Modern cyber threats have grown increasingly sophisticated, posing significant risks to federal agencies and critical infrastructure. According to Deloitte, cybersecurity is the top priority for governments and public sectors, highlighting the need to adapt to an increasingly digital world for efficiency and speed.
Threat examples include insider threats, supply chain vulnerabilities, ransomware attacks, and other complex cyber intrusions that can cause severe disruptions and data breaches. To combat these evolving risks, a zero-trust security strategy is essential for government agencies to protect sensitive data and critical systems. However, more can be done to strengthen zero-trust implementations.
At its core, cybersecurity is a data problem.
As the number of connected users and devices expands, organizations are generating more data than they can effectively collect, manage, and analyze. If we cannot observe 100% of the data across the entire enterprise for every user and machine, how can we build a robust model to detect all deviations?
A zero-trust strategy assumes that no entity is trusted by default and verification is required from everyone to gain access. However, this approach requires increased visibility into every application and user on the network for continuous authentication and monitoring.
To achieve zero-trust maturity, the vast amount of data must be continuously monitored and analyzed for each user and application to identify anomalous behaviors. Human analysts cannot track all sensitive data being generated nor set policies for every potential vulnerability. Traditional rule-based mechanisms cannot keep pace with the escalating adversary landscape.
Using AI and generative AI technologies for advanced data analytics and automation is crucial.
Bolster cybersecurity with 100% data visibility
The massive influx of data significantly increases cybersecurity risks, creating an urgent need for advanced solutions like accelerated computing and AI.
This is where NVIDIA Morpheus, a GPU-accelerated cybersecurity AI framework, can help. Morpheus enables you to build optimized AI pipelines for filtering, processing, and classifying large volumes of real-time data. With Morpheus, organizations can harness the power of AI to analyze 100% of their data in real time across entire networks.
Traditional user behavior analysis relies on rule-based approaches or supervised learning models, which require predefined rules or labeled data to identify usual patterns. However, these methods can miss new or evolving threats that don’t fit the predefined patterns.
Morpheus uses deep learning and unsupervised learning to overcome these limitations. By analyzing large volumes of unlabeled data, it can identify and learn the normal behavior and detect deviations from these learned patterns, flagging them as potential anomalies. This approach enables the identification of previously unseen or undetectable threats, providing a more robust and adaptive security solution.
Using GPU acceleration, Morpheus can also process and analyze data at a much faster rate, delivering performance improvements of up to 600x compared to CPU-only solutions. This substantial speed increase reduces the time to detect from weeks to minutes, enabling more timely responses to potential security risks.
The Morpheus architecture is designed to harness the power of GPUs throughout the entire data processing pipeline, including data ingestion, preprocessing, inference, and post-processing (Figure 1). This enables it to handle vast amounts of telemetry, including raw packet data, efficiently and quickly.
Morpheus can perform rapid preprocessing, run deep learning models for real-time inference detecting anomaly, and execute post-processing to trigger immediate actions or policy updates. Using deep learning and data science tools, this integrated approach enables the development of security applications that can respond swiftly to threats and anomalies.
When combined with generative AI, Morpheus can unlock a broader range of advanced cybersecurity use cases, extending traditional detection to enhance a human analyst’s capabilities in solving complex problems.
NVIDIA NIM is a set of easy-to-use microservices for the secure deployment of AI model inferencing and NVIDIA NeMo is an end-to-end platform for custom generative AI development. With these services, Morpheus can automate security vulnerability analysis and remediation, generate synthetic data to train AI models for accurate spear-phishing detection, and address many more use cases.
Morpheus can be used as an SDK to build fully custom pipelines and models. You can also reference Morpheus cybersecurity AI workflows with pretrained models for various example use cases. NVIDIA collaborates with managed service partners, such as Deloitte and Accenture Federal Services, and leading security providers, such as CrowdStrike and Trend Micro to assist governments and enterprises in implementing cybersecurity AI applications.
