Search This Blog

Showing posts with label Automation. Show all posts

The Need of Identity Security: AI and CyberSecurity Hand-In-Hand

 

Automated processes powered by artificial intelligence (AI) are reshaping society in significant ways, from robotic assembly lines to self-driving cars. However, AI cannot do everything on its own; in fact, many organizations are realizing that automation works best when it collaborates with a human operator. Similarly, when well-trained AI assists them, humans can often operate more efficiently and effectively. Identity security, in particular, is an excellent example of a field where augmenting the human touch with AI has produced extremely positive results.

Consider the sheer number of identities that exist in today's world. Users, devices, applications, servers, cloud services, databases, DevOps containers, and a plethora of other entities (both real and virtual) now require identity management. Furthermore, in order to be productive in enterprise environments, modern employees use a wide range of technologies and data. Together, these two dynamics pose a challenge for identity security — at today's scale, determining which identities require access to which systems are well beyond human capacity.

This is significant because cybercriminals are increasingly targeting identities. According to the most recent "Verizon Data Breach Investigations Report" (DBIR), credential data is now used in nearly half of all breaches, and stolen credentials are one of the most common ways attackers compromise identities. Attackers use a variety of methods to obtain those credentials, the most common of which is social engineering. Hackers have gotten very adept at recognizing ways to trick people into making mistakes. This is a major reason why today's attackers are so difficult to stop: Humans are frequently the weak link, and they cannot be patched. It is simply not possible to create a preventative solution that will stop 100% of attacks.

This is not to say that preventative measures such as employee education, multifactor authentication, and frequent password changes aren't necessary; they are. They are, however, insufficient. A determined attacker will eventually find a vulnerable identity to compromise, and the organization will need to know what systems the attacker had access to and whether those privileges exceeded its actual needs. If an accountant's user identity is compromised, that is a problem — but it should be limited to the accounting department. However, in a company where overprovisioning is common, an attacker who compromises a single identity could gain access to a variety of systems.

This is a more frequent problem than you might think — when an organization has tens of thousands of identities to manage, it is tricky to ensure that each one has privileges that correspond to its essential functions.

It used to be, at least. When applied to identity security, AI-based technologies have enabled enterprises to not only manage identity permissions at scale but also to evolve identity security decisions over time to ensure that they match the changing needs and dynamics of the business. AI can be trained to recognize patterns that normal human users would miss. 

For example, they may look for permissions that are rarely used and recommend that they be revoked — after all, why risk allowing an attacker to exploit them if they aren't being used? These tools can be trained to recognize when the same type of user repeatedly requests access to specific data. They can then report that information to an IT team member, who will determine whether additional permissions are required.

AI-based identity tools can help to develop more appropriate permissions for identities across the organization by identifying these patterns, while also providing IT staff with the information they need to make aware decisions as circumstances change. AI tools ensure that giving up a single identity does not grant an attacker complete control of the system by removing extraneous, unnecessary permissions. They also imply that, rather than impeding productivity, the IT team can boost it. They can ensure that all identities under management have access to the technology and data they require by quickly identifying when it is safe and appropriate to grant additional permissions. None of this would be possible unless humans and AI collaborated.

Gone are the days when managing identities and their permissions could be done manually; today, ensuring that each identity has the appropriate level of access requires significant assistance from artificial intelligence-based technology. Organizations can merge the speed and accuracy of automation with the contextual judgment of human decision-making by augmenting the human touch with AI. Together, they can assist organizations to manage their identities and entitlements more effectively while significantly reducing the impact of any potential attack.

Cyware is Changing the Cybersecurity Landscape

 

Cybercriminals often have an equivalent or sometimes superior technical prowess as their cyber security counterparts! This has led to an ever-evolving landscape of cybercrimes that constantly outsmart modern cyber security technologies. So, does that end our fight against cyber threats? No, the answer lies in increasing cognizance and implementation of automation technologies.

Akshat Jain, CTO & Co-founder, of Cyware shared his vision and the role of automation technologies in eliminating cyber threats. Here are the key points he discussed in an interview with Elets CIO: -

The vision of Cyware 

Anuj Goel and I started the company in 2016 with the vision of assisting organizations to reimagine the way they approach and manage cybersecurity. Our prior experiences in steering large security and technology teams made us realize the inadequacies of reactive, manually-driven, and intelligence-deprived cybersecurity strategies that put organizations at a disadvantage against threat actors. 

