AI, CVEs and Swiss cheese – CyberTalk

By Grant Asplund, Cyber Security Evangelist, Check Point. For more than 25 years, Grant Asplund has been sharing his insights into how businesses can best protect themselves from sophisticated cyber attacks in an increasingly complex world.

Grant was Check Point first worldwide evangelist from 1998 to 2002 and returned to Check Point with the acquisition of Dome9. Grant’s wide range of cyber security experience informs his talks, as he has served in diverse roles, ranging from sales, to marketing, to business development, and to senior management for Dome 9, Blue Coat Systems, Neustar, and Altor Networks. As CEO of MetaInfo, he led its acquisition by Neustar. Grant is the host of the CISO Secrets podcast (cp.buzzsprout.com) and the Talking Cloud Podcast (talkingcloud.podbean.com) on cloud security.

EXECUTIVE SUMMARY:

AI, AI, OH!

If you’ve attended a cyber security conference in the past several months, you know the topic of artificial intelligence is in just about every vendor presentation. And I suspect, we’re going to hear a lot more about it in the coming months and years.

Our lives are certainly going to change due to AI. I’m not sure if any of us really appreciates what it will be like to have an assistant that knows everything that the internet knows.

Unfortunately, not everyone will be utilizing these AI assistants for good. Additionally, the profound impact from employing AI will be just as significant for the nefarious as for the well-intended.

Consider what’s right around the corner…

Hackers often begin their social engineering schemes by directing their AI assistants (and custom bots) to conduct reconnaissance on their target.

The first phase is to gather intelligence and information about the target. Using any and every means available, they will determine what general technology products and which security products are being used and the current versions in-use. This phase might last weeks or months.

Once gathered, the hacker will utilize AI to correlate the products and versions in-use with the known CVE’s issued for the same versions of products, and clearly identify the exploitable path(s).

200,000 known CVEs

And odds are on the hackers’ side. According to the National Vulnerability Database, there are currently over 200,000 known CVEs. Fifty percent of vulnerability exploits occur within 2-4 weeks of a patch being released, while the average time for an enterprise to respond to a critical vulnerability is 120 days.

All of this leads me to ask: When selecting a security vendor and security products, why don’t more companies ask the vendor how many CVEs have been released concerning the products being purchased?

After all, these ‘security’ products are being purchased to secure valuable business assets! Some vendors’ products have more holes than Swiss cheese!

Comprehensive, consolidated and collaborative

Of course, I’m not suggesting an organization usurp their rigorous assessment, evaluation, and selection process when choosing their security vendors and products, basing the decision solely on the number of CVEs; especially considering that today’s computing environments and overall digital footprints are vastly more complex than ever before and they continue to expand.

What I am suggesting is that now, more than ever, organizations need to step back and re-assess their overall security platform. Due to the increased complexity and ever-increasing number of point solutions, companies must consider deploying a comprehensive, consolidated, and highly collaborative security platform.

Reducing CVEs and Swiss cheese

Once your organization has identified the possible vendors who can help consolidate your security stack, be sure and check how many HIGH or CRITICAL CVE’s have been released in the last few years on the products you’re considering. And check on how long it took to fix them.

By consolidating your stack, you will reduce complexity. By eliminating the ‘Swiss cheese’ products in your security stack, you will eliminate the gaps most likely to be exploited in the future by artificial intelligence.

For information about cyber security products powered by AI, click here. To receive compelling cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.