peshkov - stock.adobe.com
Swiss-based cyber security firm High-Tech Bridge continues to invest in developing machine learning capabilities and sees the technology as key to improved cyber defence capabilities.
This is a good use case for machine learning, according to Ilia Kolochenko, CEO and founder of High-Tech Bridge, based in Geneva, Switzerland.
“Machine learning in the context of application security is very practical because it enables organisations to automate something that previously required human intelligence,” he told Computer Weekly.
High-Tech Bridge has pursued machine learning to simplify the challenges facing information security practitioners. It has done this by identifying all the applications their organisation is running and highlighting vulnerabilities that attackers can exploit through its ImmuniWeb platform.
The aim, said Kolochenko, is to achieve “intelligent automation” so that complicated application security testing tasks can be carried out without human intervention and without losing reliability or quality.
“In the past, automation usually implied loss of quality, loss of integrity or loss of reliability – now we say intelligent automation is as good as human testing, but no human time and costs are involved,” he said.
“It is much more scalable and less expensive than manual penetration by human testers, which is often unaffordable for some organisations.”
According to Kolochenko, the biggest challenge for all machine learning technologies, which are a subset of artificial intelligence (AI) technologies, is the sets of data that are needed to train them.
“We were continuously aggregating, collecting, storing and correlating data about how people test applications, and then we trained our technology to simulate human behaviour when detecting vulnerabilities in an application,” he said.
As a result, Kolochenko said High-Tech Bridge can deliver the same quality as if it were human testing, but can keep costs very low. “We have made human intelligence scalable and cost efficient – we are able to offer very competitive pricing,” he added.
High-Tech Bridge developed these machine learning capabilities to offer an alternative to traditional application security testing scanners that continually provided false positives, which qualified people had to re-verify because the automated technology was not sophisticated enough to detect complicated flaws.
“We do not intend to eliminate people completely and in the next 10 years we will certainly need some human intelligence to enhance our technology, but what we are doing successfully is continually reducing the amount of human time to attain the same high-quality result,” said Kolochenko.
High-Tech Bridge is continually evolving its machine learning capability, which is still not capable of detecting some particular vulnerabilities related to business logic.
“In such cases we still need support from people who understand the business processes involved to evaluate whether something is a vulnerability or what appears to be a flaw has been built that way for a particular purpose,” said Kolochenko.
However, progress is being made in the company’s mission to simplify the challenges facing information security professionals, with the latest evolution of its products designed to not only identify applications and their inherent vulnerabilities, but also to help identify the order in which they need to be addressed.
The company’s ImmuniWeb Discovery service is designed to enable companies to enter the name of the business to reveal all externally accessible applications, web services, micro services, domains, sub-domains and mobile applications that can be attributed to that business.
“This provides a comprehensive inventory of all publicly accessible systems, which is important because 80% of our customers who use Discovery for the first time are not aware of [more than] 80% of their applications,” said Kolochenko.
“Many companies fail to defend themselves from attack because they don’t know how many applications they have or what data they contain,” he said.
According to Kolochenko, chief information security officers (CISOs) are typically excited to discover the hundreds of applications they were previously unaware of, but they do not know where to start in terms of addressing the vulnerabilities in those applications to reduce the risk of attack.
For this reason, the latest version of ImmuniWeb Discovery is designed to score applications in terms of “hackability” to indicate how easily a particular application can be hacked, and in terms of how “attractive” the application is to attackers based on data collected about all compromised and weak applications.
“By providing these two scores, CISOs can prioritise and match their efforts when spending, testing or deploying web application firewalls, which means they will have some actionable visibility by seeing their applications the way attackers see them, which will show what represents the greatest risk,” said Kolochenko.
Looking to the future, he believes intelligent automation based on machine learning has huge potential to free up qualified information security professionals to enable them to spend their valuable time on important tasks that really require human skills.
“These tasks include things like assessing risks and identifying what direction an organisation should take in terms of cyber security, which are things that a machine cannot do and something that cyber security professionals today fail to do because they do not have enough time,” said Kolochenko.
“Instead, they are dealing with things like false positives and analysing thousands of logs. We will be able to free up a lot of skilled hands who will be able to tackle the real problems and switch their attention from operational tasks to more strategic work,” he said.
This will enable a future where people will be taking key decisions because everything that can be automated will be performed by machines. “I expect that we will see an increase in efficiency and effectiveness,” said Kolochenko.