Curated by THEOUTPOST
On Fri, 21 Feb, 12:04 AM UTC
2 Sources
[1]
Identity is the breaking point -- get it right or zero trust fails
This article is part of VentureBeat's special issue, "The cyber resilience playbook: Navigating the new era of threats." Read more from this special issue here. Deepfakes, or AI-driven deception and weaponized large language models (LLMs) aren't just cyber threats; they're the new weapons of mass exploitation. Adversaries aren't just hacking systems anymore; they're hacking people and their identities. Impersonating executives, bypassing security with stolen credentials and manipulating trust at scale are all redefining the new threatscape. It's an all-out cyberwar with identities hanging in the balance. AI and generative AI are giving adversaries an edge in how quickly they can fine-tune and improve their tradecraft. The result: Massive breaches and ransomware demands that are setting new records and fueling double extortion demands. CrowdStrike's 2024 Global Threat Report highlights this concern, revealing that 60% of intrusions now involve valid credentials, revealing the growing threat of identity-based attacks. Jeetu Patel, Cisco's EVP and CPO, describes the fundamental problem enterprises face: "The attacks are getting very coordinated, but the defenses are very isolated. That dissonance is not a healthy distance to have." Shlomo Kramer, cofounder and CEO of Cato Networks, echoed that view: "The era of cobbled-together security solutions is over." Cato's rapid growth underscores how businesses are moving to unified, cloud-based security to eliminate these gaps. Adversaries ranging from rogue attackers to nation-state cyberwar units are prioritizing the exfiltration of identities at scale and profiting from them for financial and political gain (sometimes both). It's on security leaders and their teams to shift their security postures to adapt and stop identity-driven attacks, beginning with continuous authentication, least privilege access and real-time threat detection. VentureBeat research has revealed that organizations are doubling down on zero-trust frameworks and its core concepts to thwart identity-driven attacks. The high cost of identities are under siege Deloitte's Center for Financial Services predicts that gen AI could drive fraud losses in the U.S. to $40 billion by 2027, up from $12.3 billion in 2023. This projection underscores the escalating threat posed by deepfake technology and other AI-driven fraud mechanisms. In 2024, deepfake fraud attempts occurred at a rate of one every 5 minutes, contributing to a 244% surge in digital document forgeries. In addition, 49% of businesses globally reported incidents of deepfake fraud in 2024. Gartner warns of growing blind spots: "Scope expansion and increasingly distributed IT environments are leading to identity access management (IAM) coverage gaps." Deepfakes typify the cutting edge of adversarial AI attacks, seeing a 3,000% increase last year alone. A recent survey by Deloitte found that 25.9% of organizations experienced one or more deepfake incidents targeting financial and accounting data in the 12 months prior. Enterprise leaders don't fear brute force attacks as much as identity breaches no one sees coming. The most lethal thing about an identity-based attack is the element of surprise. Adversaries often lurk on networks for months, installing ransomware and exfiltrating thousands of identities before launching double extortion attacks and holding identities hostage. Zero trust or zero chance: Why IAM must evolve now to counter cyber threats The traditional perimeter-based security model is a liability. In today's world of mechanized and machine-speed attacks orchestrated with weaponized AI, any organization relying purely on perimeter-based systems is at an immediate disadvantage. With relentless cyberattacks aimed at breaking endpoints and seizing control of identities first -- then entire networks -- trust is a vulnerability no one can afford. Assuming trust between endpoints or across networks leaves too many gaps that adversaries are identifying with improved reconnaissance tradecraft. The only viable defense against identity attacks is zero trust, a framework built on continuous verification, least privilege access and the assumption that a breach has already happened. For a blueprint, refer to the National Institute of Standards and Technology's (NIST) zero trust architecture. It is one of the most-used documents by organizations planning and implementing zero trust frameworks, deployment models and use cases to harden enterprise security. Zero trust delivers an entirely new perspective and approach to securing organizations. Enterprises are encouraged to operate from the mindset of how they'd react if they'd already been breached. Segmenting endpoints and systems, ensuring least privilege access on every identity and their many credentials and constantly monitoring every request for services or access and tracking those to identify anomalous activity is key. Simply assuming trust across a network -- or worse, on endpoints -- is an open invitation