Today, Cyware is helping organizations transform their security postures through our cyber fusion solutions that combine the capabilities of Threat Intel Platforms (TIP) and Security Orchestration, Automation, and Response (SOAR) to make security proactive and to integrate and accelerate different security functions, including threat detection, response, vulnerability management, threat hunting, and others. 

Role of Automation in advanced security operations 

Automation plays an important role in the enrichment, correlation, analysis, and last-mile delivery of this threat intelligence to different teams within an organization or with external partners, industry peers, regulatory bodies, and information sharing community (ISAC/ISAO) members, and others. Using this telemetry, they are expected to take mitigating actions to contain and respond effectively to those threats. 

“Automation assists in detecting the variety of threats by using historical indicators of compromise (IOCs), and the knowledge of threat actors’ tactics, techniques, and procedures (TTPs) to trigger machine-driven detection alerts. From there, security teams can once again automate containment actions to ensure that a threat does not spread laterally across their systems and networks, thereby minimizing the impact of a threat. 

Response actions needed to finally eliminate the threat can also be executed rapidly through automated workflows leveraging security orchestration for information exchange and actioning across a variety of tools,” Jain explained. 

 Importance of Cyber Innovation and Global Collective Defence in the cloud-first economy

Cyber innovation is the need of the hour to help organizations adopt new security technologies and strategies to deal with these new challenges. With the increasingly distributed nature of today’s work environment, it is essential to boost collaboration in cybersecurity across all sectors to develop collective defense strategies for resilient cyberspace for all. 

As threat actors become stealthier and quicker, organizations should also make smart use of threat intel collected from both internal and external sources to drive proactive actions against potential threats to their infrastructure. 

Cyware’s progress in designing a first-of-its-kind global collective defense network 

Cyware is creating the first-of-its-kind global collective defense network through its advanced cross-sectoral threat intel sharing platforms that link all the stakeholders within an organization, as well as its business partners, vendors, industry peers, national CERTs, information sharing communities (ISACs/ISAOs), and others.

The network will assist organizations in sharing strategic, tactical, technical, and operational threat intelligence in real-time to ensure a timely response to various threats. More than 20 information-sharing communities (ISACs, ISAOs, and CERTs) from financial services, automotive, space, aviation, healthcare, retail, energy, and manufacturing sectors, among others, are using Cyware’s solutions to share threat intelligence with their 10,000+ member organizations.

Mitigating Software Security Flaws with Automation

 

A group of UTSA researchers is investigating how a new automated approach could be used to prevent software security vulnerabilities. The team intended to create a deep learning model that could train the software on how to automatically extract security policies. 

Unlike traditional software development models, the agile software development process is intended to deliver software more quickly, eradicating the requirement for lengthy paperwork and changing software requirements. The only required documentation is user stories, which are specifications that define the software's requirements. However, the fundamental practises of this method, such as frequent code changes, restrict the capacity to perform security assurance evaluations.

Ram Krishnan, associate professor in the UTSA Department of Electrical and Computer Engineering stated, “The basic idea of addressing this disconnect between security policies and agile software development came from happenstance conversation with software leaders in the industry.” 

Before arriving on a deep learning strategy that can handle several formats of user stories, the researchers looked at various machine learning approaches. To conduct the prediction, the model is composed of three parts: access control classifications, named entity recognition, and access type classification. The software uses access control classification to determine whether or not user stories contain access control information. The actors and data objects in the storey are identified by a named entity. The link between the two is determined by the access type classification. To evaluate their approach, the researchers used a data collection of 21 online applications, each with 50-130 user stories (a total of 1,600). 

Krishnan stated, “With a dataset of 1,600 user stories, we developed a learning model based on transformers, a powerful machine learning technique. We were able to extract security policies with good accuracy and visualize the results to help stakeholders better refine user stories and maintain an overview of the system’s access control.” 

According to Krishnan, this unique new method will be a valuable tool in the modern agile software development life cycle. A manual method of extracting security policies would be error-prone and costly because agile software development focuses on incremental modifications to code. It is just another area where machine learning and artificial intelligence have proven to be effective. 

He further added, “We recognize that there is little additional information about access control that can be extracted or determined directly from user stories in a fully automated approach. That means it is difficult, or impossible, to determine a software’s exact access control from user stories without human involvement. We plan to extend our approach to make it interactive with stakeholders so that they can help refine the access control information.”