Categories
AI

Why AI and autonomous response are crucial for cybersecurity (VB On-Demand)

Presented by Darktrace


Today, cybersecurity is in a state of continuous growth and improvement. In this on-demand webinar, learn how two organizations use a continuous AI feedback loop to identify vulnerabilities, harden defenses and improve the outcomes of their cybersecurity programs.

Watch free on-demand here.


The security risk landscape is in tremendous flux, and the traditional on-premises approach to cybersecurity is no longer enough. Remote work has become the norm, and outside the office walls, employees are letting down their personal security defenses. Cyber risks introduced by the supply chain via third parties are still a major vulnerability, so organizations need to think about not only their defenses but those of their suppliers to protect their priority assets and information from infiltration and exploitation.

And that’s not all. The ongoing Russia-Ukraine conflict has provided more opportunities for attackers, and social engineering attacks have ramped up tenfold and become increasingly sophisticated and targeted. Both play into the fears and uncertainties of the general population. Many security industry experts have warned about future threat actors leveraging AI to launch cyber-attacks, using intelligence to optimize routes and hasten their attacks throughout an organization’s digital infrastructure.

“In the modern security climate, organizations must accept that it is highly likely that attackers could breach their perimeter defenses,” says Steve Lorimer, group privacy and information security officer at Hexagon. “Organizations must focus on improving their security posture and preventing business disruption, so-called cyber resilience. You don’t have to win every battle, but you must win the important ones.”

ISOs need to look for cybersecurity options that alleviate some resource challenges, add value to their team, and reduce response time. Self-learning AI trains itself using unlabeled data. Autonomous response is a technology that calculates the best action to take to contain in-progress attacks at machine speed, preventing attacks from spreading throughout the business and interrupting crucial operations. And both are becoming essential for a security program to address these challenges.

Why self-learning AI is essential in the new cybersecurity landscape

Attackers are constantly innovating, transforming old attack patterns into new ones. Self-learning AI can detect when something in an organization’s digital infrastructure changes, identify behaviors or patterns that haven’t been seen previously, and act to quarantine the potential threat before it can escalate into a full-blown crisis, disrupting business. 

“It’s about building layers at the end of the day,” Lorimer adds. “AI will always be a supporting element, not a replacement for human teams and knowledge. AI can empower human teams and decrease the burden. But we can never entirely rely on machines; you need the human element to make gut feeling decisions and emotional reactions to influence more significant business decisions.”

The advantages of autonomous response

Often, cyber attacks start slowly; many take months to move between reconnaissance and penetration, but the most important components of an attack happen very quickly. Autonomous response unlocks the ability to react at machine speed to identify and contain threats in that short window.

The second key advantage of autonomous response is that it enables “always-on” defense. Even with the best intentions in the world, security teams will always be constrained by resources. There aren’t enough people to defend everything all the time. Organizations need a layer that can augment the human team, providing them time to think and respond with crucial human context, like business and strategy acumen. Autonomous response capabilities allow the AI to make decisions instantaneously. These micro-decisions give human teams enough time to make those macro-decisions.

Leveling up: Leveraging attack path modeling

Once an organization has matured its thinking to the point of assumed breach, the next question is understanding how attackers traverse the network, Lorimer says. Now, AI can help businesses better understand their own systems and identify the most high-risk paths an attacker might take to reach their crown jewels or most important information and assets.

This attack simulation allows them to harden defenses around their most vulnerable areas, Lorimer says. And self-learning AI is really all about a paradigm shift: instead of building up defenses based on historical attack data, you need to be able to defend against novel threats.

Attack path modeling (APM) is a revolutionary technology because it allows organizations to map the paths where security teams may not have as much visibility or may not have originally thought of as vulnerable. The network is never static; a large, modern, and innovative enterprise constantly changes. So, APM can run continuously and alert teams of new attack paths created via new integrations with a third party or a new device joining the digital infrastructure.

“This continuous, AI-based approach allows organizations to harden their defenses continually, rather than relying on biannual, or even more infrequent, red teaming exercises,” Lorimer says. “APM enables organizations to remediate vulnerabilities in the network proactively.”

Choosing a cybersecurity solution

When choosing a cybersecurity solution, there are a few things ISOs need to look for, Lorimer says. First, the solution should augment the human teams without creating substantial additional work. The technologies should be able to increase the value that an organization delivers.

ISOs should also look to repair any significant overlaps or gaps in technology in their existing security stacks. Today’s solutions can replace much of the existing stack with better, faster, more optimized, more automated and technology-led approaches. 

Beyond the technology itself, ISOs must seek out a vendor that adds human expertise and contextual analysis on top.

“For example, Darktrace’s Security Operations Center (SOC) and Ask the Expert services allow our team at Hexagon to glean insights from their global fleet, partner community, and entire customer base,” Lorimer says. “Darktrace works with companies across all different industries and geographies, and that context allows us to understand threats and trends that may not have immediately impacted us yet.” 

Hexagon operates in two key industry sectors: manufacturing and software engineering, and so each facet of the business faces different, specific threats from different threat actors. Darktrace’s SOC offers insights from broader industry experts and analysts based on their wealth of knowledge. 

