AI Gives Defenders the Advantage in Enterprise Defense

While using artificial intelligence (AI) for enterprise defense and against adversaries, who are also harnessing the technology's power, was front and center for law enforcement officials and security leaders at last week's International Conference on Cyber Security at Fordham University, it is not the only thing CISOs are paying attention to.

For example, when Yahoo CISO Sean Zadig was asked during a CISO panel about the three most vital issues on his agenda, he was emphatic about not including AI.

"I'm not going to say generative AI, mostly because it’s all I talk about and I am kind of sick of it," he said.

Like most organizations, much of the code that runs Yahoo's various websites consists of open source software, so addressing supply chain security is a top priority, according to Zadig. No. 2 on his list? Protecting Yahoo's online audiences from the broad array of threats by encouraging them to adopt technologies like multifactor authentication and passkeys. Zadig is also focused on ensuring business stakeholders and board members understand the implications of the ongoing global conflicts on critical infrastructure.

Authentication is also high on Google Cloud CISO Phil Venables' agenda.

"The good news is a large amount of people now in consumer services and enterprise services are able to move away from passwords onto stronger forms of authentication," he said. "That doesn't just make a small dent in the attacks challenging; it fills whole classes of attacks."

AI Is Still an Advantage

Of course, it is impossible to ignore AI's recent acceleration into the cybersecurity world, the CISOs said. Embracing it more in 2024 is a key priority, they agreed.

"I think it's hard not for security teams to be paying attention to AI," Venables said.

Although threat actors are harnessing AI to boost their attack capabilities, AI actually provides a bigger advantage to enterprise defenders, he added.

"While there are clearly going to be attackers using AI for various different types of attacks, we firmly believe the opportunity is for defenders to use it to outpace attackers, and I think that’s going to be seen more and more," Venables said.

AT&T CISO Rich Baich discussed how AI gives defenders the edge over attackers and how it helps CISOs deal with their biggest challenges, namely vulnerability management, the need for faster detection, and the ability to mitigate threats.

"You can suddenly create an avatar that [lets] you type a question in and say, 'How do I secure a router?' and it can go through all your policies and standards and spit that out and provide the end user the opportunities they need," Baich said. "AI is a great tool to bring all that analysis and put it in front of you."

Venables and Baich echoed what National Security Agency director of cybersecurity Rob Joyce said earlier at the conference about attackers using AI to find flaws in system architectures and software implementations to break into them and develop new types of malware, while defenders are using AI to discover those anomalies more effectively.

"Machine learning AI and big data helps defenders surface those activities [and] bring them to the fore because those attackers don't behave like the normal business operators on that critical infrastructure," Joyce said at the conference. "It [AI] is helping us see things, eliminate it [threats] as [malware and incidents] stand out from the norm," he said.

Even so, Baich does not think AI will replace people in the threat detection process.

"I'm still a fan of the human operator applying a patch," he said. "But all the work that goes behind that can be done through AI with analysis [and can] speed up our remediation and reduce the risks associated with it."