Presented by Darktrace
Today, cybersecurity is in a state of continuous growth and improvement. In this on-demand webinar, learn how two organizations use a continuous AI feedback loop to identify vulnerabilities, harden defenses and improve the outcomes of their cybersecurity programs.
The security risk landscape is in tremendous flux, and the traditional on-premises approach to cybersecurity is no longer enough. Remote work has become the norm, and outside the office walls, employees are letting down their personal security defenses. Cyber risks introduced by the supply chain via third parties are still a major vulnerability, so organizations need to think about not only their defenses but those of their suppliers to protect their priority assets and information from infiltration and exploitation.
And that’s not all. The ongoing Russia-Ukraine conflict has provided more opportunities for attackers, and social engineering attacks have ramped up tenfold and become increasingly sophisticated and targeted. Both play into the fears and uncertainties of the general population. Many security industry experts have warned about future threat actors leveraging AI to launch cyber-attacks, using intelligence to optimize routes and hasten their attacks throughout an organization’s digital infrastructure.
“In the modern security climate, organizations must accept that it is highly likely that attackers could breach their perimeter defenses,” says Steve Lorimer, group privacy and information security officer at Hexagon. “Organizations must focus on improving their security posture and preventing business disruption, so-called cyber resilience. You don’t have to win every battle, but you must win the important ones.”
ISOs need to look for cybersecurity options that alleviate some resource challenges, add value to their team, and reduce response time. Self-learning AI trains itself using unlabeled data. Autonomous response is a technology that calculates the best action to take to contain in-progress attacks at machine speed, preventing attacks from spreading throughout the business and interrupting crucial operations. And both are becoming essential for a security program to address these challenges.
Why self-learning AI is essential in the new cybersecurity landscape
Attackers are constantly innovating, transforming old attack patterns into new ones. Self-learning AI can detect when something in an organization’s digital infrastructure changes, identify behaviors or patterns that haven’t been seen previously, and act to quarantine the potential threat before it can escalate into a full-blown crisis, disrupting business.
“It’s about building layers at the end of the day,” Lorimer adds. “AI will always be a supporting element, not a replacement for human teams and knowledge. AI can empower human teams and decrease the burden. But we can never entirely rely on machines; you need the human element to make gut feeling decisions and emotional reactions to influence more significant business decisions.”
The advantages of autonomous response
Often, cyber attacks start slowly; many take months to move between reconnaissance and penetration, but the most important components of an attack happen very quickly. Autonomous response unlocks the ability to react at machine speed to identify and contain threats in that short window.
The second key advantage of autonomous response is that it enables “always-on” defense. Even with the best intentions in the world, security teams will always be constrained by resources. There aren’t enough people to defend everything all the time. Organizations need a layer that can augment the human team, providing them time to think and respond with crucial human context, like business and strategy acumen. Autonomous response capabilities allow the AI to make decisions instantaneously. These micro-decisions give human teams enough time to make those macro-decisions.
Leveling up: Leveraging attack path modeling
Once an organization has matured its thinking to the point of assumed breach, the next question is understanding how attackers traverse the network, Lorimer says. Now, AI can help businesses better understand their own systems and identify the most high-risk paths an attacker might take to reach their crown jewels or most important information and assets.
This attack simulation allows them to harden defenses around their most vulnerable areas, Lorimer says. And self-learning AI is really all about a paradigm shift: instead of building up defenses based on historical attack data, you need to be able to defend against novel threats.
Attack path modeling (APM) is a revolutionary technology because it allows organizations to map the paths where security teams may not have as much visibility or may not have originally thought of as vulnerable. The network is never static; a large, modern, and innovative enterprise constantly changes. So, APM can run continuously and alert teams of new attack paths created via new integrations with a third party or a new device joining the digital infrastructure.
“This continuous, AI-based approach allows organizations to harden their defenses continually, rather than relying on biannual, or even more infrequent, red teaming exercises,” Lorimer says. “APM enables organizations to remediate vulnerabilities in the network proactively.”
Choosing a cybersecurity solution
When choosing a cybersecurity solution, there are a few things ISOs need to look for, Lorimer says. First, the solution should augment the human teams without creating substantial additional work. The technologies should be able to increase the value that an organization delivers.
ISOs should also look to repair any significant overlaps or gaps in technology in their existing security stacks. Today’s solutions can replace much of the existing stack with better, faster, more optimized, more automated and technology-led approaches.
Beyond the technology itself, ISOs must seek out a vendor that adds human expertise and contextual analysis on top.
“For example, Darktrace’s Security Operations Center (SOC) and Ask the Expert services allow our team at Hexagon to glean insights from their global fleet, partner community, and entire customer base,” Lorimer says. “Darktrace works with companies across all different industries and geographies, and that context allows us to understand threats and trends that may not have immediately impacted us yet.”
Hexagon operates in two key industry sectors: manufacturing and software engineering, and so each facet of the business faces different, specific threats from different threat actors. Darktrace’s SOC offers insights from broader industry experts and analysts based on their wealth of knowledge.
But even with the best tools, you can’t solve every problem. You need to focus on solving the issues that will genuinely affect your ability to deliver to your customers and, thus, your bottom line. You should establish controls that can help manage and reduce that risk.
“It’s all about getting in front of issues before they can escalate and mapping out potential consequences,” Lorimer says. “It all comes down to understanding risk for your organization.”
For more insight into the current threat landscape and to learn more about how AI can transform your cybersecurity program, don’t miss this VB On-Demand event!
You’ll learn about:
- Protecting and securing citizens, nations, facilities, and data with autonomous decision making
- Applying continuous AI feedback systems to improve outcomes and harden security systems
- Simulating real-world scenarios to understand attack paths adversaries may leverage against critical assets
- Fusing the physical and digital worlds to create intelligent security for infrastructure
- Nicole Eagan,Chief Strategy Officer and AI Officer, Darktrace
- Norbert Hanke, Executive Vice President, Hexagon
- Mike Beck,Global CISO, Darktrace
- Steve Lorimer, Group Privacy & Information Security Officer, Hexagon
- Chris Preimesberger,Moderator, Contributing Writer, VentureBeat
AI security strategies