Rob van, chief solution official in Cyberfort, explains how artificial intelligence mainly changes the scene of the threat to cloud environments.
How is artificial intelligence mainly changed to the threat scene of cloud environments?
This is an interesting question, of course, artificial intelligence is a useful tool for both good and bad actors. Currently, suppose we are focusing on bad.
The targeted threats have always been more successful (and more expensive) than mass attacks. Artificial intelligence contributes to combining a scale and the cost of a collective attack with more compatible success with the targeted approach. Specifically in the cloud world, there are multiple techniques where Amnesty International can add value and complexity, and eventually a more successful result of the attack.
These include simple technologies (such as the artificial intelligence used to fill the brute force attacks, or the Toulidi AI used to support the targeted arrival requests) through adaptive programs, with Amnesty International request rewriting code to overcome any or other discoveries, the more direct use of the speed in speed (there may be more than speed (there may be more than speed (as if that may be something It increases the speed.
Artificial intelligence can also be used to support more targeted methods, their speed and ability to process data pressure attacks, and their results, for example, side -making automation, continuing to escalate technologies, or enable the attackers to identify and acquire high -value data in large cloud storage environments, or edit registry files/modify other data to hide them for fluctuations.
To what extent do you think that traditional cloud security methods have become old in the face of acting attacks?
The previous answer is going well to support this, cybersecurity has always been biased for the striker, as the attacker only needs to succeed once, and the defender needs success every time.
A large part of the traditional cloud security methods is not aligned with a scale and speed of implementation and the complexity of paid or subsidized attacks. Many of the benefits that people gain from cloud environments may be supported by “good enough” security measures, with timely security after publishing – and high dependence on human factors remains.
Traditional methods often depend greatly on fixed defenses, such as protecting the ocean -based edge, fixed bases groups, and pre -specified access control items. These methods are designed to protect from well -known attack tankers and take a relatively predictive threat scene. In addition to interactive specialized resources that need the time frame for human interaction to respond to threats, our Amnesty International's eyes began to “light” the possibilities of causing chaos.
The attacks, which lasted, are now carried out days of the structure and careful planning in seconds. Although the old defenses “can” theory address this – if everything is corrected and configured properly all the time, all resources are perfectly behaved all the time, and nothing relied on a third party or the supply chain at all, there may be an opportunity, for example. The real world of security is completely different from this Nirvana.
To update an old advice, “You should not be the fastest to stay away from the bear, you just have to be slower” in the world of Amnesty International striker, and perhaps there are 1000 fastest, stronger and more aggressive for the size of cockroaches chasing each customer at the same time. Maybe you will not see them even before it comes down.
What are the practical strategies that companies need to adopt to stay at the forefront of the emerging threats in the cloud?
Just like the wicked, you can increase your defense using the strength of artificial intelligence as well.
But let's start by carrying out the basics well, and transferring what you can to automation (for example using the infrastructure as a symbol, pipelines with an automatic test to remove the errors of human formation or complications, automation to implement, verify the validity and classification of backup copies, and a continuous test of the exploitation of basic systems). Then let's move on to focus on the surrounding factors (such as identity) that are often required to violate your systems and become more aggressive in containing and isolating suspected contracts. Working on the principle of “assumed breach” separate, monitoring and monitoring of basic systems, and removing the suspected arrival to enable time to investigate and then restore it if it is benign. Plans and thought about how important systems are maintaining during these periods, so your services continue even if the arrival of the main person or systems is temporarily canceled.
With all this talk of artificial intelligence, it is important not to completely ignore the human factor here. The main focus should be to create comprehensive and continuous educational programs to equip your security teams with the knowledge and experience needed to understand the threats working on and combat artificial intelligence. By enhancing the culture of continuing education, organizations can ensure their teams remain at the forefront of the sophisticated scene of the threat and are ready to counter advanced attacks that use automated learning techniques.
Then let's start adding some of these defenses at the level of artificial intelligence
First, use artificial intelligence to build proactive defenses, and to build AI Toolidy (please do not use public systems, you will train them on how your attacker) or find a clear safe partner who can train and align special artificial intelligence to support you and ask them simply about how your attacker, and plan to defense accordingly. Remember evidence of removing your data, learning from the partners and checking their safety before sharing the data. This value will be offered to align your defenses and verify your controls in a digital twin environment.
Second, implement the constant management of the mark on any errors or misfortunes in the drive in the nearby time, benefiting from artificial intelligence to lead your discovery. Automated learning to generate abnormal information provides a rich source of “things that can be bad but definitely different” to sort the noise of millions of events to find 10 useful.
Third, Amnesty International used response procedures, this is the final state, and it must be planned and dealt with carefully, because the active mechanical response can affect business and continuity, however assuming breach, removing wrong cracking operations, containing (and release) to provide time to investigate broken activities and issuance.
As always, security is a double -edged sword, the way to make things safe is to stop and stop them, but this means that it is clear that you cannot achieve any work value of the original. These types of attack require a different approach to the implementation of the continuous zero and CSPM confidence with automatic responses, if done properly, it will provide you with the best in the two worlds, and to respond to AI's attacks by Amnesty International on the scale and speed of Amnesty International, but if this is done without thinking, planning, expert support and knowledge, it is possible to create important business problems.
Are there any real examples that you can share on how to successfully adapt organizations?
I recently worked with an accident. After Sharing DFIR, they asked us to look at the maturity of their defenses, we helped them take the following measures safely:
(1) Deporting the ID controls to the IAM system for companies by using a PAM solution. This means that policies, monitoring and (after planning and testing) were consistent throughout the institution) the automatic responses were consistent in all environments
(2) Merging the test and treatment in their construction pipelines (reduce the risk of spreading exploitation code).
(3) Merging their production environment, with the exception of some of the important systems that served customers, in the automation of Soar (automation of security and response synchronization) and building appropriate play books to contain (and issuance of suspected assets and resources.
(4) Continuous CSPM)
(5) Extending their EDR tools in the production environment
(6) More training for their resources, including sessions that are particularly focused on developers and architects and fake video examples in the real life of the entire company.
Photo by Growtika on Unsplash
Do you want to learn more about cybersecurity and cloud from industry leaders? Chear Security & Cloud Expo, which is held in Amsterdam, California, and London.
Explore the upcoming web events and seminars with which Techforge works here.
