Use AI to establish normal in abnormal times
Is AI the security solution cloud workloads need?
The last 11 months saw thousands of companies shift to or deepen their existing commitment to the cloud, but the solid business case isn't always reflected in a stronger security posture. At Computing's recent Deskflix event on hybrid and multi cloud, Darktrace's Nabil Zoldjalali revealed that more than half of security professionals find it more difficult to protect a cloud environment.
Microsoft CEO Satya Nadella famously said, "We've seen two years' worth of digital transformation in two months" last April. Through the course of the pandemic, there was a 58 million seat increase for Microsoft 365, and apps like Microsoft Teams, Zoom and Google Meet saw massive spikes in usage. As many as 90 per cent of companies use the cloud today, and Darktrace expects cloud data centres to process 94 per cent of workloads this year.
This transformation has been great for some departments, but has raised complexity and added new challenges to others - especially security staff.
Moving to remote work has made the ‘perimeter' a thing of the past. A jump in devices and apps used - not all of them approved by business leaders - mean that IT staff find it difficult to gain visibility of an IT estate.
"How do you protect a business when approaches are constantly changing and evolving?" asked Zoldjalali "Especially when you can't really put a finger on what your business currently looks like?" The long-accepted approach to security of searching for known malicious behaviours crumbles in this environment.
The idea of point solutions is outdated, and IT leaders should be looking for systems that can establish what normal looks like for themselves - without human intervention, and with contextualisation; judging actions based on the time of day or location are clearly inappropriate today, for example.
Darktrace's Enterprise Immune System is modelled on the human body's own immune system, and applying this type of approach to business "has never been more valuable."
"When we are born, we don't know what every strand of influenza looks like - but our immune system knows our bodies perfectly, and can detect and get rid of anything that doesn't belong there," said Zoldjalali.
The next step after detection is response, but it is no longer enough to rely on humans for that. Self-learning AI systems with autonomous response mechanisms are "allowing companies to embrace digital transformation and enhance their entire IT estate." These tools are "game-changers" that allow security teams to stay ahead of the rising threats facing their organisation.
Click here to view Delta's research on AI-enhanced security tools
Zoldjalali gave an example of a Darktrace customer in the insurance sector, which fell victim to an accidental insider threat. A DevOps engineer was attempting to build a parallel backup system in AWS. They followed all the best practices and their technical implementation was perfect - but they'd set the system to pull data every day, rather than once a month. The result was massive data exfiltration from AWS to the company's own servers, which could have cost the firm millions of dollars. Darktrace's Cyber AI Analyst detected the issue in real time.
Having tools like this, which combine human expertise with the speed and scale of AI, can massively lower triage time: Zoldjalali claimed a figure of 92 per cent. Solutions like these are becoming increasingly necessary as cloud usage spreads, he said.
Like this article? Register now for our next Deskflix events: Financial Services on the 3rd March and our annual IT Leaders Summit on the 24th March.