Fighting Fire with Fire- Leveraging AI in cybersecurity.pdf

《Fighting Fire with Fire- Leveraging AI in cybersecurity.pdf》由會員分享，可在線閱讀，更多相關《Fighting Fire with Fire- Leveraging AI in cybersecurity.pdf（21頁珍藏版）》請在三個皮匠報告上搜索。

1、PRESENTED BYHarnessing AI for End-to-End Cloud Security:From Development to RuntimeNayeem IslamVP Product Management Cloud SecurityDe-risk Your Business As cloud adoption accelerates3Leading causes cloud breachesVulnerabilities,Misconfigurations,and Malware70%of Log4Shell vulnerabilities have still

2、not been fixed,since last 2 yearsCIS benchmarks controls across major CSPs are not meet 50%of the time on averageCrypto mining malware is a growing threatCIS=Center for Internet Security;CSP=Cloud Service Provider;AWS=Amazon Web Services;GCP=Google Cloud PlatformSource:Qualys TruRisk 2023 Cloud Insi

3、ghts ReportMost Misconfigured Controls Across Major CSP34%57%60%0%10%20%30%40%50%60%70%AWSAzureGoogle cloudFigure 1:Average Failure Rates for AWS,Azure,and GCP for CIS BenchmarksAverage Failing RateHigh Unpatched Rate69.97%30.03%PatchedUnpatched136 DaysAverage Remediation Time of Log4Shell4Misconfig

4、urations And Vulnerabilities Are ImportantCheck for misconfigurations,like assets exposed to the internet and secrets that should be protectedMake sure best practices are followedGet an understanding of the extent of vulnerabilities and their criticalityRemediate based on prioritiesDe-risk Your Busi

5、nessYou cant effectively measure riskin the cloud without detecting threats6DETECTION BARRIERUnauthorized activitiesMalwareCrypto MiningSuspicion CommunicationBeacon activityMeasuring risk the wrong way,can lead to breachesVulnerability High RiskVulnerability High RiskVulnerability High RiskVulnerab

6、ility High RiskUnauthorized activitiesMalwareCrypto MiningSuspicion CommunicationBeacon activityUnauthorized activitiesMalwareCrypto MiningSuspicion CommunicationBeacon activityUnauthorized activitiesMalwareCrypto MiningSuspicion CommunicationBeacon activity7Threats are hard to detectMillion new mal

7、waresamples created everyday.Automated techniques becoming more commonSignature-baseddetection is too lateSandboxes being evaded and take timeto produce resultsThreat Intelligence needs to be constantly updated for real-time detection8Traditional signature-based techniques cannot detect at cloud spe

8、edAlmost 12-24 hours(best case,sometimes days,weeks)before the results of a sandbox analysis are transformed into a signature and downloaded onto a security deviceMalware DetectionKnown Threat SignaturesMalware sandboxExecute unknown files in isolated environmentDynamic analysis ClassifyHuman threat

9、 researcher analysisCreate signatureTest signatureSignature addedfor next“update”De-risk Your BusinessGenerative AI will accelerate number and sophistication of attacks10Automated attacks acceleratePhishing AttacksLLMs generate convincing emails mimicking trusted sources to trick users into divulgin

10、g sensitive information.Social EngineeringLLMs assist attackers in crafting persuasive messages,social media posts,or chat interactions to manipulate targets.Malware CreationLLMs aid in generating code snippets,camouflage techniques,or obfuscation methods to create sophisticated malware.Automated Vu

11、lnerability ExploitationLLMs automate the process of identifying and exploiting vulnerabilities in software or networks.De-risk Your BusinessYou cant effectively detect threats in the cloud without AI12Applying Deep Learning AI to Cloud SecurityDetects known and unknown threatswith 99%+accuracyDetec

12、ts threats in millisecondsSelf learned,less manual interventionsNo signatures,reduced operational overhead13Cloud Environments are Difficult to ProtectPLANRELEASEShift LeftShift RightDe-risk Your BusinessAI will be used extensively for defense15AI Detection must be end to end-from build to runtimePL

13、ANRELEASEAI Container Registry ScanningAI Runtime ProtectionAI Container Registry ScanningMalwareAI Runtime ProtectionMalwareUnauthorized communicationsSuspicious communicationsCryptominingC2C(Beaconing)16Container Security Detects Malware VariantsHash 1:Hash 2:Hash 3:IndicatorDescriptionSeveritySys

14、tem Information DiscoveryUpdateProcessPersistanceonlogonUpdate Service information to persist the process across logon InformativeUpdateProcessPersistanceonbootUpdate Service information to persist the process across boot Informative Virtualization/Sandbox EvasionProcessDisableVMEEnvDetect VME to di

15、sablecore functionInformativeDifferent Hash,Similar behavior 44c0774f53ab5071ee2969c5e44df56b13f5047e3fca6108375e6055998b86f2cd8ad31e1d760b4f79eb1c3d5ff15770eb88fa1c576c02775ec659ff872c1bf7ad8d1b28405d9aebae6f42db1a09daec471bf342e9e0a10ab4e0a258a7fa8713MalwareMalware17Detect Stealthy Beaconing Attac

16、ks18What the future holdsMore and more automation in attacksGenerative AI will change the gameHowever the good news is thatGenerative AI will be used extensively in defenseThreat Detection,SOAR,Remediation and moreMany areas will be automated and improved20To learn more about how AI can help you protect your CloudBook a meeting with my teamDe-risk Your BusinessThank You