Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

7/28/2020
02:00 PM
Greg Jensen
Greg Jensen
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
100%
0%

Autonomous IT: Less Reacting, More Securing

Keeping data secure requires a range of skills and perfect execution. AI makes that possible.

Artificial intelligence (AI) is a game changer in fighting cybercrime and defending data, and it can be decisive in turning the tide against hackers, thieves, and saboteurs of critical data. While IT systems use many automatic processes, they largely operate without any real awareness of the IT environment around them. However, 2020 will be the year when more companies reap the benefits of AI-powered autonomous systems.

On the tech side, this is partly because cloud computing has driven availability of affordable and reliable computing, storage and networking that make the application of AI affordable. That technological firepower along with the emergence of massive datasets to feed models now make AI a realistic option for applications including self-driving cars, factory gear, retail recommendation engines, truly helpful business chatbots, and the like.

People see these AI applications maturing at work, and that success stokes confidence that AI can solve real problems, driving still more demand. Autonomous IT is like the aforementioned self-driving car — not just spotting the pothole in the road, but changing lanes to avoid it. Unlike first-generation AI systems, which spot problems, second-generation autonomous systems act on the patterns they see. A Gen 1 AI might evaluate network traffic patterns to spot unpatched systems, but it still requires a human administrator to step in and schedule a patch. Gen 2 autonomous AI will not only spot the unpatched system but also take proactive action to apply an update, only informing an administrator after the problem is solved.

There are four areas where the rise of autonomous systems will soon have the most impact:

  • Scaling security: Autonomous systems will help people deploy and maintain IT environments at large scale. With the number of Internet-connect devices expected to jump from 8 billion in 2019 to 41 billion in the next eight years, security at scale will be a central challenge for future security specialists. Autonomy helps by making such work not only faster but also more consistent and better aligned to organizational information security policies and priorities.

  • Shrinking the talent gap: With global cybersecurity workforce shortages projected to reach 3.5 million people by 2021, freeing up cybersecurity talent for more important tasks is essential for improving security. As autonomous IT takes a bigger role in patching, configuring, and managing the complex hardware and software that underlies most systems, IT professionals will be able to focus on more strategic efforts. Even better, as autonomous systems work consistently and tirelessly, they can help prevent many of the human errors that threat actors can exploit.

  • Less reacting, more securing: Depending on what industry you're looking at, the average time it takes to remediate a breach once it's been detected is between 112 days and 447 days — or 3 to 14 months of potentially critical exposure. As autonomous systems handle more of the nitty-gritty collection and analysis of network traffic and data, people will be freed from combing network logs to do high-level, complex system analytics. With more time to do analysis, and more context around the data they are analyzing, security specialists will be able to spot and address more sophisticated threats while shortening the response timeline.

  • Making insiders less threatening: Corporate insiders who misuse their access to steal or manipulate data represent one of the most persistent, and difficult, cybersecurity problems. This kind of attack usually uses root access to system that was granted to support basic IT administration and management. As autonomous systems perform more of this work, and people focus more with broad-based system analytics, fewer people will need such direct access, reducing the opportunities for abuse.

Facing the Cyber Dangers Ahead
Keeping data secure requires a range of skills and perfect execution. Given the complexity and volume of threats facing IT systems, human defenders need insights into the changing threat landscape. With that knowledge and preparation, combined with the sophisticated AI and machine learning technologies, organizations will be best able to contend with expanding and accelerating threats.

Related Content:

 

 

Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Greg Jensen is a Director of Security Strategy at Oracle Corporation addressing the risk and challenges to the hybrid-cloud. He is also the Senior Editor of the Oracle and KPMG Cloud Threat Report and Oracle CISO Report with a key focus on developing cloud security ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
karenwalshjd
50%
50%
karenwalshjd,
User Rank: Author
7/29/2020 | 3:12:27 PM
Deciphering Quality
The most difficult part of investing in AI is the sheer number of products out there. Not only do people still feel there's a "Terminator" quality to AI (not true) the algorithms underlying it are often proprietary which makes purposeful purchasing decisions difficult.
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34390
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function.
CVE-2021-34391
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel�s tz_handle_trusted_app_smc function where a lack of integer overflow checks on the req_off and param_ofs variables leads to memory corruption of critical kernel structures.
CVE-2021-34392
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service.
CVE-2021-34393
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.
CVE-2021-34394
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with multiple occurrences of the same parameter. The deserialization of untrusted data might allow an attacker to exploit the deserializer to impact code execution.