Securing IoT with AI

I am often amazed by the things people say to me about security. For instance, I have heard executives who think their security can work by obscurity. It comes in two flavors, both of which are flawed.

The first is their belief that there are sweeter targets to go after and, as such, they are not one of the big companies, so they are safe. The problem here is that much of their network relies on big companies to carry their networks and many of them have been hacked.

The second is that their networks are secured by firewalls, and those firewalls are the only way for hackers to attack their networks. Here, the problem is one of internal obscurity. As we have added things to the network, some of them have dual connectivity (e.g., a Bluetooth-enabled sensor that is also part of the WAN). It also ignores the fact that, in sourcing devices, there have been many a selection based on price and not on security.

They also fail to recognize that security by obscurity is a two-edged sword, since known vulnerable devices represent a surface that is specifically hunted by hackers.

How can AI help?

The volume of IoT devices, their diverse nature, and their often-limited processing power make them human awareness an impossibility. This is where Artificial Intelligence (AI) plays a crucial role in keeping up with the volume, nature, and processing on the network overall. Here's a breakdown of how AI is securing IoT:

• Scalability is solved by AI, which automates network monitoring, enabling security teams to manage the massive scale of IoT deployments. AI can protect against malware by analyzing files and code, including sophisticated and polymorphic malware that can evade traditional security measures. It can perform audits, assuring that firmware is up-to-date for the entire enterprise.
• Complexity is also a challenge, as diverse devices and protocols are often only known to specific personnel. AI analyzes data patterns, which helps identify subtle security threats. AI can establish baseline behavior for network segments and detect deviations, even for previously unknown threats.
• Responsiveness is improved, since AI can analyze data in real time, enabling rapid detection and response to cyberattacks. This is crucial for minimizing the impact of security breaches. AI can automate security responses to detected threats, such as isolating compromised devices or blocking malicious traffic.
• Adaptability is what makes AI algorithms more than machine learning. AI can learn and adapt to new threats, making them more effective than traditional security measures that rely on static rules, which often lag behind the innovation of the hacking community. This allows security systems to proactively address potential vulnerabilities before they are exploited.
• AI can also improve physical security by improving authentication processes by using behavioral biometrics or other advanced techniques to verify the identity of users and devices. This prevents unauthorized access to IoT devices and data.

We are still in the early days of AI and have issues to address.

First of all, the AI itself needs to be tested and verify that it doesn’t increase the attack surface. This can manifest in data privacy risks, as AI collects sensitive data that may not comply with best practices. AIoT security needs to align with global regulations (e.g., GDPR, CCPA) to ensure data protection and legal compliance.

While AI mitigates risks, it's actions still need to be auditable and transparent. In addition, current “Zero Trust” security models should be implemented and all devices need to be continuously verified and network activity must be authenticated, instead of assuming any device is inherently trusted.

As IoT continues to grow, AI will play an increasingly vital role in ensuring the security and reliability of connected devices.