Why AI and autonomous response are crucial for cybersecurity (VB On-Demand)
Presented by Darktrace
Today, cybersecurity is in a state of continuous growth and improvement. In this on-demand webinar, learn how two organizations use a continuous loop of AI feedback to identify vulnerabilities, tighten their defenses, and improve the results of their cybersecurity programs.
Watch it here for free on demand.
The landscape of security risks is in full swing, and the traditional approach to cybersecurity is no longer sufficient. Remote work has become the norm, and outside the walls of the office, employees are dropping their personal security defenses. The cyber risks introduced by the supply chain through third parties remain a major vulnerability, so organizations need to think not only about their defenses, but also those of their suppliers to protect their priority assets and information. infiltration and exploitation.
And that’s not all. The ongoing conflict between Russia and Ukraine has provided more opportunities for attackers, and social engineering attacks have multiplied tenfold and become increasingly sophisticated and targeted. Both play with the fears and uncertainties of the general population. Many security experts have warned of future threat threats that take advantage of AI to launch cyberattacks, using intelligence to optimize routes and accelerate their attacks on an organization’s entire digital infrastructure.
“In the modern security climate, organizations have to accept that attackers are very likely to be able to break through their perimeter defenses,” says Steve Lorimer, head of privacy and information security for the Hexagon group. “Organizations need to focus on improving their security stance and preventing business disruption, the so-called cyber-resilience. You don’t have to win all the battles, but you have to win the important ones.”
ISOs need to look for cybersecurity options that alleviate some resource challenges, add value to their computer, and reduce response time. Self-learning AI is trained using unlabeled data. Autonomous response is a technology that calculates the best course of action to contain ongoing attacks at machine speed, preventing attacks from spreading throughout the business and disrupting crucial operations. And both are becoming essential to a security program to address these challenges.
Why self-learning AI is essential in the new cybersecurity landscape
Attackers are constantly innovating, transforming old attack patterns into new ones. Self-learning AI can detect when something changes in an organization’s digital infrastructure, identify previously unseen behaviors or patterns, and act to quarantine the potential threat before it becomes a global crisis. rule, interrupting the business.
“It’s about building layers at the end of the day,” Lorimer adds. “AI will always be a support element, not a substitute for human teams and knowledge. AI can empower human teams and reduce the burden. But we can never rely entirely on machines; You need the human element to make instinctive decisions. and emotional reactions to influence more meaningful business decisions. “
The advantages of the autonomous response
Cyberattacks often start slowly; many take months to pass between reconnaissance and penetration, but the most important components of an attack happen very quickly. Autonomous response unlocks the ability to react to machine speed to identify and contain threats in this short window.
The second key advantage of the stand-alone response is that it allows for “always active” defense. Even with the best intentions in the world, security teams will always be limited by resources. Not enough people to defend it all the time. Organizations need a layer that can augment the human team, giving them time to think and respond with a crucial human context, such as business and strategic insight. Autonomous response capabilities allow AI to make decisions instantly. These micro-decisions give human teams enough time to make these macro-decisions.
Level up: take advantage of the modeling of the attack trajectory
Once an organization has matured its thinking to the point of being in breach, the next question is to understand how attackers cross the net, says Lorimer. Now, AI can help companies better understand their own systems and identify the most risky paths an attacker can take to reach their crown jewels or the most important information and assets.
This simulation of attack allows them to harden their defenses around their most vulnerable areas, says Lorimer. And self-learning AI is really a paradigm shift: instead of building defenses based on historical attack data, you need to be able to defend yourself from new threats.
Pathfinder modeling (APM) is a revolutionary technology because it allows organizations to map paths where security teams may not have as much visibility or may not have been initially considered vulnerable. The network is never static; a large, modern and innovative company is constantly changing. Thus, APM can continuously run and alert teams of new attack paths created through new integrations with a third party or a new device that joins the digital infrastructure.
“This ongoing AI-based approach allows organizations to continually tighten their defenses, rather than relying on biannual, or even less frequent, red team exercises,” says Lorimer. “APM enables organizations to proactively address network vulnerabilities.”
Choose a cybersecurity solution
When choosing a cybersecurity solution, there are a few things ISOs should look for, says Lorimer. First, the solution should increase human resources without creating substantial additional work. Technologies should be able to increase the value that an organization offers.
ISOs should also try to repair any significant overlap or gap in technology in their existing security batteries. Current solutions can replace much of the existing stack with better, faster, more optimized, more automated, and technology-based approaches.
Beyond the technology itself, ISOs need to find a vendor that adds human experience and contextual analysis.
“For example, Darktrace’s Security Operations Center (SOC) and Ask the Expert services allow our Hexagon team to get information about their global fleet, their partner community, and their entire customer base.” says Lorimer. “Darktrace works with companies from all different industries and geographies, and this context allows us to understand threats and trends that may not have affected us immediately.”
Hexagon operates in two key industry sectors: manufacturing and software engineering, so each facet of the business faces different and specific threats from different threat actors. Darktrace’s SOC provides information from the industry’s broadest industry experts and analysts based on their wealth of knowledge.
But even with the best tools, you can’t solve all the problems. You need to focus on resolving issues that will really affect your ability to deliver to your customers and therefore your results. You should establish controls to help you manage and reduce this risk.
“It’s about tackling the problems before they can escalate and chart the possible consequences,” Lorimer says. “It all comes down to understanding the risk to your organization.”
To learn more about the current threat landscape and to learn more about how AI can transform your cybersecurity program, don’t miss this VB On-Demand event!
Watch it here for free on demand.
You will learn about:
- Protecting and securing citizens, nations, facilities and data with autonomous decision-making
- Apply continuous AI feedback systems to improve results and strengthen security systems
- Simulate real-world scenarios to understand the attack paths that opponents can take against critical assets
- Merge the physical and digital world to create smart security for infrastructure
- Nicole EaganChief Strategy Officer and AI Officer, Darktrace
- Norbert Hankeexecutive vice president, Hexagon
- Mike BeckCISO global, Darktrace
- Steve LorimerResponsible for privacy and information security of the group, Hexagon
- Chris PreimesbergerModerator, Contributing Writer, VentureBeat