Use AI to Improve Penetration Testing
Use AI to Improve Penetration Testing
The most effective penetration testing methods combine threat intelligence, vulnerability scanning, and human expertise to validate the criticality of vulnerabilities through simulated attacks on an IT environment. Security professionals are now increasingly employing artificial intelligence (AI) and machine learning (ML) to assist in their penetration testing efforts. How are these capabilities improving penetration testing, and can they make more regular penetration testing practical in an ongoing risk management program?
Human expertise has always played a key role in traditional penetration testing, but, today’s security professionals—and penetration testers, in particular—are looking for ways in which AI and ML can improve the testing process. Charles Parker, a cybersecurity engineer and security architect at Aptiv, believes that AI and ML have a lot to offer penetration testers. “This technology has been overlooked as a way to help improve productivity and alleviate, at least to some extent, the shortage of qualified staff,” he says. “It is being applied sporadically, but it has a lot more to offer.” Arun DeSouza, chief information security officer at Nexteer Automotive, sees opportunities to strengthen the penetration testing process through automation of manually intensive tasks. Javier Avila, a cybersecurity analyst for AGS Alpama Global Services, explains. “Standard penetration tests consist of seven phases. AI and ML can assist in vulnerability analysis and exploitation by extracting information from services running on target systems. You have to be careful about executing scripts that would affect the performance of the systems or the integrity of the data or that would render an application unavailable. Even in other phases of the standard penetration test, AI and ML can help generate metrics, discover network infrastructure, and report the results according to the steps applied.”
Penetration testing stands to gain from AI and ML in several ways. DeSouza points out that penetration scans generate large, high-volume data sets. He sees an opportunity to use AI to filter that data and eliminate the noise. “Doing so will increase the usability of the results and generate actionable insights more efficiently.” Parker believes that these technologies will also help produce test results more quickly, and in matters of cybersecurity, time is of the essence. Avila says, “Time is critical because we never know when an attack will happen or what the next threat will be. By automating vulnerability analysis and exploitation, you can reduce the operational cost and speed vulnerability reporting.” Avila also notes that security engineers still have a key role to play, even in a more automated penetration testing process. “It is always important for a security engineer to interpret the results to improve, validate, and confirm the algorithms and execution of the correct process.”
That’s a fundamentally important point to keep in mind, because all AI systems must be trained for the environments in which they operate. In the case of penetration testing, only a human can do that. Avila emphasizes this point when he says, “Human penetration testers have something that AI and ML do not: the common sense and judgment that enables them to identify a vulnerability that could affect a production system. They must analyze results of penetration tests and integrate that knowledge into the AI and ML algorithms to improve the results the system will generate going forward.” DeSouza agrees, saying that organizations will always need qualified penetration testers to interpret and validate scan insights, generate action plans to mitigate risks, and “train” AI and ML algorithms for continuous improvement.
- By automating vulnerability analysis and exploitation, you can reduce the operational cost and speed vulnerability reporting.
- Human penetration testers have something that AI and ML do not: the common sense and judgment that enables them to identify a vulnerability that could affect a production system.
- AI can assist in vulnerability analysis and exploitation by extracting information from services running on target systems. AI helps generate metrics, discover network infrastructure, and report results more quickly.
- Organizations will always need qualified penetration testers to interpret and validate scan insights, generate action plans to mitigate risks, and “train” AI and ML algorithms for continuous improvement.