to a breach that can go unnoticed for months or years. By enforcing least privilege, an identity can only use a resource (whether data source, application or network) for a specific period. As Patel explained: "Security is a data game. If you just aggregate telemetry, you don't get the resolution of security you need." Every IAM vendor today has AI-driven anomaly detection that automates the identification of credential misuse and privilege escalation before an attacker moves laterally. Many are also pursuing machine identity management, as they now outnumber human identities by a factor of 45 times -- the typical enterprise reports having 250,000 machine identities. Patel observed: "You cannot deal with these attacks at human scale anymore. You have to deal with them at machine scale." That focus is reflected in vendors' product roadmaps. In 2024 alone, Cato Networks expanded its secure access service edge (SASE) cloud platform with extended detection and response (XDR), endpoint protection platform (EPP), digital experience monitoring (DEM) and IoT/OT security to address the proliferation of non-human identities across global operations. The IAM market: The shift from fragmented tools to unified platforms Gartner highlights a shifting strategy: "IAM is evolving as enterprises recognize that point solutions are failing. Security leaders are now looking toward integrated security platforms that provide identity-first defenses across hybrid and multicloud environments." To support this point, Cato Networks reported 46% ARR growth in 2024 to surpass $250 million. The company credits this surge to enterprises seeking a single cloud-based platform rather than stitching together multiple-point solutions. More than 3,000 businesses are adopting Cato SASE, signaling a clear shift to integrated, cloud-based security. This kind of broad adoption illustrates that zero-trust-enabled solutions have quickly become a mainstream defense strategy. Gartner's Market Guide for Identity Governance and Administration (IGA) highlights key vendors leading this transition: Patel told VentureBeat that he predicts massive consolidation in the market. "There won't be 3,500 security vendors in the future. There will be a handful of platforms that truly integrate security across domains." For CISOs, this means selecting adaptive platforms that unify IAM, ITDR and zero-trust principles, rather than managing disconnected tools that create silos. The vendors that dominate will be those that seamlessly integrate identity security, threat detection and AI-powered automation into a single system of intelligence. Cyber-resilience begins with identity -- act now or fall behind There's a cyberwar waging, and identities hang in the balance. Adversaries ranging from nation-state cyber war units to ransomware gangs delivering AI-powered automated attacks are setting a swift pace. Hackers are moving at machine speed, exploiting identity gaps and weaponizing trust to infiltrate organizations before security teams can react. The data is clear: 60% of breaches now involve valid credentials; deepfake fraud attempts occur every five minutes; and identity-based attacks lurk unseen for months before detonating into double-extortion ransom demands. Meanwhile, traditional security models reliant on perimeter defenses and isolated IAM tools are failing -- leaving enterprises exposed to sophisticated, AI-driven threats.
[2]
AI vs. endpoint attacks: What security leaders must know to stay ahead
This article is part of VentureBeat's special issue, "The cyber resilience playbook: Navigating the new era of threats." Read more from this special issue here. Enterprises run the very real risk of losing the AI arms race to adversaries who weaponize large language models (LLMs) and create fraudulent bots to automate attacks. Trading on the trust of legitimate tools, adversaries are using generative AI to create malware that doesn't create a unique signature but instead relies on fileless execution, making the attacks often undetectable. Gen AI is extensively being used to create large-scale automated phishing campaigns and automate social engineering, with attackers looking to exploit human vulnerabilities at scale. Gartner points out in its latest Magic Quadrant for Endpoint Protection Platforms that "leaders in the endpoint protection market are prioritizing integrated security solutions that unify endpoint detection and response (EDR), extended detection and response (XDR) and identity protection into a single platform. This shift enables security teams to reduce complexity while improving threat visibility." The result? A more complex threat landscape moving at machine speed while enterprise defenders rely on outdated tools and technologies designed for a different era. The scale of these attacks is staggering. Zscaler's ThreatLabz indicated a nearly 60% year-over-year increase in global phishing attacks, and attributes this rise in part to the proliferation of gen AI-driven schemes. Likewise, Ivanti's 2024 State of Cybersecurity Report found that 74% of businesses are already seeing the impact of