But even with the best tools, you can’t solve every problem. You need to focus on solving the issues that will genuinely affect your ability to deliver to your customers and, thus, your bottom line. You should establish controls that can help manage and reduce that risk.

“It’s all about getting in front of issues before they can escalate and mapping out potential consequences,” Lorimer says. “It all comes down to understanding risk for your organization.”

For more insight into the current threat landscape and to learn more about how AI can transform your cybersecurity program, don’t miss this VB On-Demand event!

Watch free on-demand here.

You’ll learn about:

  • Protecting and securing citizens, nations, facilities, and data with autonomous decision making
  • Applying continuous AI feedback systems to improve outcomes and harden security systems
  • Simulating real-world scenarios to understand attack paths adversaries may leverage against critical assets
  • Fusing the physical and digital worlds to create intelligent security for infrastructure

Presenters:

  • Nicole Eagan,Chief Strategy Officer and AI Officer, Darktrace
  • Norbert Hanke, Executive Vice President, Hexagon
  • Mike Beck,Global CISO, Darktrace
  • Steve Lorimer, Group Privacy & Information Security Officer, Hexagon
  • Chris Preimesberger,Moderator, Contributing Writer, VentureBeat

Repost: Original Source and Author Link

Categories
AI

How AI and ML can thwart a cybersecurity threat no one talks about

Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more


Ransomware attackers rely on USB drives to deliver malware, jumping the air gap that all industrial distribution, manufacturing, and utilities rely on as their first line of defense against cyberattacks. Seventy-nine percent of USB attacks can potentially disrupt the operational technologies (OT) that power industrial processing plants, according to Honeywell’s Industrial Cybersecurity USB Threat Report 2021.

The study finds the incidence of malware-based USB attacks is one of the fastest-growing and most undetectable threat vectors that process-based industries such as public utilities face today, as the Colonial Pipeline and JBS Foods illustrate. Utilities are also being targeted by ransomware attackers, as the thwarted ransomware attacks on water processing plants in Florida and Northern California aimed at contaminating water supplies illustrate. According to Check Point Software Technologies’ ThreatCloud database, U.S. utilities have been attacked 300 times every week with a 50% increase in just two months.

Process manufacturing and utilities’ record year of cybersecurity threats

Ransomware attackers’ have accelerated their process of identifying the weakest targets and quickly capitalizing on them by exfiltrating data, then threatening to release it to the public unless the ransom is paid. Process manufacturing plants and utilities globally run on Industrial Control Systems (ICS) among the most porous and least secure enterprises systems. Because Industrial Control Systems (ICS) are easily compromised, they are a prime target for ransomware.

A third of ICS computers were attacked in the first half of 2021, according to Kaspersky’s ICS CERT Report.  Kaspersky states that the number of ICS vulnerabilities reported in the first half of 2021 surged 41%, with most (71%) classified as high severity or critical. Attacks on the manufacturing industry increased nearly 300% in 2020 over the volume from the previous year, accounting for 22% of all attacks, according to the NTT 2021 Global Threat Intelligence Report (GTIR). The first half of 2021 was the biggest test of industrial cybersecurity in history. Sixty-three percent of all ICS-related vulnerabilities cause processing plants to lose control of operations, and 71% can obfuscate or block the view of operations immediately.

A SANS 2021 Survey: OT/ICS Cybersecurity finds that 59% of organizations’ greatest securing challenge is integrating legacy OT systems and technologies with modern IT systems. The gap is growing as modern IT systems become more cloud and API-based, making it more challenging to integrate with legacy OT technologies.

 

: Six out of 10 process manufacturers and utilities struggle to integrate legacy OT technology with modern IT systems, contributing to a great cybersecurity gap that bad actors, including ransomware attackers, are looking to exploit.

Above: Six out of 10 process manufacturers and utilities struggle to integrate legacy OT technology with modern IT systems, contributing to a great cybersecurity gap that bad actors, including ransomware attackers, are looking to exploit.

 

USBs: The threat vector no one talks about 

The SolarWinds attack showed how Advanced Persistent Threat (APT)-based breaches could modify legitimate executable files and have them propagate across software supply chains undetected. That’s the same goal ransomware attackers are trying to accomplish by using USB drives to deliver modified executable files throughout an ICS and infect the entire plant, so the victim has no choice but to pay the ransom.

USB-based threats rose from 19% of all ICS cyberattacks in 2019 to just over 37% in 2020, the second consecutive year of significant growth, according to Honeywell’s report.

Ransomware attackers prioritize USBs as the primary attack vector and delivery mechanism for processing manufacturing and Utilities targets. Over one in three malware attacks (37%) are purpose-built to be delivered using a USB device.

It’s troubling how advanced ransomware code that’s delivered via USB has become. Executable code is designed to impersonate legitimate executables while also having the capability to provide illegal remote access. Honeywell found that 51% can successfully establish remote access from a production facility to a remote location. Over half of breach attempts (52%) in 2020 were also wormable. Ransomware attackers are using SolarWinds as a model to penetrate deep into ICS systems and capture privileged access credentials, exfiltrate data, and, in some cases, establish command and control.

Honeywell’s data shows that process manufacturers and utilities face a major challenge staying at parity with ransomware attackers, APT, and state-sponsored cybercriminal organizations intent on taking control of an entire plant. The flex point of the balance of power is how USB-based ransomware attackers cross the air gaps in process manufacturing and utility companies. Utilities have relied on them for decades, and it’s a common design attribute in legacy ICS configurations. Infected USB drives used throughout a plant will cross air gaps without plant operators, sometimes knowing infected code is on the drives they’re using. Of the plants and utilities that successfully integrate OT and IT systems on a single platform, USB-delivered ransomware traverses these systems faster and leads to more devices, files, and ancillary systems being infected.

Improving detection efficacy is the goal

One of legacy ICS’ greatest weaknesses when it comes to cybersecurity is that they aren’t designed to be self-learning and weren’t designed to capture threat data. Instead, they’re real-time process and production monitoring systems that provide closed-loop visibility and control for manufacturing and process engineering.

Given their system limitations, it’s not surprising that 46% of known OT cyberthreats are poorly detected or not detected at all. In addition, Honeywell finds that 11% are never detected, and most detection engines and techniques catch just 35% of all attempted breach attempts.

Of the process manufacturers and utilities taking a zero-trust security-based approach to solving their security challenges, the most effective ones share several common characteristics. They’re using AI and machine learning (ML) technologies to create and fine-tune continuously learning anomaly detection rules and analytics of events, so they can identify and respond to incidents and avert attacks. They’re also using ML to identify a true incident from false alarms, creating more precise anomaly detection rules and analytics of events to respond to and mitigate incidents. AI and ML-based techniques are also powering contribution analytics that improves detection efficacy by prioritizing noise reduction over signal amplification. The goal is to reduce noise while improving signal detection through contextual data workflows.

How AI and machine learning mitigate risks

Cybersecurity vendors with deep AI and ML expertise need to step up the pace of innovation and take on the challenge of identifying potential threats, then shutting them down. Improving detection efficacy by interpreting data patterns and insights is key. Honeywell’s study shows just how porous ICS systems are, and how the gap between legacy OT technologies and modern IT systems adds to the risks of a cyberattack. ICS systems are designed for process and production monitoring with closed-loop visibility and control. That’s why a zero trust-based approach that treats every endpoint, threat surface, and identity as the security perimeter needs to accelerate faster than ransomware attackers’ ability to impersonate legitimate files and launch ransomware attacks.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Repost: Original Source and Author Link

Categories
Security

The FBI’s email system was hacked to send out fake cybersecurity warnings

Hackers targeted the Federal Bureau of Investigation’s (FBI) email servers, sending out thousands of phony messages that say its recipients have become the victims of a “sophisticated chain attack,” first reported by Bleeping Computer. The emails were initially uncovered by The Spamhaus Project, a nonprofit organization that investigates email spammers.

The emails claim that Vinny Troia was behind the fake attacks and also falsely state that Troia is associated with the infamous hacking group, The Dark Overlord — the same bad actors who leaked the fifth season of Orange Is the New Black. In reality, Troia is a prominent cybersecurity researcher who runs two dark web security companies, NightLion and Shadowbyte.

As noted by Bleeping Computer, the hackers managed to send out emails to over 100,000 addresses, all of which were scraped from the American Registry for Internet Numbers (ARIN) database. A report by Bloomberg says that hackers used the FBI’s public-facing email system, making the emails seem all the more legitimate. Cybersecurity researcher Kevin Beaumont also attests to the email’s legitimate appearance, stating that the headers are authenticated as coming from FBI servers using the Domain Keys Identified Mail (DKIM) process that’s part of the system Gmail uses to stick brand logos on verified corporate emails.

The FBI responded to the incident in a press release, noting that it’s an “ongoing situation” and that “the impacted hardware was taken offline.” Aside from that, the FBI says it doesn’t have any more information it can share at this time.

According to Bleeping Computer, the spam campaign was likely carried out as an attempt to defame Troia. In a tweet, Troia speculates that an individual who goes by the name “Pompompurin” may have launched the attack. As Bleeping Computer notes, that same person has allegedly tried damaging Troia’s reputation in similar ways in the past.

A report by computer security reporter Brian Krebs also connects Pompompurin to the incident — the individual allegedly messaged him from an FBI email address when the attacks were launched, stating, “Hi its pompompurin. Check headers of this email it’s actually coming from FBI server.” KrebsOnSecurity even got a chance to speak with Pompompurin, who claims that the hack was meant to highlight the security vulnerabilities within the FBI’s email systems.

“I could’ve 1000 percent used this to send more legit looking emails, trick companies into handing over data etc.,” Pompompurin said in a statement to KrebsOnSecurity. The individual also told the outlet that they exploited a security gap on the FBI’s Law Enforcement Enterprise (LEEP) portal and managed to sign up for an account using a one-time password embedded in the page’s HTML. From there, Pompompurin claims they were able to manipulate the sender’s address and email body, executing the massive spam campaign.

With that kind of access, the attack could’ve been much worse than a false alert that put system administrators on high alert. Earlier this month, President Joe Biden mandated a bug fix that calls for civilian federal agencies to patch any known threats. In May, Biden signed an executive order that aims to improve the nation’s cyber defenses in the wake of detrimental attacks on the Colonial Pipeline and SolarWinds.



Repost: Original Source and Author Link

Categories
Security

Biden admin’s bug fix mandate aims to prevent the next major cybersecurity attack

The Biden administration is requiring civilian federal agencies to fix hundreds of cybersecurity flaws, as reported earlier by The Wall Street Journal. As the WSJ states, the BOD 22-01 directive from the Cybersecurity and Infrastructure Security Agency (CISA) covers around 200 known threats that cybersecurity experts discovered between 2017 and 2020, as well as 90 more flaws that were found in 2021. Federal agencies have six months to patch older threats and just two weeks to fix the ones that were discovered within the past year.

The WSJ report points out that federal agencies are usually left to their own devices when it comes to security, sometimes resulting in poor security management. The goal is to force federal agencies to fix all potential threats, whether they’re major or not, and establish a basic list for other private and public organizations to follow. While zero-day vulnerabilities that exploit previously unknown openings get major headlines, addressing “the subset of vulnerabilities that are causing harm now” can get ahead of many incidents.

Previously, a 2015 order gave federal agencies one month to fix threats deemed “critical risk.” This was changed in 2019 to include threats categorized as “high risk,” as pointed out by the WSJ. The new mandate distances itself from prioritizing specific threat levels and instead acknowledges that small holes can quickly cause larger problems if hackers can find a way to take advantage of them.

“The Directive lays out clear requirements for federal civilian agencies to take immediate action to improve their vulnerability management practices and dramatically reduce their exposure to cyber attacks,” says CISA director Jen Easterly. “While this Directive applies to federal civilian agencies, we know that organizations across the country, including critical infrastructure entities, are targeted using these same vulnerabilities. It is therefore critical that every organization adopt this Directive and prioritize mitigation of vulnerabilities listed in CISA’s public catalog.”

CISA’s newly released list of known vulnerabilities notably includes the Microsoft Exchange Server flaw. In March, emails from over 30,000 US governmental and commercial organizations were hacked by a Chinese group, thanks to four known security holes that, had they been patched, would’ve prevented the attacks. CISA’s list requires patching the “Microsoft Exchange Remote Code Execution Vulnerability” and is calling on federal agencies to install available SolarWinds patches by May 2022.

The Solarwinds Orion Platform is also on the list, which was the victim of a major hack in late 2020 that compromised US government agencies. The CISA notes that the “SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands.”

Cybersecurity has been a priority for President Biden since he entered office. In May, he signed an executive order to help prevent future cybersecurity disasters. The order mandates two-factor authentication across the federal government, establishes a protocol for responding to cyberattacks, and forms a Cybersecurity Safety Review Board, among other safety measures.

Repost: Original Source and Author Link

Categories
AI

Google’s future in enterprise hinges on strategic cybersecurity

Gaps in Google’s cybersecurity strategy make banks, financial institutions, and larger enterprises slow to adopt the Google Cloud Platform (GCP), with deals often going to Microsoft Azure and Amazon Web Services instead.

It also doesn’t help that GCP has long had the reputation that it is more aligned with developers and their needs than with enterprise and commercial projects. But Google now has a timely opportunity to open its customer aperture with new security offerings designed to fill many of those gaps.

During last week’s Google Cloud Next virtual conference, Google executives leading the security business units announced an ambitious new series of cybersecurity initiatives precisely for this purpose. The most noteworthy announcements are the formation of the Google Cybersecurity Action Team, new zero-trust solutions for Google Workspace, and extending Work Safer with CrowdStrike and Palo Alto Networks partnerships.

The most valuable new announcements for enterprises are on the BeyondCorp Enterprise platform, however. BeyondCorp Enterprise is Google’s zero-trust platform that allows virtual workforces to access applications in the cloud or on-premises and work from anywhere without a traditional remote-access VPN. Google’s announced Work Safer initiative combines BeyondCorp Enterprise for zero-trust security and their Workspace collaboration platform.

Workspace now has 4.8 billion installations of 5,300 public applications across more than 3 billion users, making it an ideal platform to build and scale cybersecurity partnerships. Workspace also reflects the growing problem chief information security officers (CISOs) and CIOs have with protecting the exponentially increasing number of endpoints that dominate their virtual-first IT infrastructures.

Bringing order to cybersecurity chaos

With the latest series of cybersecurity strategies and product announcements, Google is attempting to sell CISOs on the idea of trusting Google for their complete security and public cloud tech stack. Unfortunately, that doesn’t reflect the reality of how many legacy systems CISOs have lifted and shifted to the cloud for many enterprises.

Missing from the many announcements were new approaches to dealing with just how chaotic, lethal, and uncontrolled breaches and ransomware attacks have become. But Google’s announcement of Work Safer, a program that combines Workspace with Google cybersecurity services and new integrations to CrowdStrike and Palo Alto Networks, is a step in the right direction.

The Google Cybersecurity Action Team claimed in a media advisory it will be “the world’s premier security advisory team with the singular mission of supporting the security and digital transformation of governments, critical infrastructure, enterprises, and small businesses.”  But let’s get real: This is a professional services organization designed to drive high-margin engagement in enterprise accounts. Unfortunately, small and mid-tier enterprises won’t be able to afford engagements with the Cybersecurity Action Team, which means they’ll have to rely on system integrators or their own IT staff.

Why every cloud needs to be a trusted cloud

CISOs and CIOs tell VentureBeat that it’s a cloud-native world now, and that includes closing the security gaps in hybrid cloud configurations. Most enterprise tech stacks grew through mergers, acquisitions, and a decade or more of cybersecurity tech-buying decisions. These are held together with custom integration code written and maintained by outside system integrators in many cases. New digital-first revenue streams are generated from applications running on these tech stacks. This adds to their complexity. In reality, every cloud now needs to be a trusted cloud.

Google’s series of announcements relating to integration and security monitoring and operations are needed, but they are not enough. Historically Google has lagged behind the market when it comes to security monitoring by prioritizing its own data loss prevention (DLP) APIs, given their proven scalability in large enterprises. To Google’s credit, it has created a technology partnership with Cybereason, which will use Google’s cloud security analytics platform Chronicle to improve its extended detection and response (XDR) service and will help security and IT teams identify and prevent attacks using threat hunting and incident response logic.

Google now appears to have the components it previously lacked to offer a much-improved selection of security solutions to its customers. Creating Work Safer by bundling the BeyondCorp Enterprise Platform, Workspace, the suite of Google cybersecurity products, and new integrations with CrowdStrike and Palo Alto Networks will resonate the most with CISOs and CIOs.

Without a doubt, many will want a price break on BeyondCorp maintenance fees at a minimum. While BeyondCorp is generally attractive to large enterprises, it’s not addressing the quickening pace of the arms race between bad actors and enterprises. Google also includes Recapture and Chrome Enterprise for desktop management, both needed by all organizations to scale website protection and browser-level security across all devices.

It’s all about protecting threat surfaces

Enterprises operating in a cloud-native world mostly need to protect threat points. Google announced a new client connector for its BeyondCorp Enterprise platform that can be configured to protect Google-native and also legacy applications — which are very important to older companies. The new connector also supports identity and context-aware access to non-web applications running in both Google Cloud and non-Google Cloud environments. BeyondCorp Enterprise will also have a policy troubleshooter that gives admins greater flexibility to diagnose access failures, triage events, and unblock users.

Throughout Google Cloud Next, cybersecurity executives spoke of embedding security into the DevOps process and creating zero trust supply chains to protect new executable code from being breached. Achieving that ambitious goal for the company’s overall cybersecurity strategy requires zero trust to be embedded in every phase of a build cycle through deployment.

Cloud Build is designed to support builds, tests, and deployments on Google’s serverless CI/CD platform. It’s SLSA Level -1 compliant, with scripted builds and support for available provenance. In addition, Google launched a new build integrity feature as Cloud Build that automatically generates a verifiable build manifest. The manifest includes a signed certificate describing the sources that went into the build, the hashes of artifacts used, and other parameters. In addition, binary authorization is now integrated with Cloud Build to ensure that only trusted images make it to production.

These new announcements will protect software supply chains for large-scale enterprises already running a Google-dominated tech stack. It’s going to be a challenge for mid-tier and smaller organizations to get these systems running on their IT budgets and resources, however.

Bottom line: Cybersecurity strategy needs to work for everybody  

As Google’s cybersecurity strategy goes, so will the sales of the Google Cloud Platform. Convincing enterprise CISOs and CIOs to replace or extend their tech stack and make it Google-centric isn’t the answer. Recognizing how chaotic, diverse, and unpredictable the cybersecurity threatscape is today and building more apps, platforms, and adaptive tools that learn fast and thwart breaches.

Getting integration right is just part of the challenge. The far more challenging aspect is how to close the widening cybersecurity gaps all organizations face — not only large-scale enterprises — without requiring a Google-dominated tech stack to achieve it.

 

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Repost: Original Source and Author Link

Categories
Security

Google and Microsoft promise billions to help bolster US cybersecurity

Tech companies like Apple, Google, and Microsoft promised to help bolster US cybersecurity after a meeting with President Joe Biden at the White House on Wednesday. The pledges vary by company but range from spending billions on cyber infrastructure to offering supply-chain aid and education.

Wednesday’s high-profile meeting with tech CEOs comes on the heels of major cyberattacks against US government agencies and energy infrastructure like the Colonial Pipeline.

“The reality is, most of our critical infrastructure is owned and operated by the private sector, and the federal government can’t meet this challenge alone,” Biden said at Wednesday’s meeting.

Apple announced that it would work with its suppliers to “drive mass adoption of multi-factor authentication” as well as providing new security trainings, incident response, and vulnerability remediation. Amazon plans to offer a multi-factor authentication device to all Amazon Web Services account holders for free and to make all of the company’s employee security awareness training available to the public at no cost.

Google said it would spend more than $10 billion over the next five years to strengthen US cybersecurity and the software supply chain. Google also promised to train more than 100,000 Americans in data analytics and IT support through the company’s Career Certificate program. Microsoft said that it would invest $20 billion in five years, making similar promises as Google.

Wednesday’s meeting was attended by Alphabet CEO Sundar Pichai, Amazon CEO Andy Jassy, Apple CEO TIm Cook, IBM Chair and CEO Arvind Krishna, and Microsoft CEO Satya Nadella, along with representatives from other industries like energy and education.

Repost: Original Source and Author Link

Categories
AI

Why enterprises are massively subcontracting cybersecurity work

NewtonX market research revealed this week that 56% of organizations surveyed subcontract as much as 25% of their cybersecurity work. In the study, more than 100 chief information security officers, CTOs, and other senior decision-makers indicated a trend toward subcontracting one of the most critical roles continually facing enterprise professionals.

“[Chief information security officers] and CIOs/CTOs are finding it extremely difficult to hire and retain qualified cybersecurity staff. As a result, they are forced to look elsewhere for talent,” said Sascha Eder, cofounder and CEO of NewtonX. “A surprisingly large percentage — 56% — of organizations are addressing the hiring crunch by subcontracting at least some portion of their cybersecurity teams, most often to managed service providers.”

Despite the fundamental importance of cybersecurity, 40% of organizations surveyed responded that cybersecurity costs amount to 10% to 15% of total IT budgets. Despite the dangers that data breaches tend to have, the percentages are actually in a consistent range, according to Eder. “The 10-15% range is consistent with a Deloitte study that found financial services institutions spent around 10% of the total IT budget on cybersecurity,” he said.

In addition, as a general rule, Eder suggested that the degree to which budgets have grown to address the rising cybersecurity threat is more important than the size of the budget itself.

Supplementing overstretched IT teams

Standout spending areas include cyber monitoring/operations and endpoint and network security, which accounted for 50% of total cybersecurity budgets. Yet only two-thirds of respondents saw increases in those budgets, ranging from as low as 5% to as high as 50%, while the remaining one-third stayed the same.

Based on the facts and forecasts, this indicates cybersecurity leaders still believe budgets fall woefully short when it comes to the momentous task of controlling and preventing cyberattacks. Because of this, in an attempt to avoid vulnerabilities, understaffed cybersecurity departments look to subcontracting as a means of supplementing their own cybersecurity teams.

As VPN and DDoS attacks are expected to reach 11 million incidents by the end of 2021, along with the other influx of woes facing cybersecurity gatekeepers and insufficient resources — are all factors driving cybersecurity decision-makers to choose managed-service providers over in-house IT teams. CrowdStrike, Palo Alto Networks, and Microsoft were rated the leading managed-service cybersecurity providers in the NewtonX survey.

No budget for ransomware

Another reason security administration professionals may lie awake at night is the lack of budget for ransomware. “One interesting insight for us was how divided people are on laws restricting ransomware payments,” explained Patiwat Panurach, VP of strategic insights and analytics at NewtonX.

The survey showed that 39% of respondents agreed with proposed legislation limiting or banning such payments, while 26% disagreed.

“It’s not surprising, then, that 72% of companies polled don’t even have a ransomware budget, which just goes to show how much uncertainty there is about the impact of any such restrictions,” Panurach said.

Will regulators allow a ransom to be paid if the cost of not paying is a large, possibly politically damaging, disruption to high-profile services?  Either way, firms should be increasingly vigilant as the volume of attacks continues to increase.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Repost: Original Source and Author Link

Categories
AI

Noetic Cyber raises $20M to automate cybersecurity remediation

All the sessions from Transform 2021 are available on-demand now. Watch now.


Noetic Cyber, a startup creating a platform that leverages automation to identify cyber threats, today emerged from stealth with $20 million, including $15 million in series A funding from Energy Impact Partners, TenEleven Ventures, and Glasswing Ventures. Cofounder and CEO Paul Ayers says that the funds will be used to scale up Noetic’s operations and go-to-market capabilities, allowing the team to grow particularly on the sales and marketing side.

The pandemic has forced organizations to evolve their defenses against cyber threats, and a rise in such threats — including in their own companies.  According to Cybint, 95% of cybersecurity breaches are caused by human error. Sixty-eight percent of business leaders feel their cybersecurity risks are increasing, Accenture reports.

Using API aggregation and correlation, Noetic aims to combat cyber threats by drawing insights from security and IT management tools. Graph database technology enables the platform to discover and inventory key entities present in an organization’s environment, including cloud and on-premises systems. Noetic builds a map of the connections between those entities to highlight cyber risk and noncompliant setups. Built-in orchestration and automation drive enrichment and remediation, helping restore compromised assets — ideally to their desired state.

Launched in 2019 and based in Boston and London, Noetic was founded by Ayers, Allen Rogers, and Allen Hadden. The team most recently worked together at security incident response startup Resilient Systems, which was acquired by IBM in 2016.

“Noetic was founded to build a continuous cyber asset management and controls platform to use automation to find security gaps and fix them as well,” Ayers told VentureBeat via email. “The platform is fully extensible, and the beauty of our approach is that it allows us to easily add more applications and use cases on top of our core asset visibility and management model.”

Automation and remediation

As Ayers explained, security leaders face challenges today in identifying all the assets they need to protect, as well as knowing where they are and what information they’re able to access. The reasons include “technology sprawl” — i.e., widespread use of cloud services and software-as-a-service (SaaS) applications — in addition to growth in both managed and unmanaged devices as a result of a remote workforce and internet of things adoption.

In 2020, organizations worldwide were using an average amount of 80 SaaS apps, according to data from Statista. And a recent survey from CyberArk found that 77% of remote employees are using unmanaged, “BYOD” devices to access corporate systems.

“Noetic is designed to help security teams identify common problems that create risk and increase an organization’s attack surface. These can include the use of ‘shadow IT’ — cloud services or SaaS applications outside of the normal business approval process, missing or poorly configured endpoints creating security coverage gaps, and unsecure cloud services … We’ve built an extensible, API-based model … where we can map all the technical and business insights about all their assets into a virtual [graph], which security teams can then query to identify coverage gaps and policy violations that would be invisible to a specific tool.”

At the heart of Noetic is an engine that extracts data from existing cybersecurity tools in an organization. This data represents a real-time view of assets, their current cyber state, and the relationships between them, Ayers explained. Security teams can use it to answer questions like “What are all production machines with high-risk vulnerabilities that don’t have my endpoint detection and response deployed?” Moreover, they can take advantage of prebuilt pipelines to address problems continuously, getting alerts when fixes complete.

“The ‘continuous’ part of the platform is driven by a powerful orchestration and automation engine. The founding team’s experience in the … market gave Noetic the experience and insights to make automation a key pillar of the solution,” Ayers said. “Many of the challenges that are driving the need for a tool like Noetic have been accelerated by the pandemic — including the growth in cloud and SaaS applications, and an increase in unmanaged devices and remote workers who need access to business-critical systems.”

Noetic plans to take on Axonius, JupiterOne, Sevco, and others in a security orchestration automation and response market that’s anticipated to be worth $1.791 billion by 2024, according to Markets and Markets. Ayers says that in the future, Noetic’s 20-person team will investigate areas including helping risk and security teams better understand potential risk or patterns of behavior by providing better data analysis and business contexts.

“We will continue to add more connectors to support customer use cases and will be bringing a comprehensive controls package to market later in 2021, as well as a community edition in 2022,” Ayers said.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Repost: Original Source and Author Link

Categories
AI

Microsoft acquires cybersecurity firm RiskIQ for $500M

Join executive leaders at the Data, Analytics, & Intelligent Automation Summit, presented by Accenture. Watch now!


Microsoft has reached a deal to acquire RiskIQ, a San Francisco-based provider of cybersecurity services, including malware and spyware monitoring and mobile app security.

“Today, Microsoft is announcing that we have entered into a definitive agreement to acquire RiskIQ, a leader in global threat intelligence and attack surface management, to help our shared customers build a more comprehensive view of the global threats to their businesses, better understand vulnerable internet-facing assets, and build world-class threat intelligence,” Microsoft VP for cloud security Eric Doerr said in a blog post announcing the deal on Monday.

RiskIQ’s services and solutions will join Microsoft’s suite of cloud-native security products, including Microsoft 365 Defender, Microsoft Azure Defender, and Microsoft Azure Sentinel, Doerr said. RiskIQ’s services include global threat intelligence crowdsourced through the company’s PassiveTotal community of security researchers. RiskIQ uses machine learning applications to analyze threats and “gain context into the source of attacks, tools and systems, and indicators of compromise to detect and neutralize attacks quickly,” Doerr said.

Microsoft did not reveal terms of the deal, but Bloomberg reported that the company will pay “more than $500 million in cash” for RiskIQ, according to unnamed sources.

Better protection in the cloud

Doerr said the acquisition would help Microsoft provide better protection to organizations running applications and infrastructure across multiple clouds and hybrid cloud environments. He said RiskIQ “helps customers discover and assess the security of their entire enterprise attack surface — in Microsoft cloud, AWS, other clouds, on-premises, and from their supply chain.”

RiskIQ was founded in 2009 and is a member of the Cloud Security Alliance (CSA). The company lists CrowdStrike, ElastiFlow, Splunk, ServiceNow, and Palo Alto Networks among its partners and has a solution provider partner channel that includes a managed security service provider (MSSP) program.

Microsoft will “continue to support, nurture, and grow” RiskIQ’s partner channel and customer base after the deal closes, Doerr said.

RiskIQ cofounder and CEO Elias Manousos said in a statement that he was “thrilled to add RiskIQ’s Attack Surface and Threat Intelligence solutions to the Microsoft Security portfolio, extending and accelerating our impact.”

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Repost: Original Source and Author Link

Categories
AI

How cybersecurity is getting AI wrong

Join AI & data leaders at Transform 2021 on July 12th for the AI/ML Automation Technology Summit. Register today.


The cybersecurity industry is rapidly embracing the notion of “zero trust”, where architectures, policies, and processes are guided by the principle that no one and nothing should be trusted.

However, in the same breath, the cybersecurity industry is incorporating a growing number of AI-driven security solutions that rely on some type of trusted “ground truth” as reference point.

How can these two seemingly diametrically opposing philosophies coexist?

This is not a hypothetical discussion. Organizations are introducing AI models into their security practices that impact almost every aspect of their business, and one of the most urgent questions remains whether regulators, compliance officers, security professionals, and employees will be able to trust these security models at all.

Because AI models are sophisticated, obscure, automated, and oftentimes evolving, it is difficult to establish trust in an AI-dominant environment. Yet without trust and accountability, some of these models might be considered risk-prohibitive and so could eventually be under-utilized, marginalized, or banned altogether.

One of the main stumbling blocks associated with AI trustworthiness revolves around data, and more specifically, ensuring data quality and integrity. Afterall, AI models are only as good as the data they consume.

And yet, these obstacles haven’t discouraged cyber security vendors, which have shown unwavering zeal to base their solutions on AI models. By doing so, vendors are taking a leap of faith, assuming that the datasets (whether public or proprietary) their models are ingesting adequately represent the real-life scenarios that these models will encounter in the future.

The data used to power AI-based cybersecurity systems faces a number of further problems:

Data poisoning: Bad actors can ”poison” training data by manipulating the datasets (and even the pre-trained models) that the AI models are relying upon. This could allow them to circumvent cyber security controls while the organization at risk remains oblivious to the fact that the ground truth it relies on to secure its infrastructure has been compromised. Such manipulations could lead to subtle deviations, such as security controls labeling malicious activity as benign, or generate a more profound impact by disrupting or disabling the security controls.

Data dynamism: AI models are built to address “noise,” but in cyberspace, malicious errors are not random. Security professionals are faced with dynamic and sophisticated adversaries that learn and adapt over time. Accumulating more security-related data might well improve AI-powered security models, but at the same time, it could lead adversaries to change their modus operandi, diminishing the efficacy of existing data and AI models. Data, in this case, is actively shaping the observed reality rather than statically representing it as a snapshot.

For example, while additional data points might render a traditional malware detection mechanism more capable of identifying common threats, it might, theoretically, degrade the AI model’s ability to identify novel malware that considerably diverges from known malicious patterns. This is analogous to how mutated viral variants evade an immune system that was trained to identify the original viral strain.

Unknown unknowns: Unknown unknowns are so prevalent in cyberspace that many service providers preach to their customers to build their security strategy on the assumption that they’ve already been breached. The challenge for AI models emanates from the fact that these unknown unknowns, or blind spots, are seamlessly incorporated into the models’ training datasets and therefore attain a stamp of approval and might not raise any alarms from AI-based security controls.

For example, some security vendors combine a slate of user attributes to create a personalized baseline of a user’s behavior and determine the expected permissible deviations from this baseline. The premise is that these vendors can identify an existing norm that should serve as reference point for their security models. However, this assumption might not hold water. For example, an undiscovered malware may already reside in the customer’s system, existing security controls may suffer from coverage gaps, or unsuspecting users may already be suffering from an ongoing account takeover.

Errors: It would not be brazen to assume that even staple security-related training datasets are probably laced with inaccuracies and misrepresentations. Afterall, some of the benchmark datasets for many leading AI algorithms and exploratory data science research have proven to be rife with serious labeling flaws.

Additionally, enterprise datasets can become obsolete, misleading, and erroneous over time unless the relevant data, and details of its lineage, are kept up-to-date and tied to relevant context.

Privacy-preserving omission: In an effort to render sensitive datasets accessible to security professionals within and across organizations, privacy-preserving and privacy-enhancing technologies, from deidentification to the creation of synthetic data, are gaining more traction. The whole rationale behind these technologies is to omit, alter, or mask sensitive information, such as personally identifiable information (PII). But as a result, the inherent qualities and statistically significant attributes of the datasets might be lost along the way. Moreover, what might seem as negligible “noise” could prove to be significant for some security models, impacting outputs in an unpredictable way.

The road ahead

All of these challenges are detrimental to the ongoing effort to fortify islands of trust in AI-dominated cybersecurity industry. This is especially true in the current environment where we lack widely-accepted AI explainability, accountability, and robustness standards and frameworks.

While efforts have begun to root out biases from datasets, enable privacy-preserving AI training, and reduce the amount of data required for AI training, it will prove much harder to fully and continuously inoculate security-related datasets against inaccuracies, unknown unknowns, and manipulations, which are intrinsic to the nature of cyberspace. Maintaining AI hygiene and data quality in ever-morphing, data-hungry digital enterprises might prove equally difficult.

Thus, it is up to the data science and cybersecurity communities to design, incorporate, and advocate for robust risk assessments and stress tests, enhanced visibility and validation, hard-coded guardrails, and offsetting mechanisms that can ensure trust and stability in our digital ecosystem in the age of AI.

Eyal Balicer is Senior Vice President for Global Cyber Partnership and Product Innovation at Citi.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Repost: Original Source and Author Link