by Gaurav Banga, CEO and founder, Balbix
As companies continue digital transformations and all assets become connected, the number of potential entry points for cyber-attacks continues to grow as well. Similarly, with the evolution of technology, cyber-criminals develop new and more advanced attack methods, adding to an already substantial arsenal. Today, there are more than 260 potential attack vectors, including phishing, credential theft, misconfiguration and weak or shared passwords. Cybersecurity has reached a point of scale where humans must leverage tools that incorporate artificial intelligence in order to effectively keep pace.
To understand why this is the case, let’s look at the math: Figure 1 depicts a modern attack surface–with what things can go wrong listed along the vertical axis and where these things can go wrong in a corporate environment listed along the horizontal axis. Let’s take just the asset class of business apps and just the attack vector of shared passwords as an example. A Fortune 500 or 1000 size company will easily have more than 750 apps and 1,500 users for each app. The risk multiplies to more than 1 million potential shared passwords (e.g. a user has the same password for Facebook or LinkedIn as they do for Salesforce.com or Office 365). Imagine the full scale of the “attack surface” when you do similar math for hundreds of asset types (especially when you add in the growing number of IoT, BYO and other non-managed assets, as well as the assets of supply chain, reseller and other business partners), and more than 260 attack vectors.
This attack surface picture has tens of millions of time-varying cybersecurity-related factors that need to be analyzed for small organizations (500+ users), and hundreds of billions of factors for the largest organizations. Not even the most talented and well-staffed security teams can handle the sheer volume of potential security incidents at this scale.
Furthermore, for each attack surface point in Figure 1, there are four calculations that need to be performed to evaluate the breach risk at that point. These calculations are 1) the security configuration, 2) the threat level 3) the business impact/criticality of the corresponding asset and 4) the effect of any deployed mitigating controls, such as relevant security products and processes. These calculations yield a risk heatmap which identifies areas of concern where action is needed. Using actual risk rather than templated security system scoring is important to align security actions with business outcomes. This concept is demonstrated in Figure 2.
Clearly, it is impossible for humans to continually monitor and assess breach risk for every single IT asset across more than 260 different attack vectors, especially not in real-time. Enterprises need security infrastructure and tools that leverage the power of artificial intelligence and machine learning to be able to tackle this scale of analysis and reporting, while yielding an output that is easy for humans to digest and act upon.
Adding Another Layer to the Equation
Further muddling the waters and adding to the complexity of modern cybersecurity is that user behavior must be tracked as well. For example, a company needs to know how much phishing behavior (clicking on bad links) is occurring and which users are the most vulnerable because they consistently use the same password across numerous platforms. If those users have access to core servers, apps and other infrastructure, companies need to be especially concerned and intervene.
The “superpower” of AI/ML is being able to do automated and intelligent threat and vulnerability discovery and analysis, mimicking the capability of 100,000 tireless security personnel who don’t actually exist–at least not dedicated to one company. Some advanced tools can also produce prioritized lists of prescriptive fixes, but the tools are not actually going to make final decisions of what actions to take or implementing the fixes. Humans are still needed to act on the information that AI/ML tools produce. This also frees up time for humans to turn their attention to the larger strategy behind their company’s security posture and help the security program become more outcome-oriented.
AI-enhanced security platforms are needed to find, analyze and recommend how to fix or mitigate the risk in large ecosystems. Ultimately, humans and AI will work hand-in-hand to stay abreast of security issues and in doing so will protect their companies from devastating breaches. Companies that are quicker to adopt advanced AI/ML tools will be in a better position to thwart attacks and protect the sensitive data their customers, employees, partners, etc. trust them to keep secure.
About the Author
Gaurav Banga is the founder and CEO of Balbix, and serves on the boards of several companies. Before Balbix, Gaurav was co-founder and CEO of Bromium and led the company from inception for over five years. Gaurav has a Ph.D. in computer science from Rice University, and a bachelor’s degree in computer science from IIT Delhi. He is a prolific inventor with more 60 patents. Gaurav can be reached online at @gaurav_banga and at our company website www.balbix.com.