AI-powered threats. And, nine in 10 executives said they believe that AI-powered threats are just getting started. "If you've got adversaries breaking out in two minutes, and it takes you a day to ingest data and another day to run a search, how can you possibly hope to keep up?" Elia Zaitsev, CTO of CrowdStrike noted in a recent interview with VentureBeat. The new cyber arms race: Adversarial AI vs. defensive AI on the endpoint Adversaries, especially cybercrime syndicates and nation-state actors, are refining their tradecraft with AI, adding to their arsenals faster than any enterprise can keep up. Gen AI has democratized how adversaries, from rogue attackers to large-scale cyberwar operations, can create new weapons. "Even if you're not an expert, gen AI can create scripts or phishing emails on your behalf," George Kurtz, CrowdStrike CEO and founder at the recent World Economic Forum, said in an interview with CNBC. "It's never been easier for adversaries. But the good news is, if we properly harness AI on the defensive side, we have a massive opportunity to stay ahead." As Gartner advises: "AI-enhanced security tools should be viewed as force multipliers rather than standalone replacements for traditional security measures. Organizations must ensure that AI-driven solutions integrate effectively with human decision-making to mitigate risks." Etay Maor, chief security strategist at Cato Networks, told VentureBeat that "adversaries are not just using AI to automate attacks -- they're using it to blend into normal network traffic, making them harder to detect. The real challenge is that AI-powered attacks are not a single event; they're a continuous process of reconnaissance, evasion and adaptation." Cato outlined in its 2024 business highlights how it expanded its secure access service edge (SASE) cloud platform five times in the last year, introducing Cato XDR, Cato endpoint protection platform (EPP), Cato managed SASE, Cato digital experience monitoring (DEM) and Cato IoT/OT Security, all of which aim to streamline and unify security capabilities under one platform. "We're not just taking share," said Shlomo Kramer, Cato co-founder and CEO. "We're redefining how organizations connect and secure their operations, as AI and cloud transform the security landscape." Unifying endpoints and identities is the future of zero trust. Adversaries are quick to capitalize on unchecked agent sprawl, which is made more unreliable due to a surge in dozens of identities' data being integral to an endpoint. Using AI to automate reconnaissance at scale, adversaries have an upper hand. All these factors, taken together, set the stage for a new era of AI-powered endpoint security. AI-powered endpoint security ushers in a new era of unified defense Legacy approaches to endpoint security -- interdomain trust relationships, assumed trust, perimeter-based security designs, to name a few -- are no longer enough. If any network's security is based on assumed or implied trust, it is as good as breached already. Likewise, relying on static defenses, including antivirus software, perimeter firewalls or, worse, endpoints with dozens of agents loaded on them, leaves an organization just as vulnerable as if they had no cyber defense strategy at all. Gartner observes that: "Identity theft, phishing and data exfiltration are workspace security risks that require further attention. To address these issues, organizations need a holistic workspace security strategy that places the worker at the center of protection and integrates security across device, email, identity, data and application access controls." Daren Goeson, SVP of unified endpoint management at Ivanti, underscored the growing challenge. "Laptops, desktops, smartphones and IoT devices are essential to modern business, but their expanding numbers create more opportunities for attackers," he said. "An unpatched vulnerability or outdated software can open the door to serious security risks. But as their numbers grow, so do the opportunities for attackers to exploit them." To mitigate risks, Goeson emphasizes the importance of centralized security and AI-powered endpoint management. "AI-powered security tools can analyze vast amounts of data, detecting anomalies and predicting threats faster and more accurately than human analysts," he said. Vineet Arora, CTO at WinWire, agreed: "AI tools excel at rapidly analyzing massive data across logs, endpoints and network traffic, spotting subtle patterns early. They refine their understanding over time -- automatically quarantining suspicious activities before significant damage can spread." Gartner's recognition of Cato Networks as a Leader in the 2024 Magic Quadrant for Single-Vendor SASE further underscores this industry shift. By delivering networking and security capabilities through a single cloud-based platform, Cato enables organizations to address endpoint threats, identity protection and network security in a unified manner -- which is critical in an era when adversaries exploit any gap in visibility. Integrating AI, UEM and zero-trust Experts agree that AI-powered automation