AI has gone mainstream, igniting conversations in schools, around dining tables, corporate boardrooms and social media, thanks to ChatGPT, an AI chatbot with conversation-making ability.
ChatGPT is trained on billions of web pages which are held in its computer memory and which form a reference model for making conversations and predictions. It is trained on large language models and deep learning techniques.
Local cybersecurity firm Ensign InfoSecurity has used the same techniques to build AI systems to detect and avoid threats like ransomware and other malware.
Developed in-house, the AI-powered technology can pluck out the signatures of potential malware that are fresh and never seen before – referred to as the “unknown unknowns” – and which could lead to cyber attacks.
Trained on voluminous amount of data, the AI systems can monitor and analyse the Internet data traffic that flows through Ensign’s security network operations centre and identify the “unknown unknowns” information that can lead to attacks. Ensign customers are informed while its cyber analysts study the potential culprits closely and if necessary, take action to deflect or neutralise them.
Without this analysis, enterprises would not be aware of such insidious malware creeping about in their networks.
Ensign’s CEO Tammie Tham explained: “Previously, there are solutions good for detecting the ‘known knowns’, that is the signatures of 80 per cent to 90 per cent of known threats. But what about the ‘known unknowns’ and the ‘unknown unknowns’? They are the most dangerous, difficult to identify and can cause great damage if left unchecked.”
To develop the AI-powered solution to tackle this challenge, Ensign turned to artificial intelligence, machine learning and deep learning techniques. The AI models needed to be trained on data. Ensign has access to large loads of telemetry data based on the many cyber projects it has here and the region. From this tranche of data, it stripped off the personal information and annonymised the information. Then it included the information it obtained from the honey traps which are special software decoys it released on the web to lure cyber attackers and allow cyber defenders to learn their hacking behaviour.
Said Tham: “What is important is that the data is real for training the AI models, and we can tune AI models to act more efficaciously.”
Once trained, the AI system can recognise legitimate information from the unauthenticated and gain better understanding of activity on the web traffic. This enables it to identify data that can be potentially malicious, and which will be highlighted for follow-up action.
Developed over the past three years, Ensign has patented in Singapore two of its AI-based innovations. Another two are pending patent. The company is also in the midst of filing global patents.
Ensign is the largest local cybersecurity firm in Singapore offering end-to-end cybersecurity solutions from consulting to managed services. As Tham proudly puts it: “We probably have an answer to all cybersecurity questions and challenges.”
Set up in October 2018, the company was a merger of local cyber firms, namely Quann and Accel. Included in this merger was Singapore telco Starhub’s cybersecurity centre of excellence.
A key strength of the company comes from its in-house R&D lab which has over 60 engineers in Ensign Labs, making up eight per cent of the company’s headcount of about 800 cybersecurity professionals. R&D professionals are not only engineers and computer scientists but they come from multi-disciplines including defence, e-commerce and social sciences to ensure diversity in thinking.
Said Tham: “Our innovations have found support from our customers. We are doubling down on our R&D work and investment in AI and ML. We are working on vulnerability research, focussing on the application and operating system layers.”
The company is also carrying out research on the threat landscape including investigating the dark web, a subset of the web which is often associated with criminal activity.
“We want to own the capability to form a picture of the threat landscape to Singapore and the countries we operate in. It is important for our professionals to know which is going on in the digital world,” she said.