SECaas – Security as a Service. Current risk on info security, data and financial value loss continually is growing fast. At the same time this is getting identified, managed and mitigated as well. Some cyber attacks are never been reported and some are still unknown to the companies. We will open the discussion on AI, Cybersecurity and now Security as a Service role for today’s world.
Before we go deeper into SECaaS lets under the terms used here. Please note all the discussion will focus around FinTech domain, that’s what I do.
Emerging Technologies – AI, ML and DL
As per Sir Andrew NG – AI is the new electricity to power up any business of today with ability to kill the business if ignored. Machine Learning and Deep learning are still part of AI domain as sub domain.
- Artificial Intelligence – An umbrella that give synthetic thinking approach to all technologies take shade under this umbrella. AI solve problems in a heuristic way with being explicit or meta-heuristic.
- Machine Learning –Machine Learning is a sub-set of artificial intelligence where computer algorithms are used to autonomously learn from data and information. Machine Learning is; where business and experience meet emerging technology and decides to work together.
- Deep Learning – Subset of Machine Learning. It is an algorithm which has no theoretical limitations of what it can learn; the more data you give and the more computational time you give, the better it is – Sir Geoffrey Hinton (Google).
Software Based Security
In modern and emerging markets “Software Based Security” or info-security is the protection given to customer data, transaction, inter working of systems which also has ability to do pattern checks, velocity checks, all sort of analytics and many other abilities.
In FinTech domain info security to secure electronic transaction enables interoperability between applications across diverse platforms and operating systems. Authenticating cardholders and merchants, ensuring confidentiality of information and payment data, define protocols and electronic security service providers. Digital wallet software − secures cardholder’s online purchases via point and click interface. With the public key used to sign communication with that entity in a cryptographic system.
Few modes of Digital Payment
- Banking Cards (Credit, Debit, Stored value/prepaid) – Used with PoS machines, ATMs, Online.
- Instant Payments – authenticates the identity of the user like a debit card does using the phone as a tool instead of a separate card – Smart phone & bank account.
- Digital Wallets – a type of electronic card used for transactions made online through a computer or a smart-phone – Utility of e-wallet is same as a credit or debit card-Make paperless money transaction easier.
- Banking transaction out of bank at PoS with the help of Banking Correspondent.
- USSD – Unstructured Supplementary Service Data – Mobile banking for feature phones. Security around USSD
- AirInterface Security – between handset and nearest tower – UnSecure
- Core Network Security – between tower and USSDGW – UnSecure
- But both can be encrypted and reason its not done because of the payload it puts on network which has no business cases. Unfortunately all USSD messages in GSM network transfer as a plain text. Having said all this; USSDGW is still far better because of the skill needed to hack. But after message reach to server this can be easily encrypted and hackable
Hardware Based Security
AI and blockchain workloads that rely on hardware-based protection for improved info-security. As AI is already “a thing” in security and crime prevention in many parts of the world today. Hardware boosting on per-chip throughput is finding high priority and importance then just becoming a unit on scaling line.
Intel software guard extensions, or SGX, which is a set of CPU instruction codes that enable and execute the selected code and data in protected areas called enclaves. Artificial intelligence and machine learning technologies are applied and developed across this spectrum. Today I as a Data Scientist want to train my neural network model based interface to my data ocean to faster processors, boosted chips, FPGAs, GPUs, and similar technology. AI based hardware for info-security inference with below segments.
- Cyber Attacks and Software Errors/Failures
- Security & Crime Prevention
- Privacy Protection
- Differential Privacy:
- IoT Systems Security
- Analytics of Consumer Information
- Game Theory
Cyber Security getting strengthen based on machine-learning software explosion but at the same time so the hackers. Software developers, hardware and system designers are going back to school. Current challenges on computing power and storage requirement pushing service and product providers to go back and look at boosting per-chip throughput and not scaling out platforms over warehouses of boxes.
