EC-Council is conducting its 2020 Global CISO Forum virtual event, October 5 – 7. The Global CISO Forum (GCF) is an annual event that sees a confluence of the highest-level executives from across industries and countries who discuss the most pressing issues in information security. Delivering a presentation titled “Securing the Future of Work with Cyber AI,” Marcus Fowler, Director of Strategic Threat, Darktrace, said the future of work is unpredictable and uncertain. He spoke about the rapid adoption of digital collaboration, the dynamic workforce, and the shifting threat landscape – which now extends to remote workers. Highlighting attacks like ransomware, crypto mining, SaaS account attacks, and banking Trojans, Fowler said that even bad actors work after hours and there is no longer a concept of fixed work hours (it’s now fluid work hours). Cybercriminals are now thriving on all the disruption and change around us. So, organizations must rethink their approach to security and rely on new technologies like Cyber AI to achieve much-needed adaptability and resilience.
By Brian Pereira, Principal Editor, CISO MAG
“Digital collaboration has exploded in the last six months. We are using many platforms for collaboration, and these platforms have vulnerabilities,” said Fowler. “The switch to work from home has caused us to lose visibility of users, etc. We ask ourselves if we have enough visibility to feel secure. There are gaps in security outside the corporate network. And there are things happening within the corporate network. (Prior to COVID) things were done to ensure business survival and business acceleration. But has security kept step today?”
He then spoke about the rampant and menacing threats that escalated in the past months, notably ransomware, crypto mining, insider threats, and SaaS account hijacks.
“They are going after sensitive IPs, sensitive communications, and information. And they are doing this to expedite payment, and how much they can ask for. There is lateral movement, crypto mining, and insider threats. We also see external data transfer, and what’s moving out of the corporate network on unofficial or unapproved cloud services or file-sharing services. There’s also SaaS account hijacks, due to an increase in SaaS dependency. Attackers are using brute force,” said Fowler.
Fowler mentioned key changes observed in recent months:
- Digital transformation projects are being accelerated.
- Fluid working environments and hours are here to stay.
- Fragmented, staggered return to offices.
- Employees may bring malware and vulnerabilities with them or inadvertently used unapproved technology.
- Low-lying cyber-criminals thriving on disruption and change.
“Darktrace has gone from a time when we were thinking and talking about digital assets and digital environment to including that dynamic workforce — protecting them no matter where they are or what platform they are on and having that security and visibility and ensuring that that team is informed,” said Fowler. “All the blueprints are constantly changing. So, you need a security technology that is going to adapt and be agile with your changes and decisions in terms of workforce and applications. And it needs to be hybrid and for a mix of industries.”
How AI Adapted
The technology he was referring to is Cyber AI, which proved to be highly agile and adaptable. For some companies, the changes were happening in hours and not even days. So, the technology had to adapt really fast to changing models.
“We did see that AI did a very good job in adapting to extreme changes in work from home. We used an unsupervised learning approach, which does not require an external training data set,” said Fowler.
Watching his presentation, it was interesting to learn how Darktrace’s AI Immune System is doing the “heavy lifting” for security analysts and augmenting humans who are burdened with threat fatigue and false positives. Fowler spoke about the Darktrace AI Immune System using deep learning towards autonomous response, stopping ransomware in seconds.
“Darktrace has gone from a time when we were thinking about digital assets and digital environment to including that dynamic workforce — protecting them no matter where they are or what platform they are on and having that security and visibility and ensuring that that team is informed,” he said.
Cyber AI for the Dynamic Workforce
To secure the dynamic workforce, the AI solution should be able to provide full visibility and autonomously stop – and augment human teams, making up for the skills shortage. One example is Cyber AI for email. It should be able to detect spear-phishing attacks, for instance.
Fowler said the solution should provide these abilities:
- Visibility into endpoints, email, and SaaS environments.
- Contextual understanding across the entire digital organization.
- Detects the full range of threats – from account takeover and malicious insiders, to critical misconfigurations.
- Autonomously investigates and responds to attacks – wherever they are.
Fighting Back: Autonomous Response
Teams of security analysts are now complemented by the AI analyst, who moves past alert fatigue, a trait seen in humans. It can also mitigate false positives. It can prioritize triaged events. It will keep security teams informed so that they can take evasive action.
Some of the benefits of an autonomous solution are:
- Autonomous response, surgical interruption of attacks
- Reacts faster than human teams
- No impact on normal, legitimate activity – business as usual
- Improves functionality of other tools in a SOC
- Frees up human teams to focus on what matters
- Responds to a threat every three seconds
“So, this is really a war of the machines. And you can’t bring a human to a machine fight!” concluded Fowler.
About Global CISO Forum
Global CISO Forum is an annual event that sees a confluence of the highest-level executives from across industries and countries who discuss the most pressing issues in information security. Now in its tenth year, the 2020 Global CISO Forum promises to be the best yet with an exciting mix of industries, formats, and interactive presentations.
In celebration of our 10 years of CISO events, EC-Council is giving its brand-new Risk Management Approach and Practices e-book to all attendees of the Global CISO Forum! Risk is at the heart of what a CISO does and EC-Council wants to create as many risk-smart executives to protect the world’s assets as possible.
EC-Council’s Global CISO Forum is an invite-only, closed-door event gathering.
CISO MAG is Content Editorial Sponsor for the Global CISO Forum.