The National Security Agency (NSA) has launched a new tool powered by artificial intelligence (AI) to assist vendors in the defense industrial base (DIB) and the intelligence community in accelerating their cyber defenses.
The Autonomous Penetration Testing (APT) platform is designed to automate much of the manual work involved in identifying vulnerabilities and assessing the strength of cyber defenses, according to Kristina Walter, director of NSA’s Cybersecurity Collaboration Center.
“It’s essentially a commercial tool that a company can use to run an internal pen test on their network,” Walter said during a Defense One webinar on Nov. 19.
“The tool uses AI to emulate an actor’s actions, showing how they would move laterally through the network. It can inform the company about where outdated appliances need to be addressed, which software needs updating, and how an actor would navigate through their systems,” she said.
The APT tool – currently available via NSA’s Cybersecurity Collaboration Center – presents a massive shift in the way that the Defense Department (DoD) thinks about cybersecurity.
According to Tahira Mammen, director of NSA’s AI Security Center, “the idea of continuous detection and continuous penetration testing, as brought about through some of this new tool, is really a big change in the way [the DoD] is thinking about [cybersecurity].”
She further explained penetration testing and general cybersecurity testing “not very long ago was a thing that happened on a very scheduled basis, quarterly,” but this new tool “is certainly in line with the way we see the threat space evolving.”
“[Before] penetration testing, and general cybersecurity technique requires hunting through thousands of logs and an extensive amount of data that most companies weren’t maintaining at the time. What we found is that by using AI, we can discover it more rapidly,” Mammen said. “This way, a human isn’t triaging through the data; instead, we can leverage AI to detect that type of [threat].”
NSA has also eyed AI capabilities to accelerate defenses by detecting behavioral techniques, such as living off the land and providing real-time services like secure domain name system attack service management.
