very limited. These devices are also often placed at the traffic entry points and have a constant capacity in terms of the maximum amount of data they are able to process.

The nature of traditional devices, therefore, makes them quite unsuitable in the context of emerging technologies such as SDN and NFV, primarily because the network perimeter in a virtualized environment becomes very fluid and it is not always possible to uniquely identify the input point of the traffic and secondly because virtualized applications flexibly scale to handle workload variations, and this would require that the security features that protect them should also be scaled accordingly.

Third, traditional security features are often delegated to large devices that protect entire areas or domains. However, in virtualized environments, there is a growing need for small instances that can protect specific areas or services in a much more personalized and dynamic way.

To address these new challenges are advanced new technology development phases such as " vNSF " which virtualizes and uses security features much more dynamically, promptly and eloquently resizing the resources needed to vary the volume of traffic.

vNSF can also reconfigure security policies automatically and in real time. This allows you to perform prevention and detection of attacks through virtual honeypots that can capture malicious packets, learn and generate mathematical models and historical series of aggressions, and then send templates to a virtual IDS / IPS that performs actions necessary to protect the infrastructure and the provision of services.

A concrete implementation example for these emerging technologies is the SHIELD project that can be summarized as an advanced Intrusion Detection and Protection System (IDPS) system based on SDN, NFV, TPM and DARE ( Data Analysis and Remediation Engine ) technologies that uses the Machine Learning and Big Data as analysis tools for monitoring network security.

John Giordani
Cybersecurity Expert, Chief Information Security Officer (CISO), and Certified Information Systems Auditor (CISA) ​

Cybersecurity Expert, Chief Information Security Officer (CISO), and Certified Information Systems Auditor (CISA)

"Speed and simplicity: these are the keywords to overcome the enemy."