Black Hat 2024: Hybrid Enterprise Means a Large, Single Attack Surface

The "hybrid enterprise" consists of both cloud-based and on-premises IT resources, including security, says Mark Wojtasiak, VP of research and strategy at Vectra AI, during his appearance at the Dark Reading News Desk at Black Hat USA. And that means a vastly broader set of resources to manage and defend, Wojtasiak adds. It also translates to a single attack surface to monitor and protect, which further complicates things when attackers and defenders are both using AI, he says. And for the longest time, customers have had to buy security for the cloud and again for the premises. "So I have good control from my endpoints. I have identity. But I also need to buy visibility, and visibility control," Wojtasiak says. "We see these things as siloed, individual attack surfaces, but an attacker just sees one giant attack surface. It's not all stitched together, so that makes it really challenging from a defender perspective."

Attackers, especially those using AI tools, have the advantage of speed, once they've found a way into a cloud network. They get the identity, and they're going to use it to start leveraging GenAI to discover where assets exist, and what privileged accounts they might escalate to the cloud," Wojtasiak says. "And they're doing that extremely fast." His advice for defenders? Take a hard look at your threat detection and investigation response programs. Check your SIEM for incoming data and whether there's any latency associated with it. AI can be used to help mitigate that latency, Wojtasiak adds.

Mark ("Woj") Wojtasiak is VP of research and strategy at Vectra AI. With 27 years of experience in IT and security, Woj has a passion for security practitioners, buying trends, and products.