enhances threat detection, reducing response times and minimizing security gaps. By integrating AI with unified endpoint management (UEM), businesses gain real-time visibility across devices, users and networks -- proactively identifying security gaps before they can be exploited." By proactively preventing problems, "the strain on IT support is also minimized and employee downtime is drastically reduced," said Ivanti's field CISO Mike Riemer. Arora added that, while AI can automate routine tasks and highlight anomalies, "human analysts are critical for complex decisions that require business context -- AI should be a force multiplier, not a standalone replacement." To counter these threats, more organizations are relying on AI to strengthen their zero-trust security frameworks. Zero trust comprises systems that continuously verify every access request while AI actively detects, investigates and, if necessary, neutralizes each threat in real time. Advanced security platforms integrate EDR, XDR and identity protection into a single, intelligent defense system. "When combined with AI, UEM solutions become even more powerful," said Goeson. "AI-powered endpoint security tools analyze vast datasets to detect anomalies and predict threats faster and more accurately than human analysts. With full visibility across devices, users and networks, these tools proactively identify and close security gaps before they can be exploited." AI-powered platforms and the growing demand for XDR solutions Nearly all cybersecurity vendors are fast-tracking AI and gen AI-related projects in their DevOps cycles and across their roadmaps. The goal is to enhance threat detection incident response, reduce false positives and create platforms capable of scaling out with full XDR functionality. Vendors in this area include BlackBerry, Bitdefender, Cato Networks, Cisco, CrowdStrike, Deep Instinct, ESET, Fortinet, Ivanti, SentinelOne, Sophos, Trend Micro and Zscaler. Cisco is also pushing a platform-first approach, embedding AI into its security ecosystem. "Security is a data game," Jeetu Patel, EVP at Cisco, told VentureBeat. "If there's a platform that only does email, that's interesting. But if there's a platform that does email and correlates that to the endpoint, to the network packets and the web, that's far more valuable." Nearly every organization interviewed by VentureBeat values XDR for unifying security telemetry across endpoints, networks, identities and clouds. XDR enhances threat detection by correlating signals, boosting efficiency and reducing alert fatigue. Riemer highlighted AI's defensive shift: "For years, attackers have been utilizing AI to their advantage. However, 2025 will mark a turning point as defenders begin to harness the full potential of AI for cybersecurity purposes." Riemer noted that AI-driven endpoint security is shifting from reactive to proactive. "AI is already transforming how security teams detect early warning signs of attacks. AI-powered security tools can recognize patterns of device underperformance and automate diagnostics before an issue impacts the business -- all with minimal employee downtime and no IT support required." Arora emphasized: "It's also crucial for CISOs to assess data handling, privacy and the transparency of AI decision-making before adopting such tools -- ensuring they fit both the organization's compliance requirements and its security strategy." Cato's 2024 rollouts exemplify how advanced SASE platforms integrate threat detection, user access controls, and IoT/OT protection in one service. This consolidation reduces complexity for security teams and supports a true zero-trust approach, ensuring continuous verification across devices and networks. Conclusion: Embracing AI-driven security for a new era of threats Adversaries are moving at machine speed, weaponizing gen AI to create sophisticated malware, launch targeted phishing campaigns and circumvent traditional defenses. The takeaway is clear: Legacy endpoint security and patchwork solutions are not enough to protect against threats designed to outmaneuver static defenses. Enterprises must embrace an AI-first strategy that unifies endpoint, identity and network security within a zero-trust framework. AI-powered platforms -- built with real-time telemetry, XDR capabilities and predictive intelligence -- are the key to detecting and mitigating evolving threats before they lead to a full-on breach. As Kramer put it, "The era of cobbled-together security solutions is over." Organizations choosing a SASE platform are positioning themselves to proactively combat AI-driven threats. Cato, among other leading providers, underscores that a unified, cloud-native approach -- marrying AI with zero-trust principles -- will be pivotal in safeguarding enterprises from the next wave of cyber onslaughts.
Share
Share
Copy Link
As AI-driven cyber threats evolve, organizations are turning to advanced technologies and zero-trust frameworks to protect identities and secure endpoints. This shift marks a new era in cybersecurity, where AI is both a threat and a critical defense mechanism.
