Jason Lau
That principle resonates strongly in an era where the rise of generative artificial intelligence (AI) is causing tectonic shifts in cybersecurity. In response to these clear and present risks, I hold an optimistic vision for the prevailing good that can emerge from AI's intersection with cybersecurity.
In this third thought leadership piece of the series, where I previously addressed AI-powered malware at the 2019 RSA Conference and explored the risks of AI hacking our brains in my 2020 Forbes post, my aim is to illustrate how cybersecurity leaders can harness the power of AI for a "good offense" in cyber defense. By 2025, I envision the examples outlined below becoming widespread in the cyber defense landscape.
Offense in cybersecurity translates to establishing a strategic advantage over your adversary through proactive identification and neutralization of threats before they inflict damage—and continual learning from past incidents to improve future responses. This is where our journey into the world of AI-driven cyber defense begins. But a pertinent question arises: Should our approach in cybersecurity be laser-focused, running the risk of potentially missing out on the more common vulnerabilities, or should we strive for a broader focus that sweeps across a wider landscape while acknowledging the risk of missing the devil in the details hidden deep in the data?
The crux of our discussion lies in finding a balance between two strategic defense paradigms, Precision and Area Defense, concepts we borrow from the Bomber Mafia's tactics during World War II. Malcolm Gladwell’s eponymous book on the subject provides us with a historical backdrop, portraying the dramatic division between precision bombing and area bombing. It is here that we refer to the pragmatism of figures such as General Curtis LeMay, whose bombing strategy resonates in today's AI-driven cyber threat landscape.
This embodies the use of targeted, AI-powered tools to identify, understand, and neutralize specific threats—the cyber analogy of the strategic bombing approach of the Bomber Mafia.
• Employing an automated AI-powered threat intelligence platform that ingests real-time external signatures, tactics, techniques and procedures (TTP). This platform works to be significantly faster in identifying and neutralizing phishing, malware and other endpoint threats, evolving by learning from the methods of attacks.
• Implementing continuous automated sensitive asset monitoring and alerting, from API inventory used across the company to personally identifiable information (PII) scanning to detect specific instances of plaintext exposure and alerting teams.
• Conducting AI-powered continuous code reviews, scanning for code exceptions, cross-site scripting flaws, code injection, buffer overflow, and more, and automatically replacing it with secure code while maintaining the functional integrity of the code.
• Engaging AI to detect malicious AI. Indirect prompt injection attacks, highlighting emerging threats where adversaries try to infiltrate Large Language Models (LLMs) indirectly, through to AI being used to detect for malicious polymorphic malware and more.
Area Defense Approach
This resonates with LeMay's area bombing strategy, wherein broad-spectrum defenses are deployed to build system-wide resilience.
• Using AI-driven security information and event management (SIEM) systems that continually learn from the broad network activity, coupled with expansive AI-infused honey pots and firewalls that not only detect but predict potential intrusion attempts based on patterns in network traffic and threat actor behavior.
• Implementing automated AI brand protection, scouring the vast number of social media platforms for fraudulent impersonations and scam sites, and initiating automated takedowns.
• Utilizing AI-powered identity and access management (IAM) systems to adopt a Zero Trust risk-based access control approach. This system continuously performs a feedback loop, learning and adopting a trust-but-verify approach that iteratively improves the technical identity-driven security model.
• Employing AI-automated real-time blockchain transaction monitoring that "follows the digital wallet money trail," identifying fraud and crime rings by learning to recognize patterns of fraudulent activity, providing a holistic view of the financial landscape.
The above examples are intended to inspire, providing a vision of the possible at the intersection of AI and cybersecurity. However, this list is not exhaustive. As the symbiosis of AI and cyber defense evolves toward 2025 and beyond, it will undoubtedly unveil even more dynamic defense use cases.
In the timeless classic The Art of War, renowned military strategist Sun Tzu wisely reminds us, "Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat." This ancient wisdom remains profoundly relevant in our present-day digital battlefield.
As we hurtle into an increasingly interconnected future, AI undoubtedly emerges as a potent ally, a vanguard on the front lines, helping to predict, prepare for and swiftly prevent impending cyber threats. However, it's also becoming abundantly clear that possessing such a powerful tool—a cyber-sword of Damocles, if you will—is not enough. Today's cybersecurity leaders are called upon to do more than merely react and respond. They must embrace a proactive stance, constantly planning, predicting and positioning their defenses, making the necessary gambits to stay one step ahead of the relentless wave of cyber adversaries.
Yet moving too swiftly, without a considered, thoughtful approach, we risk trampling on the fragile terrain of ethics. How we wield AI in cybersecurity is as crucial as why and where we choose to deploy it. As leaders, it's imperative to intertwine the thread of ethical considerations tightly into our AI strategies, establishing a strong moral compass to guide us through the labyrinth of technological possibilities.
In this chess game of cybersecurity, the challenges of tomorrow have already arrived at our doorstep today. Having a cybersecurity plan is no longer an option; it's a requisite for survival, but a critical need for consideration is how AI can help empower security teams to be more agile and adapt to new and emerging cyber threats.
As we balance the delicate tightrope between precision and area defense, between speed and ethics, let's remember Sun Tzu's timeless words. Tactics, strategy and wisdom must harmoniously unite, forging a resilient defense that not only withstands but also thrives amidst the challenges of our AI-powered future. The stakes are high, and there's no turning back. The digital world, our world, depends on it.
No comments:
Post a Comment