Artificial Intelligence – The Super Hero of CyberSecurity
CyberSecurity powered with Artificial Intelligence can boost transparency levels of Cyber playing field. The Appeal of AI for Cyber Security has extremely good reasons like automation of operational tasks, developing & delivering predictive capabilities, mitigating human biases behaviour and derive doable intelligence. On the down side AI requires high volumes of high quality data to learn. Data silos and varying formats can affect training.
Given dynamic cyber landscape use cases need to stand the test of time and context but most of time it negate value. AI in CyberSecurity has some questions as below.
- Will artificial intelligence take over cyber security?
- How the next level of Cybersecurity will become an AI powered data-centric model?
- AI and Cybersecurity: Friends or foes?
CyberSecurity with Artificial Intelligence will get smarter at the same time cyber crimes as well. What’s the next stage in cybersecurity?
- May be a simple An AI-powered, data-centric model with huge processing power.
- Analytical trends / patterns model with any velocity of data to make quick decisions etc.
Data-centric models help to rid of noise and discard it for some other day use. Motivations and applications of AI in cyber security has a huge list so we not be able to cover all here. Begin your AI filled CyberSecurity journey now.
Security Intelligence – Security as a Service – SECaaS or SaaS
SECaaS – Another business model of today like MLaaS, AIaaS and BaaS etc; in this model service provider integrates their security services ecosystem into any business. In returns charge monthly subscription fee. This method of info-security bring cost effectiveness, transfer of ownership and speed to corporates. SECaaS also has a shorter time to value than traditional security offerings.
Threat Intelligence made threat hunting easy and predictable. In FinTech fraud hunting gets open and easy thus reduce frauds. Fraud hunting under FinTech works kind of next-generation antivirus solution powered with AI and machine learning. This service can work as “As a service” model to identify potential frauds under malware entering a system. Don’t get too excited about cyber intelligence or SECaaS as AI in cyber security works as a double-edged sword.
Adopting Security-as-a-Service also address the industry skills gap. AI and machine learning techniques especially predictive analytics can leverage anomaly detection to identify potential security threats. SECaaS service providers or domain specilaised managed security services providers; do much better job and help companies to fill gap for their limited time and resources.
Threat Intelligence & SECaaS
The right SECaaS provider always help to overcome vulnerabilities without spending fortune and hiring super expensive resources. This gets possible with brand new technique called Threat Intelligence. With this intelligence its now possible to determine the difference between a bot and a human, and this intelligence allows network to respond to the attack patterns without any form of interaction from human interface.
Normally by the time the bad IP address gets blocked, the hackers would have already moved to another IP address. So the intelligence to determine the difference between a bot and a human is a serious break through. SECaaS service providers also face few of the challenges as below
- Sense of data loss to the service seekers
- Regulatory compliance violation issues from local environment
- DoS and DDoS attacks on service providers impacts service seekers
Most of SECaaS integrate their services service seekers existing infrastructure or deploy hybrid environments for use of mix of cloud and on-premise resources.
Books + Other readings Referred
- Open Internet, research papers & Conferences.
- Hands on personal research work @AILabPage
Conclusion – SECaaS model gets distorted as applications softwares, storage, and infrastructure runs remotely. Cybersecurity is NOT just an information technology department. People in same department does not own the problem or responsibility in full. It is the job of every employee and even customers of the organisation. As per google search engine identities are being stolen online every 3 seconds 24/7. So what are we doing, how can we protect it. GDPR makes it even more relevant. There are organization which has suffered the cyber attacks, about to suffer and may have suffered but don’t know. To find better answers on this we need AI techniques to get over this. Understanding the relationship between AI or a science that can imitate human beings and Cybersecurity that is essential need for all is the key to success in business today.
============================ About the Author =======================
Read about Author at : About Me
Thank you all, for spending your time reading this post. Please share your opinion / comments / critics / agreements or disagreement. Remark for more details about posts, subjects and relevance please read the disclaimer.