In the rapidly evolving landscape of cybersecurity, artificial intelligence (AI) has emerged as both a formidable threat and a crucial defense mechanism. Cybercriminals are increasingly leveraging AI and generative AI to create sophisticated attacks, targeting identities and endpoints with unprecedented precision and scale 1.
CrowdStrike's 2024 Global Threat Report reveals that 60% of intrusions now involve valid credentials, highlighting the growing menace of identity-based attacks 1. This shift in attack methodology has prompted security experts to reevaluate traditional defense strategies and embrace more advanced, AI-driven solutions.
The financial impact of AI-driven cyber attacks is alarming. Deloitte's Center for Financial Services predicts that generative AI could drive fraud losses in the U.S. to $40 billion by 2027, up from $12.5 billion in 2023 1. The proliferation of deepfake technology has led to a 244% surge in digital document forgeries, with deepfake fraud attempts occurring at a rate of one every 5 minutes in 2024 1.
As traditional perimeter-based security models become obsolete, organizations are turning to zero-trust frameworks as the most viable defense against identity attacks. This approach, built on continuous verification and least privilege access, assumes that a breach has already occurred and operates accordingly 1.
Jeetu Patel, Cisco's EVP and CPO, emphasizes the need for a data-driven approach to security: "Security is a data game. If you just aggregate telemetry, you don't get the resolution of security you need" 1.
The cybersecurity landscape is witnessing a shift towards integrated security solutions that unify endpoint detection and response (EDR), extended detection and response (XDR), and identity protection into a single platform 2. This approach aims to reduce complexity while improving threat visibility.
Etay Maor, chief security strategist at Cato Networks, highlights the evolving nature of AI-powered attacks: "Adversaries are not just using AI to automate attacks -- they're using it to blend into normal network traffic, making them harder to detect" 2.
While AI poses significant threats, it also offers powerful defensive capabilities. George Kurtz, CrowdStrike CEO and founder, sees AI as a crucial tool for staying ahead of adversaries: "If we properly harness AI on the defensive side, we have a massive opportunity to stay ahead" 2.
Gartner advises that "AI-enhanced security tools should be viewed as force multipliers rather than standalone replacements for traditional security measures" 2. This underscores the importance of integrating AI-driven solutions with human decision-making to effectively mitigate risks.
As the threat landscape continues to evolve, the future of cybersecurity lies in unifying endpoints and identities within a zero-trust framework. This approach addresses the challenges posed by unchecked agent sprawl and the increasing complexity of endpoint identities 2.
Daren Goeson, SVP of unified endpoint management at Ivanti, emphasizes the growing importance of centralized security and AI-powered endpoint management in mitigating risks associated with the expanding number of devices in modern businesses 2.
In this new era of AI-powered cybersecurity, organizations must adapt quickly, leveraging advanced technologies and frameworks to stay ahead of increasingly sophisticated threats. The integration of AI into both offensive and defensive strategies marks a significant turning point in the ongoing battle for digital security.
Reference
As AI enhances cyber threats, organizations must adopt AI-driven security measures to stay ahead. Experts recommend implementing zero-trust architecture, leveraging AI for defense, and addressing human factors to combat sophisticated AI-powered attacks.
4 Sources
4 Sources
Experts discuss the potential of AI in bolstering cybersecurity defenses. While AI shows promise in detecting threats, concerns about its dual-use nature and the need for human oversight persist.
2 Sources
2 Sources
Cisco launches AI Defense to address the widening gap between adversarial AI and defensive AI, offering real-time monitoring, model validation, and policy enforcement at scale.
2 Sources
2 Sources
Shadow AI, the unauthorized use of AI tools by employees, is rapidly spreading in organizations, posing significant security and compliance risks. This trend highlights the urgent need for companies to implement proper AI governance and policies.
2 Sources
2 Sources
AI is transforming network security, as highlighted at Black Hat USA 2024. Experts discuss the potential of AI in threat detection and response, while also addressing concerns about AI-powered attacks.
2 Sources
2 Sources
The Outpost is a comprehensive collection of curated artificial intelligence software tools that cater to the needs of small business owners, bloggers, artists, musicians, entrepreneurs, marketers, writers, and researchers.
© 2025 TheOutpost.AI All rights reserved