Here are two common challenges that public organizations are facing, where Morpheus cybersecurity AI workflows can help provide reference examples to address:
- Accelerating anomaly detection with digital fingerprinting
- Automating CVE analysis with generative AI at enterprise scale
Accelerating anomaly detection with digital fingerprinting
One of the common security risks faced by governments is insider threats. Insider threats can originate from employees or contractors who have access to sensitive information and can misuse it, either intentionally or unintentionally.
The digital fingerprinting AI workflow in Morpheus was created to address this challenge. This workflow provides a reference example designed to uniquely fingerprint every user, service, account, and machine across the entire enterprise to detect anomalies.
While conventional user behavior detection depends on large grain models and pattern- or rule-based methods, these approaches are fragile to threats that resemble typical enterprise behavior.
In contrast, Morpheus’s digital fingerprinting approach offers a more nuanced and precise way for threat detection. Digital fingerprinting involves creating detailed and personalized models for every employee, group, business unit, and organization. This method captures the unique behavior patterns and activities of each user, enabling a more granular analysis of what constitutes normal behavior compared to anomalous behavior.
With digital fingerprinting, Morpheus can identify anti-patterns with exceptional granularity to detect complex and subtle threats. The system continuously monitors user and machine activities, detecting any deviations from established patterns. When a shift is detected, it generates alerts with actionable information for security analysts so that they can investigate potential threats quickly and respond effectively.
Automating CVE analysis with generative AI at enterprise scale
Patching software security issues is increasingly challenging as the number of vulnerabilities reported in the CVE database continues to grow at an unprecedented pace. Legacy systems are vulnerable to evolving cyberthreats, so keeping up with the latest security updates becomes essential for government IT teams to defend against breaches.
To triage a container for vulnerabilities, hundreds of pieces of information must be retrieved, understood, and synthesized. On average, it takes a human analyst hours or days to assess security issues for one container. With the growing number of vulnerabilities, the traditional manual approach to scanning and patching has become unmanageable.
Generative AI unlocks the possibility to enhance vulnerability defense while decreasing workloads on security teams. Organizations have already begun to explore generative AI to help automate this process. However, doing so at an enterprise scale requires a complex AI system to do the collection, comprehension, and synthesis of massive amounts of information.
Video 2 shows how generative AI and RAG can be used to reduce the time to identify and mitigate CVEs from hours or days to mere seconds.
To solve this problem, we created the security vulnerability analysis AI workflow (Agent Morpheus for the purpose of this post). Using NVIDIA NIM microservices, NeMo Retriever, and Morpheus, this application enables CVE analysis accelerated at enterprise scale, dramatically reducing time to assess from days to just seconds.
Agent Morpheus expedites the manual work of a human security analyst by properly and thoroughly researching and investigating a CVE and the scanned software container to confirm vulnerabilities. It generates investigation checklists, executes tasks to retrieve and analyze information, and then assesses if the container is vulnerable and exploitable. This process continues until all checklist items are addressed.
Finally, the agent summarizes the interaction, generates action justifications, and presents them to a human analyst for final decision-making (Figure 2).
This event-driven approach uses large language models (LLMs) and retrieval-augmented generation (RAG). It enables security analysts to identify exploitable and vulnerable components in a software package, triggered by the creation of a new software package or a new CVE. It helps reduce noise and identify false positives so that security teams can focus on the most critical security issues.
Learn more
The two workflows demonstrate how AI and generative AI can address today’s security challenges, particularly in threat detection and vulnerability management.
Morpheus can also extend to many other detection use cases, such as spear-phishing, sensitive information, and ransomware. These can be implemented across government agencies to bolster their zero-trust security strategies as the cybersecurity landscape evolves.
For more information, see the following resources:
- NVIDIA Morpheus product page
- /nv-morpheus GitHub repo for models
- Building AI-Based Cybersecurity Pipelines instructor-led course
- Digital Fingerprinting to Detect Cyber Threats free hands-on lab
Sign up to be notified about the upcoming security vulnerability analysis AI workflow It’s free with a 90-day trial of NVIDIA AI Enterprise. To learn more about how you can use NVIDIA Morpheus to address cybersecurity challenges with AI, contact NVIDIA AI Enterprise Sales.