As threats become more prominent, it’s important to pose the question: what actually brings clarity? It’s a question that we can struggle with, but we may simply not be approaching it in the right way.
This is a time when major companies are making headlines for all of the wrong reasons. Latitude Financial, the financial services provider operating across Australia and New Zealand, has released details of a cyber attack and data breach that has impacted 225,000 of their customers.
In such a state, visibility is fundamental, with the likes of artificial intelligence (AI) arming us with greater ability to understand our attack surface and catch threats fast.
Bringing unknowns into the light to improve security posture
Let’s first consider unknowns. The last couple of years have led to significant changes in how we work, and these changes have led to a larger attack surface, more vulnerabilities and exploits, more tools and alerts, and smaller, more overworked teams. Meanwhile, attackers are more evasive and more sophisticated in their infiltration methods.
It’s true that oftentimes our attack surface is far larger than we assume. It’s not an uncommon statistic to only see 50% of assets logged as endpoints, with the additional IP addresses routers, switches, printers, cameras, telephones and other services. These additional IP addresses could be personal devices on a guest network, cloud computing services and container workloads, or even traditional server application services that are running hosts of activities that aren’t being monitored.
Gaining visibility over an attack surface means understanding threat vectors that sit beyond what you as a company own. Consider unauthorised access. An increasingly common term, this refers to the act of gaining access to a computer system, network or application without express permission or authorisation – as the name suggests.
As was recently reported, Commonwealth Bank of Australia’s Indonesian unit was recently heavily impacted by an incident involving unauthorised access of a web-based software application used for project management. Similarly, AT&T has recently publicly announced that back in January, an unauthorised person breached a vendor’s system and gained access to the company’s Customer Proprietary Network Information (CPNI).
Gaining visibility and clarity through expert tooling reduces the burden on security teams and greatly improves an organisation’s ability to understand threats and remediate them quickly and effectively.
The role of artificial intelligence in visibility and security
AI is a powerful tool in driving signal clarity and maximising the use of our now more visible attack surface. AI enhances signal clarity by allowing us to zero in on the behavioural aspect of attacks and considering all possible infiltration points.
Attackers may also be utilising AI or automation to speed up their attacks, but this doesn’t inherently change their behaviour. There are still certain actions they need to take to compromise a network, and these behavioural markers are what we can pick up on.
We hear from many organisations that they receive far too many false positives from their security tooling and security teams are inundated with information that they don’t know what to do with. Leveraging AI is not about replacing a human being, it’s about making what we do far more efficient and clarified.
Responding to threats to protect our systems and people
When it comes to response, we must know what to do with the attack alerts that come through, otherwise all our clarity is for nothing.
First, we determine what the attack is, and second what to do about it. There can’t be a blanket rule, we must be flexible, but we can create repeatable procedures that have flexibility built in. Metrics such as meantime to remediation can showcase the value and benefit of AI in terms of real outcomes and returns.
Moving forward we expect to see CISOs and security leaders invest more into tooling that improves efficiencies and supports security teams in sifting through alerts and uncovering threats in a sprawling and broad attack landscape. The solutions are there, and they’re getting better all the time, it’s just understanding what they are and how they can be integrated for maximum benefit.
Are you ready to respond and erase the unknown threat?