3 min read

The power of AI to fight the dark arts of cloud security threats

Listen to this blog post instead:
The power of AI to fight the dark arts of cloud security threats
The power of AI to fight the dark arts of cloud security threats

An alarming four cyber attacks per second occur across the world.

That's nearly 1,000 attacks by the time you finish reading this blog post.


But it's not just cyber attacks that can cause Chief Information Security Officers (CISOs) to lose sleep: Data breaches, cloud misconfigurations, insider threats and shared technology risks can be the stuff of nightmares too. 

AI offers significant potential to cloud security as threats become increasingly sophisticated and, ironically, even at the hands of AI technologies themselves. It's core weaponry comprises:

  • Anomaly detection - continuously monitor cloud activity and identify unusual patterns
  • Threat intelligence - analyse vast amounts of data to identify emerging threats
  • Automated response - automate tasks such as blocking suspicious activity or quarantining infected systems
  • Predictive security - analyse historical data to predict future attacks and take preventive measures.

This piece explores some of the AI tools that organisations can deploy to help protect and monitor data and applications hosted in the cloud. At the same time, our White Paper explores in greater detail how can AI play an important part in addressing cyber security risks. The end game is all about eliminating or reducing the costs and impacts of data breaches, maintaining regulatory compliance and mitigating evolving cyber threats. 

Improving security posture with architectural guidelines

Unfortunately, there is no magic solution, and no single tool will defend all workloads from all cyber-attacks. However, there are some AI and machine learning powered services that can help improve security posture when combined with architectural guidelines such as the Zero Trust model. 

AI-powered cloud security options include:

  • AWS Guard Duty continuously monitors AWS accounts, instances, serverless and containers workloads, users, databases and storages for potential threats. They expose threats quickly using anomaly detection, Machine Learning (ML), behavioural modelling and threat intelligence feeds from cloud providers and leading third parties. 
  • Amazon Detective simplifies investigation and helps security teams conduct faster and more effective investigations. 
  • Macie is a data security service that uses ML and pattern matching to discover and help protect sensitive data. 
  • Fraud Detector is a fully managed service using ML to enable customers to identify potentially fraudulent activities and catch more digital fraud faster. 
  • CodeGuru Security is a static application security testing (SAST) tool that combines ML and automated reasoning to identify vulnerabilities in code, providing recommendation fixes 
  • Amazon Lookout for Metrics uses ML to detect and diagnose anomalies within business and operational data. It helps to reduce false positives, diagnose root causes and seamlessly integrate with databases and storage services. 
  • DevOps Guru uses ML to detect abnormal operating patterns to identify operational issues before they impact customers.
  • SageMaker builds, deploys and trains enterprise’s own machine learning models. 

Strength in numbers for a cyber-secure cloud 

It is important to understand the division of responsibilities between cloud providers and customers when it comes to cloud security.

Cloud providers are responsible for securing the global infrastructure that runs their services, as well as the security of their own cloud services. This includes the security of hardware, software, networking and facilities. 

The cloud provider also offers security resources and tools to help its customers protect their data and applications. On the other hand, customers are responsible for ensuring their cloud resources are secure. They must introduce measures to protect their data, including encrypting sensitive information both at rest and in transit.

It is essential for customers to implement security controls for their applications, such as access control and input validation. Lastly, customers must monitor their cloud resources for any security threats and respond promptly to incidents. 

One cloud provider, AWS, recommends that its customers adopt the Zero Trust model, which assumes that no user, device or workload can be inherently trusted. Instead, all access to resources is granted based on continuous verification of identity, risk assessment and least privilege. However, moving towards Zero Trust should be done incrementally, with some level of flexibility to allow for innovation.  

Optimising workloads with AWS Amazon Q

Amazon recently-launched Amazon Q, an AI assistant trained on 17 years of AWS knowledge. From a cybersecurity perspective, the technology can provide recommendations on how to configure services in line with the AWS Shared Responsibility Model.

The model divides both the responsibility of AWS and the customer for securing data in the cloud. This includes enabling encryption, implementing identity and access management controls and monitoring for anomalies. Amazon Q can offer guidance on security-related AWS services. It can explain how services like Inspector, Macie, GuardDuty and Shield work and how they can help detect and prevent threats. The technology can troubleshoot security issues and errors by diagnosing root cause issues and providing step-by-step remediation instructions.

Conclusion – a securer cloud future using AI

Protecting applications and workloads from cyber attacks is a never-ending challenge as new cyber attacks emerge every day and new vulnerabilities are identified and exploited. 
As cyber attacks become more sophisticated, having a strong cybersecurity posture for your enterprise is critical.

Cloud providers are offering a greater range of cloud services than ever that use AI and machine learning to help improve this posture. 

Their list of services is constantly expanding, and we can expect AI to be integrated into more services in the future. By using AI, we can access a great number of services provided by cloud providers to help us defend against attacks. 

However, it is equally crucial to remember the basics and follow security guidelines in conjunction with the new tools and services.

AI is here to assist us, directly or indirectly, in our bid to bolster cloud security. 

Our white paper provides further valuable insight on the powerful capabilties of AI.