Amid enthusiasm around generative AI and debates over its risks, experts in the sector say integrating AI in cyber security will help security teams turn the tables against attackers for good.
Jeetu Patel, EVP and GM of security and collaboration at Cisco, says for the first time in his career he is cautiously optimistic about the state of cyber security in the coming years.
“In the past 30 years, the advantage has always been on the side of the adversary and the reason for that is they have to be right once and the defender has to be right every single time,” Patel says at a roundtable on AI at Cisco Live 2024.
Patel can now see this advantage changing hands, with optimism driven by the power of using AI and business data to predict advanced threats. With growing ease, businesses can use AI to determine how, where, and when attacks are going to happen.
“I can see a light at the end of the tunnel where you could see the scales tip in the favor of the defender because of a data advantage, where you might be able to better predict what is happening even before it happens, and that’s going to be a profound shift in security if we are were able to make that happen” Patel explains.
The offensive and defensive potential of AI as a technology was a recurring theme at Cisco Live 2024, with numerous announcements introducing the company’s latest efforts to bring AI security tools across its platforms and keep up with the rate at which threat actors are bringing AI onboard for attacks.
Patel tempered his optimistic message with an acknowledgment that attackers can and will benefit from AI advancements. “The same tools that we’re using are also being used by the adversaries and they’re going to get more sophisticated,” Patel said, warning that the phishing attack will no longer be riddled with typos and easy to distinguish, but tailored to its target.
“It will be very bespoke, very personalized … and when that happens it's something that will be much harder to decipher and distinguish between legitimate activity and a malicious attack.”
Identity solutions imperative to repel AI-powered social engineering
With an understanding that AI will benefit teams throughout the security landscape both good and bad, firms are under pressure to move fast to adopt intelligent defense systems. Speaking to ITPro, Matt Caulfield, Cisco’s VP of Product, leading the company’s identity strategy, expands on the growing trend of threat actors using social engineering attacks instead of finding and exploiting vulnerabilities in their software.
“When we think about how attackers start an attack chain they can do it in a few ways. One is to find a vulnerability in the software that the company is running. One way is to try to find an open port in the network and …. then move laterally.”
But Caulfield says these techniques are decreasing in popularity in favor of simpler and quicker social engineering attacks.
“[A]ll of those methods are a lot harder to pull off than simply tricking someone and stealing their credentials or guessing their passwords using brute force, or password spraying”.
Given the sheer scale of attacks that attackers can launch using AI, it is almost inevitable that some end users will have their identity compromised, according to Security chief revenue officer Emma Carpenter.
Speaking at a session on Cisco’s approach to identity attacks, Carpenter says “people will click on these things and then we have to be able to provide a level of security after that point as well”. “That’s why I think identity assessment becomes really important and powerful for our partners and customers to have a view of what’s going on in their network.”
Patel says the answer lies in integrating AI security tools across the IT estate to monitor all users and endpoints. This was the crux of Patel’s announcement in the event’s opening keynote, namely that Cisco is integrating AI throughout the Cisco Security Cloud platform.
As part of Cisco’s quest to extend AI across its security portfolio, Patel sets out three categories: assist, augment, and automate. The predictive power of AI, referred to by Patel, falls under the umbrella of ‘augment’, where models can enhance the insights of security professionals with AI-powered detection.
Extended detection and response (XDR) systems can do exactly this by monitoring data moving across email, web, and network domains and identifying patterns and potential attacks. AI integration means this system works at scale across the entire IT estate, picking up potential threats humans may miss by looking at individual domains in isolation.
The ‘assist’ element of Cisco’s vision for AI-enabled security refers to its goal to provide an AI assistant to every IT professional managing security infrastructure, which can provide them with useful insights and advice on security practices.
Patel demonstrated how AI assistants can support security professionals with an example of the Cisco AI Assistant for Security summarizing the firewall policies controlling a specific application and generating a relevant rule to restrict access to this application. The assistant is also able to analyze every firewall policy in place and notify security professionals about duplicate or redundant rules
Speaking to ITPro, CTO of Cisco Networking Michael Beesley says the long-term goal here is to have firewalling in place at each node on a corporate network, with AI-powered administration tools in place to manage this system efficiently.
“Our vision, what we are working towards, is having the security function or the firewalling function distributed to every component of the network, and then sophisticated management tools to allow the computation and distribution of the distributed firewall rule set.”
AI-enhanced compute could provide unprecedented network protection
The potential for AI to revitalize cyber security doesn't stop with identity controls. Tom Gillis, SVP and GM of the Cisco Security Business Unit, says the extra computing power AI tools can provide could open up opportunities for even more granular network monitoring systems, giving businesses a better understanding of what is happening on their network.
Gillis acknowledges AI can enhance social engineering attacks but explained users were falling for these before the step change in sophistication, with phishing emails littered with spelling mistakes still deceiving users on occasion.
The challenge for businesses, according to Gillis, is learning how they can stop attackers from moving laterally once they have gained access to a business’ network. “Zero trust says assume the attackers have penetrated the endpoint’. Then the name of the game is, how do you identify and stop lateral movement?”
With attackers increasingly using legitimate credentials and entering through the ‘front door’, businesses won’t be able to rely on their EDR systems to keep them safe. A more comprehensive way of monitoring who is doing what on your network will be required and Cisco is betting that AI can help here.
“But if you can actually see every single entity and what the packets on the wire and correlate it to what the initiation was on the endpoint, that’s amazing”.
How chief AI officers can streamline strategy from the boardroom down
Cisco has targeted this in the past with NetFlow, the company’s network monitoring solution. But Gillis admits that until now, the computing power required has been too great to provide a comprehensive overview of network flow and volume.
“We’re off by like two orders of magnitude to be able to do that kind of stuff. But now, with processing like AI coupled with advances in silicon, we can actually do this on the devices and see and understand the packets and interpret them at the application layer.”
Across all these areas, it's clear that AI can offer a clear improvement to existing systems. If properly integrated, these tools can help teams to tackle the next-generation threats they face in the latest evolution of the cat-and-mouse game security experts have been fighting since the earliest days of cyber security.
