AI-Powered Cyber Resilience: The Future of Cybersecurity

Cyber resilience with AI: Insights from mWise 2024 - SiliconANGLE

Bridging data gaps and fortifying AI security: theCUBE analyst insights from mWISE 2024 The reach of enterprise technologies such as artificial intelligence has permeated every business operations area. Given the resulting explosion in organizational data generation and reliance, the surface for cyberattacks has expanded. This growing vulnerability calls for an evolution of security frameworks and the need for strong cyber resilience with AI. "Security is one of those data problem areas and it's got a lot of risk management," said John Furrier (pictured, left), executive analyst at theCUBE Research. "You've got a lot of interplay and forces coming together from people, policy and technology to everything from UX to efficiency on operations. There's also reducing the steps it takes to make the user experience better, workflow management, and ultimately, at the end of the day, balancing the asymmetry between the bad guys and the good guys, as they say, offense and defense." Furrier was joined by fellow theCUBE Research analyst Savannah Peterson (right) for an analyst segment at mWISE 2024, during an exclusive broadcast on theCUBE, SiliconANGLE Media's livestreaming studio. They discussed the future of cyber resilience with AI -- one where cross-functional collaboration and readiness will play critical roles in safeguarding both enterprises and national security. (* Disclosure below.) As organizations grapple with AI-related risks, AI-powered security tools have emerged as key solutions. These tools can automate threat detection, streamline incident responses and provide predictive insights -- but they come with risks. Implementing strong governance models that ensure the ethical and secure use of AI models can help companies achieve the delicate balance between maximizing AI's potential and minimizing its security risks, according to Furrier. "You train the data and then, over time, it progresses and you start inferring from that knowledge," he said. "Sensitive information disclosures and breaches are huge. Whether that's infected LLMs or hallucinations or drift, data is coming out. Generative AI is increasing the surface area and is increasing the opportunities for cybercriminals to attack. Again, this is a massive market force and the collaboration between the teams is huge." Resilience has been a central theme at mWISE 2024. The focus on merely preventing attacks is yesterday's approach -- companies must also assume that an inevitable breach will occur. Cyber resilience with AI is a comprehensive strategy that includes both data backups and recovery plans and the ability to maintain operations during and after an attack. This approach is especially critical in the face of sophisticated threats such as ransomware. "Cyber resilience is now broad, from data backup and recovery to recovering from a breach like ransomware or maintaining the resilience of a stock," Furrier said. "We heard from Taylor [Lehmann] who runs all the CISO work at Google. These are the issues. How do I operate with my critical systems? How do I stress-test them? What can red teams do more of? All this is now completely at full scale and it's super important." The rise of agentic systems -- AI applications that operate autonomously -- presents additional challenges in supply chain security. Application security and supply chain observability must evolve in tandem to protect sensitive data. As AI permeates enterprise environments, the need for security protocols that protect both backend and frontend systems is more important than ever, Furrier concluded. "Agentic Systems is going to be part of an end-to-end application," he said. "When you look at that, it's a supply chain problem because when you deal with third parties, like APIs for instance, you want to know what's on the other side, not just saying you're secure. How do you ensure security end-to-end? And remember, we've seen the evolution of the supply chain conversation from hardware." Here's the complete video interview, part of SiliconANGLE's and theCUBE Research's coverage of mWISE 2024:

Cybersecurity resilience is critical as businesses adopt AI - SiliconANGLE

Cybersecurity resilience takes center stage as businesses embrace AI and cloud technologies In an enterprise computing ecosystem where digital transformation is accelerating, the need for cybersecurity resilience has never been more critical. As businesses adopt advanced tools, such as generative artificial intelligence and cloud computing, they are also facing growing risks. Balancing the pace of innovation with strong security is a challenge that requires more than just technological solutions -- it calls for a strategy that includes ongoing testing, development and the ability to secure increasingly complex supply chains. These interconnected systems now demand a stronger focus on both proactive defense and communication to stay ahead of emerging cyber threats, according to Taylor Lehmann (pictured), director of the Office of the CISO, Google Cloud Health, at Google LLC "Every problem is made easy to solve if you can recruit people to care about it and frame it in terms that they understand and contribute to," Lehmann said. "Overall, every cyber strategy succeeds or fails on this point. Every great CISO becomes a greater CISO or not a... based on their ability to deliver on this." Lehmann spoke with theCUBE Research's John Furrier and Savannah Peterson at mWISE 2024, during an exclusive broadcast on theCUBE, SiliconANGLE Media's livestreaming studio. They discussed the need for cybersecurity resilience as businesses adopt AI and cloud technologies, emphasizing proactive security testing, secure procurement and better communication to manage risks in complex supply chains. (* Disclosure below.) It is important to take proactive steps to ensure an appropriate response when it comes to security measures. Real-world testing is of great value, including red teaming and tabletop exercises, which allow organizations to simulate potential breaches and stress-test their defenses, Lehmann explained. "We have this new thing called generative AI, which isn't actually that new. It's been around for a long time and yet we're trying to discover how to secure it properly," he said. "It's almost the same problem that you were trying to solve before it showed up, it was just called application security and supply chain security. It's just got a new fancier flashier name on it." As companies seek to integrate advanced technologies such as AI into their operations, there is a significant focus on securing these systems in practical, scalable ways. Application security and supply chain security are becoming more prominent as organizations recognize their increasing dependence on external services and APIs, according to Lehmann. "The thing we need to do about it is stop doing the things we're currently doing about it, which is arm's length assessments of how these service providers or services are built," he said. "Stop necessarily taking somebody's word for whether it's secure or not. I want all of the services that are being put out that I'm consuming to be secure-by-design. I need to mandate that in my procurement cycles, I need to enforce that when I adapt something, and I need to make sure that's true all the time." Resilience is not just a buzzword, but a measurement challenge in cybersecurity today. The focus is shifting from merely protecting data to ensuring business continuity even in the face of security breaches. Organizations must be prepared to handle disruptions by knowing their systems intimately -- what assets they possess, how these assets interconnect and the external forces that could affect them, according to Lehmann. "We need to not only test to see where our weaknesses are, but we also need to test to make sure that we have confidence in the defenses and that they're working," he said. "There's other types of analysis and assessments, we need to do both." There is also the need for a broader, more democratized approach to finding and training professionals worldwide. With real-time translation and transcriptions making it easier for teams across the globe to collaborate, there's an opportunity to engage a more diverse range of talent and ensure cybersecurity solutions are accessible across regions, Lehmann pointed out. "On one hand, you could say yes, there are not enough people with the right skills necessary to take on some of these challenges. Another could say we have enough people," he said. "We just don't have the right ways to engage them and find them and train them. I think we need to work on both of those things and we need to make cyber accessible to them earlier." Here's the complete video interview, part of SiliconANGLE's and theCUBE Research's coverage of mWISE 2024:

AI in cybersecurity transforms threat detection and boosts defense - SiliconANGLE

From automation to collaboration: AI in cybersecurity accelerates the future of security operations As artificial intelligence continues to mature and cyber threats evolve in both sophistication and scale, AI in cybersecurity is emerging as a game-changing technology that is reshaping how organizations defend their digital environments. Beyond traditional defense mechanisms, AI is driving efficiency by automating complex workflows, reducing human labor and enhancing the speed of threat detection and response. As businesses increasingly rely on distributed computing, AI's ability to scale security operations is becoming critical to ensuring resilient and proactive defense strategies. With the rise of attack vectors and the demand for more robust security postures, AI is fast becoming the cornerstone of modern cybersecurity infrastructure. "To kind of simplify the problem, you have a data problem, you have a knowledge problem and then you have kind of a people action problem to solve in security operations," said Peter Bailey (pictured, left), vice president and general manager of SecOps, Google Cloud Security, at Google LLC. "You kind of need all three of those pieces nailed to build a modern security operation." Bailey was joined by Steph Hay (right), head of UX, Google Cloud Security, at Google, as they spoke with theCUBE Research's John Furrier and Savannah Peterson at mWISE 2024, during an exclusive broadcast on theCUBE, SiliconANGLE Media's livestreaming studio. They discussed how AI in cybersecurity is revolutionizing traditional security operations by automating processes, improving efficiency and enabling faster, more precise threat detection. (* Disclosure below.) AI is augmenting traditional security operations by simplifying processes that have long been manual and labor-intensive. For example, the ability to automate the onboarding of data sources, streamline search queries and even assist in the creation of detection rules is dramatically improving efficiency, according to Bailey. "We can start creating workflows, work streams that begin to automate steps along the way, which is today a very complicated set of work streams," he said. "We will always look to simplify those experiences through the UI. Those are steps in the old day days that maybe took hours in days, maybe in today they can be right at your fingertips and go very, very quickly so you can respond faster." The more collaboration and expertise a team can draw upon, the better equipped they are to defend against cyberattacks. AI enhances this by serving as a force multiplier -- bringing together threat analysts, security operations teams and AI-driven tools into a cohesive defense system, according to Hay. "This is a team sport, and I think that convergence, too, of the different roles, making sure that you're bringing in the expertise of a threat analyst and a tier-two SOC analyst and maybe a cloud security practitioner ... to be able to bring those together into a common experience is going to transform the SOC," she said. In particular, the integration of AI into platforms such as Google's Security Operations suite allows users to tap into expert knowledge in real time. The ability to bring in external expertise -- whether from Google's teams or other industry leaders -- adds an invaluable layer of defense, particularly in complex or novel threat scenarios, according to Bailey. "Using the security operations example, again, take those insights and share those out in your organization, to create more credible bases for taking action for prioritizing something," he said. "I think there is the ability to influence because you have better data, better insights to share across an organization. I think it helps in both of those ways." While AI offers vast potential, the journey is still in its early stages. The ultimate goal is to move from assisted to semi-autonomous security operations. In the future, AI agents could be deployed to proactively hunt for threats, analyze attack patterns and provide recommendations based on real-time data. "It's understandable because there's so much new risk. There are AI-native risks, prompt injection is a real thing. Your company might make a promise to a customer that you can't keep because it deployed AI. All of these things are totally legitimate concerns," Hay said. "There's a lot of hype around what AI is doing ... and it's because we need to deploy it responsibly. We've got a lot of work to do there still." Here's the complete video interview, part of SiliconANGLE's and theCUBE Research's coverage of mWISE 2024:

