Cybersecurity countermeasures have traditionally been reactive; in other words, the vaccine comes only after the virus has infected the system. The countermeasure typically follows the evaluation and remedy of a security incident. Cryptographic measurements and controls (to create trusted IIoT ecosystems) and anomaly detection functions address this reactive behavior. Host intrusion detection (HID) and host intrusion protection (HIP) are examples of dynamic integrity attestation controls to proactively secure an endpoint.
In IT environments, network and application blacklisting policies are commonly used. Whitelisting is more common in OT environments. But, when new exploits of zero-day vulnerabilities are detected, these policies are updated after the fact. AI/machine learning allows us to dynamically update blacklisting and whitelisting policies, based on anomalous behavior.
Machine learning extensively uses mathematical models based on historic...