As the cyber-threat landscape evolves, organizations need their infrastructure to play a more active role in protecting their enterprise, especially in today’s multi-cloud world.
I recently had the opportunity to share my perspective on this topic at RSA Conference 2023 – a fitting place to think big about how to prepare for increasingly sophisticated attacks. The conference brought together leaders and experts sharing insights on everything from combatting new cyber threats to grappling with the implications of generative artificial intelligence (AI). One thing that became crystal clear at this year’s event: incremental thinking and a lack of imagination could cripple our cyber-security defenses if we are not careful. This stark reality was driven home by Alicia Lynch, Chief Security Officer and CISO at Cognizant, who joined me onstage to share her perspective on how security roles and architecture are evolving.
It's easy to forget just how essential technology is in our daily lives, spanning everything from our finances to healthcare to how we store our precious photographs. There are now 8 billion people across the globe who depend on software and systems to function without a glitch every day– and it’s a comparatively small group of cybersecurity professionals who bear the responsibility of protecting those systems from attack.
Unfortunately, bad actors are in the process of getting a major upgrade to their capabilities—one that could potentially tilt the scales in their favor. Of course, I’m referring to generative AI technologies, which can help us do amazing things, but have been rolled out very rapidly without a full reckoning of the implications. Numerous industry experts have already demonstrated the many ways in which generative AI can be exploited, potentially giving someone with little to no coding experience the ability to pull off sophisticated attacks.
With so much at stake, I believe we need to shift the way we think about security in 3 key areas.
#1: Outsider attackers look like knowledgeable insiders.
If we want to catch an outside attacker, we now need to look for tactics that a knowledgeable insider might employ. Not long ago, the vast majority of attackers were a bit like bungling burglars: to gain a foothold, they typically would take advantage of a known vulnerability, and pretty quickly they would give themselves away by making a series of lateral moves in search of a monetizable prize. Their behavior was obviously anomalous, and therefore relatively easy to identify and block with foundational capabilities like segmentation and basic anomaly detection.
Those days are over. Today’s attacks are more akin to a sophisticated Ocean’s 11 heist.
In 2023, master cyber criminals typically walk in through the front door using stolen credentials or similar techniques that make them indistinguishable from legitimate traffic. Once inside, they remain quiet for weeks or months, “living off the land” and carefully building intelligence on your network. Often their strategy is to get to know your network better than you do. And when they finally go for the monetizable prize, they are able to do it with just 2 or 3 stealth moves.
The question is: in a world where bungling burglars can now emulate master cyber criminals, how do you find and evict attackers before they do damage? The answer lies in gaining full context of your environment - an end-to-end view that encompasses user behavior, the who/what/how/where/when of end-user devices, which networks are being traversed, which apps are being accessed, and the data sets that the apps are utilizing across your private and public cloud environments.
#2: AI anomaly detection alone lacks the ability to accurately detect anomalies.
You can have the best AI, but without complete data it cannot accurately detect anomalies.
And today, there are a lot of data gaps limiting what AI can see.
For instance, I have yet to meet a customer who has successfully backhauled 100% of their datacenter traffic using security appliances—physical or virtual. By definition, that means most enterprises have a lot of blind spots.
And then there is the issue of encryption. 65% of East-West network traffic today is encrypted.
On one hand, that's good for security, as the more traffic is encrypted, the harder it is for attackers to succeed. On the other hand, encrypted traffic is less likely to be inspected by security teams due to regulations and privacy concerns. This represents another critical blind spot.
Making security intrinsic to your infrastructure can close many of these gaps and give security teams a strategic advantage. It allows you to move security closer to the workload, eliminating the need to backhaul traffic or deploy network taps and eliminates blind spots.
The intrinsic advantage for security applies equally to enterprise and modern applications. While the tools you use are often different, because enterprise and modern applications have different architectures – but the underlying intrinsic security approach is the same. The key is an ability to see all the connections and all the conversations taking place across those connections, so you can clearly and quickly distinguish friend from foe even on legitimate pathways.
#3: A strong ransomware defense should go beyond defending against ransomware.
Simply put, a strong defense isn’t just about defending against ransomware. The undeniable reality is that no matter how good your defenses are, an attacker might still get through. One approach that’s gaining traction is to empower your infrastructure to take snapshots of your entire workload, with the ability to verify in real time whether those snapshots are clean. With this approach, you automate one of the scariest and hardest problems facing any business. The result is that even a successful attack will not stop you for long, because you can recover your critical apps and have them up and running almost instantaneously. Bottom line: ransomware recovery should be an essential part of your ransomware defense.
In summary, I strongly believe that by combining automation and the cloud operating model we can significantly strengthen our security postures. We already have the tools to meet today’s challenges – if we’re willing to evolve our mindsets and embrace a New Ground Truth for Security.
VMware announced a range of new innovations at RSA 2023 to provide organizations with greater protection against cyber-attacks.