Unlocking the Power of AI: Automation to Tackle Growing Threats
The role of AI in cybersecurity, particularly its ability to offer enhanced context to threat alerts, was an engaging topic of discussion during the talk. In June, Hadrian's CEO, Rogier Fischer, joined by Martin Borrett from IBM and Alonso Bustamante from Cloudflare discussed the future of AI in cybersecurity at London Tech Week In this blog we analyze the key factors driving AI in cybersecurity.
Cybersecurity Workforce Shortage: Strain on Small Teams facing an Evolving Threat
Since 2021, the need for cybersecurity professionals has increased over 25% - the (ISC)2 2022 workforce study reveals that in 2022 there was still a need for 3.4 million additional workers.
And, as positions are increasingly becoming harder to fill, methods employed by threat actors and the criminal landscape are becoming progressively organized.
The business for access as a service provided by Initial Access Brokers groups is growing and ransomware operations such as LockBit are becoming structured organizations in their own right. In 2022 a LockBit 3.0 big bounty hunt boasted a $1 million top prize to find exploitable vulnerabilities.
Small to medium sized businesses especially adapt and improve in order to continue to secure their defenses effectively despite fewer resources.
The Power of Artificial Intelligence to Automate Time-Consuming Tasks
The good news is that by harnessing the power of AI, smaller teams can streamline and automate tasks allowing team members to focus on the all-important job of remediation. Data analysis of an organization's attack surface that once would have consumed hours of valuable time can now be done continuously by AI behind the scenes.
AI has the ability to process vast datasets and detect patterns helps security teams identify hidden or subtle indicators of potential threats, which might have been overlooked otherwise.
Rogier Fischer, CEO
Hackers recently used a vulnerability in Progress Software’s MOVEit Transfer tool to breach dozens of high profile companies from the banking, education and technology industries. When details of the attack were first announced, Progress Software issued an advisory recommending immediate action, including blocking external traffic to specific ports, checking for unexpected files in folders, and shutting down any MOVEit transfers until a patch could be installed.
Completing the advised security actions was a daunting task for most security teams. Reviewing an entire attack surface to ensure that MOVEit Transfer was no longer available was difficult as most organizations did not necessarily know they were using the software. Here’s where continuous monitoring, enabled by AI, could be a great help. It could not only find exposed MOVEit Transfer instances, but it could also confirm whether the version being used was vulnerable to the attack. The AI could then quickly identify and tag any risks for remediation.
Reducing Alert Fatigue: Enhancing Vulnerability Alert Context with AI
In addition, AI can also play a role in providing contextualisation ensuring security teams not only have a full understanding of their attack surface but are armed with a prioritized list of vulnerabilities to address.
A large amount of not necessarily relevant alerts demands a considerable amount of time and effort from the cybersecurity team to review and investigate each one. Additionally, it becomes difficult for the team to respond promptly to genuine threats. As a result, the mean time to respond (MTTR) to security incidents may increase, leaving the organization vulnerable for extended periods.
Harnessing AI can also assist in the ability to not only analyze extensive volumes of data from an organization's attack surface but also to translate it into actionable and relevant tasks for security teams.
Hadrian’s Proprietary Orchestrator AI
Hadrian’s AI is built to automate a wide array of attack surface management scenarios. Orchestrator AI discovers and contextualizes assets automatically, discovering potential threats and vulnerabilities that could pose a risk to the organization. Whenever a potential risk is found, the platform activates the corresponding testing to verify it or remove it if it is a false positive, all autonomously.
Considering the vast number of potential risks, manually carrying out these operations would be a huge task, which is why red teaming and penetration testing are usually carried out annually. However, the Hadrian Orchestrator AI, can perform these actions autonomously to detect a wide array of attack paths with no human intervention.
Finally, Hadrian’s risk prioritization page helps security teams understand what you should focus on with prioritized risks. We use Natural Language Processing Modules to assess and class assets by severity enabling SOC teams to have a clear view of what the most urgent and relevant risks to resolve are. When marked as resolved, risks are automatically tested and validated.
Contact us to see Hadrian’s Orchestrator AI & Risk Prioritization capabilities in action.