Gen AI security: Enhancing protection through collaboration and trust - SiliconANGLE

Gen AI security: Enhancing protection through collaboration, trustworthy AI frameworks and data management Based on the integration of artificial intelligence into critical business systems, gen AI security should be top of mind since large language models are vulnerable to various attack vectors. To mitigate these risks, security and data teams should join hands throughout the AI development lifecycle, laying emphasis on continuous monitoring, input/output controls and early security involvement, according to Steph Hay (pictured, right), head of UX, Google Cloud Security, at Google. "Being able to collapse the attack surface and enable teams to work together," Hay stated. "LLMs are uniquely positioned to bring in disparate data that might be, for example, in threat intelligence. We have to add scale, create the kinds of controls on a few different levels to be able to protect the model, the application, the infrastructure and the data. Things against prompt injection, notebook security scanning, being able to monitor all this." Hay and Upen Sachdev (left), principal partner at Deloitte & Touche LLP, spoke with theCUBE Research's John Furrier and Savannah Peterson at mWISE 2024, during an exclusive broadcast on theCUBE, SiliconANGLE Media's livestreaming studio. They discussed the importance of gen AI security since LLMs are prone to various risks, such as sensitive information disclosure, training data poisoning and prompt injection. (* Disclosure below.) The principles around a trustworthy AI framework include fairness, accountability and safety. These principles come in handy in offering gen AI security, and this helps in the mitigation of attacks, according to Sachdev. "When we talk to clients, we look at this from two perspectives," he stated. "One is gen AI attacking us, how do we protect against it? Then secondly, how do we use gen AI securely in a trustworthy manner? That's where we built what we call our trustworthy AI framework. Basically with three core principles. One is you want fairness from your model. Second is you want accountability, you want it to not hallucinate and finally keeping that model secure so we are not giving away our data." User experience is important in gen AI security since key factors, such as precision, speed and confidence should be incorporated. This leads to AI-infused and AI-guided experiences needed by teams to defend better, according to Hay. "A lot of the tools that we would design for the defender, we would want to be easy to use, but also be able to convey the signals of trust that would be required to be able to rely on those," she noted. "There's a huge user experience challenge with AI. In fact, I often say AI is UX, especially the future of the SOC." Given that data is the backbone of gen AI models, data engineering and data science teams should take center stage when working on real-time threats. As a result, this calls for significant collaborations between security and data teams for enhanced productivity, Sachdev pointed out. "We are getting more work around master data management, which is organizing an organization's data," he explained. "Then securing an organization's data, doing role-based access, making sure there is good data sanctity in terms of what gets absorbed into the model. I feel data is the underlying layer behind gen AI and we are seeing organizations more in that foundational stage of doing better with their data." Here's the complete video interview, part of SiliconANGLE's and theCUBE Research's coverage of mWISE 2024: