In an email interview with CIOAXIS, Satnam Narang, Sr. Staff Research Engineer, Tenable, shares his insight on Artificial Intelligence and Cybersecurity…
Q1. Which are the key security areas that you would identify which will change the course of the security Industry?
Generative AI is one of the most transformative innovations of the last few decades. GenAI can revolutionise cybersecurity, especially when it comes to threat detection and response. It acts as a force multiplier in an industry struggling with skill shortages, enhancing efficiency and productivity by swiftly processing and delivering critical information when it matters most.
GenAI can transform how security teams prevent successful attacks by aiding in analysis, decision-making and guidance. When built on a large repository of exposure data, GenAI helps analyse the breadth and depth of data and context across the ever-expanding attack surface, helping gain valuable insights into potential vulnerabilities, threats, and misconfigurations, identifying which ones matter the most. Such contextual understanding of the threat landscape is changing the course of the security industry.
Q2. How can InfoSec leaders harness the power of AI-Powered Security Solutions that can analyse data, detect patterns, and make intelligent decisions on their own?
AI is everywhere, in almost everything we do, including cybersecurity solutions. The real question is, what can innovation in the AI space do for cybersecurity? The answer is achieving preventive security posture. Here’s how AI can enable it: Firstly, it offers visibility. Visibility is the cornerstone of any security program. AI solutions continuously monitor the network through passive listening and active queries. It helps Infosec teams adapt their security measures to the evolving threat landscape and changes in the network environment. Continuous monitoring makes way for maintaining an inventory of all assets and risks both in the cloud and on prem, including device information, network connectivity, configuration settings, operational data, misconfigurations, location, and lifecycle information.
Asset inventory enables security practitioners to map attack paths. To identify the most critical attack pathways, it’s necessary to factor in multiple parameters, such as asset risk level, attack path length, communication methods, and external vs internal connectivity, to allow for improved prioritisation and remediation.
Q3. With various cyber threats and data breaches, how can CISOs force the security of an organisation from a model of “strength” to one of “resilience”?
CISOs need to advocate for a proactive approach to cyber risk management. They must proactively understand the threat landscape, including vulnerabilities, misconfigurations in the cloud, visibility into internet-facing assets, web apps, and attack path analysis. CISOs also need insights into how well they compare against the market and their peers in these areas. Beyond what the risk is, they need to learn how to prevent attacks from happening instead of constantly reacting to threats.
Exposure management gives CISOs and security teams concise and meaningful output, painting a big picture of the attack surface. It answers the most important questions — How secure are we? And have we reduced our cyber exposure effectively? This is the first step in building resilience.
Q4. How can AI help in gathering and analysing data on emerging cyber threats to identify potential attackers and understand the tactics they use?
With cyberattacks increasing in scale, security teams spend more time analysing different entry points into the organisation, as well as numerous tactics, techniques, and procedures. From the attacker’s perspective, it often only takes one entry point to move laterally and gain authorised access to business-critical assets. Cybersecurity professionals need attack path analysis to tackle this problem. It combines insights from vulnerability management, cloud security, web applications, and identity exposures so organisations can understand their risk from an attacker’s perspective. It enables informed and targeted cyber defence strategies because teams can think like attackers.
When integrated with GenAI, it can provide succinct summaries of attack paths and attack graphs. It can also provide specific mitigation guidance for each attack path, enabling security teams to prioritise remediation. Teams no longer need hours to look up patching information or different strategies for authentication as all of it is automated.
Q5. In the dynamic AI-cybersecurity system that quickly finds and responds to online anomalies in real time, how can business leaders balance AI-driven protection and data privacy?
As AI usage becomes more prevalent, security teams must get full visibility into these AI applications. According to Tenable’s researchers, there have been over 400 vulnerabilities disclosed in AI applications so far. However, we are only scratching the surface with AI, and these systems need to be secured to ensure valuable data is protected.
Organisations must build a comprehensive inventory of AI applications in the environment and correlate with those that have been approved by the AI governance board of the organisation. Security teams must regularly scan the environment to detect anomalies. They must remediate vulnerabilities and misconfigurations that could pose the greatest risk frequently. More importantly, organisations must never trust user inputs, and AI isn’t an exception. Robust zero-trust practices, even with AI, are recommended along with the first principles of security and security best practices — validate, validate, validate.