GDG Cloud Southlake #35: Aravind Iyengar: The Role of AI in Cyber Risk Management
- 1. © 2024 Balbix. All rights reserved. The Role of AI in Cyber Risk Management 8/28/2024 Aravind Iyengar
- 2. 2 © 2024 Balbix. All rights reserved. Cyber Risk Management at a crossroads Exploding Attack Surface Rampant Threats Accelerated AI Capabilities
- 3. © 2024 Balbix. All rights reserved. Exploding Attack Surface
- 4. 4 © 2024 Balbix. All rights reserved. The Diverse and Shape-shifting Attack Surface • Large and diverse inventory ▪ Influenced by waves of technologies ▪ Novel capabilities or productivity boosts Networking Systems End-user Compute Web Applications OT / ICS Mobile devices Cloud Assets IoT AI
- 5. 5 © 2024 Balbix. All rights reserved. Ingredients for a robust Security Practice • Portfolio of tools for management & monitoring ▪ Requires diverse skill sets & practices ▪ Creates silos of visibility & islands of knowledge CSPM ASPM DevSecOps IT CMDB VM CNAPP XDR EDR SOAR SIEM IPS/IDS IAM PAM
- 6. 6 © 2024 Balbix. All rights reserved. The impossibility of Cyber Risk “Management” • Diverse KPIs • Disparate languages Risk Assets Softwares Vulnerabilities Controls Policies
- 7. 7 © 2024 Balbix. All rights reserved. The impossibility of Cyber Risk Management with traditional approaches Diverse Attack Surface Portfolio of Tools Disparate Languages
- 8. © 2024 Balbix. All rights reserved. Rampant Threats
- 9. 9 © 2024 Balbix. All rights reserved. The Vulnerability in identifying Vulnerabilities • Manual analysis unable to keep up • No consensus on communication standards ▪ CPEs – not enforced as unique identifiers ▪ CPEs vs. PURLs • Increasing reliance on FOSS ▪ Significantly compounds this problem Image credit: https://www.conquer-your-risk.com/
- 10. 10 © 2024 Balbix. All rights reserved. The Avalanche of Exploits • Remediation practices are falling behind significantly! Image credits: Verizon DBIR 2024 • Meanwhile… ▪ Exploit volume is increasing ▪ ~3x more Y-o-Y ▪ Time-to-exploit is shrinking ▪ ~14x shorter for critical vulnerabilities
- 11. 11 © 2024 Balbix. All rights reserved. The Failure of Prioritization • CVSS inefficient ▪ >50% of CVEs have 7+ scores • EPSS / Threat indicators good for threat hunting ▪ Not for VM • At ~150 new CVEs / day ▪ No option but to prioritize ▪ But no way to prioritize! • And what about all the non-CVE vulnerabilities?!
- 12. 12 © 2024 Balbix. All rights reserved. The impossibility of Cyber Risk Management with traditional approaches Diverse Attack Surface Portfolio of Tools Disparate Languages Vulnerability Identification Vulnerability Avalanche of Exploits Failure of Prioritization
- 13. © 2024 Balbix. All rights reserved. Accelerated AI Capabilities
- 14. 14 © 2024 Balbix. All rights reserved. The Journey of AI • Turing test – 1950 ▪ Intelligence as equivalent to indistinguishability with humans • Shannon’s theory of Communication – 1948 ▪ Information (in language) as a measure of unpredictability (of the next word) • Revival of the neural networks – 1980s ▪ Universal Approximation Theorem ▪ “Probably Approximately Correct”
- 15. 15 © 2024 Balbix. All rights reserved. The AI Renaissance • Supervised learning • Stepping stones ▪ Parallel & distributed compute ▪ Larger labeled datasets • Powerful neural network architectures ▪ Deeper than wider – deep learning ▪ Long Short-term Memory, Convolutional Neural Networks ▪ Transformer & attention • Limited by availability of labeled data Image credit: Wikipedia
- 16. 16 © 2024 Balbix. All rights reserved. LLMs: Circling back to where it started • Language model ▪ Predict the next “word” ▪ “Self”-supervised! ▪ Bigger is better – “large” models Image credit: www.nextbigfuture.com • Arguably passing the Turing test! • Open-source LLMs closing the gap with closed-source!
- 17. 17 © 2024 Balbix. All rights reserved. What can we do with this? • Make sense of textual data – irrespective of the “language”! ▪ Comprehend information from different tools • Cleanse data – map it to known & well-understood entities ▪ Sanitize and normalize information • Deduplicate and consolidate ▪ Corroborate across sources and resolve conflicting information • Draw inferences to link concepts ▪ Deduce with logic and interrelate pieces of information • Categorize and catalogue ▪ Organize and operationalize • Reason and quantify ▪ Prioritize based on subject-matter expertise • Justify, explain and interact in simple, human language!
- 18. 18 © 2024 Balbix. All rights reserved. The AI Blueprint for Cyber Risk Management • Cast a wide net with automated AI inferences ▪ Immediately operationalize to remediate high-confidence top-risks • Remove blind spots ▪ Plug gaps in visibility and low-confidence data points by adding appropriate tools, particularly where expected to be material • Spot-check ▪ Reserve expert resources for scrutiny in high-impact scenarios • Maintain & govern ▪ Book-keep and drive compliance of policies and SLAs ▪ Introspect to ensure requirements are in line with risk tolerance
- 19. 19 © 2024 Balbix. All rights reserved. The possibility of Cyber Risk Management with AI Bring all data together Comprehend, sanitize, correlate & deduplicate inventory Deduce & infer vulnerabilities Evaluate controls & mitigations Quantify risk exposure Prioritize & operationalize
- 20. 20 © 2024 Balbix. All rights reserved. At a crossroads… • Stick to manual approaches • Show the busy work of tackling a small sliver of issues that are not particularly correlated with risk Ignorance is bliss • Assess all issues with AI automatically • Show the smart work of tackling all high-risk issues identified, with robust and data-driven justification of assessments Knowledge is power
- 21. © 2024 Balbix. All rights reserved. Sign up for a Demo of Balbix today!
- 22. Thank you © 2024 Balbix. All rights reserved.