Artificial intelligence (AI) has become a fundamental component of modern society, reshaping everything from daily tasks to complex sectors such as healthcare and global communications. As AI technology progresses, the intricacy of neural networks increases, creating a substantial need for more computational power and energy. This…
Edge 392: Meet RAFT: UC Berkeley’s New Method to Improve RAG Patterns in LLMs
The method brings the best of RAG and supervised fine tuning….
AI, CVEs and Swiss cheese – CyberTalk
By Grant Asplund, Cyber Security Evangelist, Check Point. For more than 25 years, Grant Asplund has been sharing his insights into how businesses can best protect themselves from sophisticated cyber attacks in an increasingly complex world.
Grant was Check Point first worldwide evangelist from 1998 to 2002 and returned to Check Point with the acquisition of Dome9. Grant’s wide range of cyber security experience informs his talks, as he has served in diverse roles, ranging from sales, to marketing, to business development, and to senior management for Dome 9, Blue Coat Systems, Neustar, and Altor Networks. As CEO of MetaInfo, he led its acquisition by Neustar. Grant is the host of the CISO Secrets podcast (cp.buzzsprout.com) and the Talking Cloud Podcast (talkingcloud.podbean.com) on cloud security.
EXECUTIVE SUMMARY:
AI, AI, OH!
If you’ve attended a cyber security conference in the past several months, you know the topic of artificial intelligence is in just about every vendor presentation. And I suspect, we’re going to hear a lot more about it in the coming months and years.
Our lives are certainly going to change due to AI. I’m not sure if any of us really appreciates what it will be like to have an assistant that knows everything that the internet knows.
Unfortunately, not everyone will be utilizing these AI assistants for good. Additionally, the profound impact from employing AI will be just as significant for the nefarious as for the well-intended.
Consider what’s right around the corner…
Hackers often begin their social engineering schemes by directing their AI assistants (and custom bots) to conduct reconnaissance on their target.
The first phase is to gather intelligence and information about the target. Using any and every means available, they will determine what general technology products and which security products are being used and the current versions in-use. This phase might last weeks or months.
Once gathered, the hacker will utilize AI to correlate the products and versions in-use with the known CVE’s issued for the same versions of products, and clearly identify the exploitable path(s).
200,000 known CVEs
And odds are on the hackers’ side. According to the National Vulnerability Database, there are currently over 200,000 known CVEs. Fifty percent of vulnerability exploits occur within 2-4 weeks of a patch being released, while the average time for an enterprise to respond to a critical vulnerability is 120 days.
All of this leads me to ask: When selecting a security vendor and security products, why don’t more companies ask the vendor how many CVEs have been released concerning the products being purchased?
After all, these ‘security’ products are being purchased to secure valuable business assets! Some vendors’ products have more holes than Swiss cheese!
Comprehensive, consolidated and collaborative
Of course, I’m not suggesting an organization usurp their rigorous assessment, evaluation, and selection process when choosing their security vendors and products, basing the decision solely on the number of CVEs; especially considering that today’s computing environments and overall digital footprints are vastly more complex than ever before and they continue to expand.
What I am suggesting is that now, more than ever, organizations need to step back and re-assess their overall security platform. Due to the increased complexity and ever-increasing number of point solutions, companies must consider deploying a comprehensive, consolidated, and highly collaborative security platform.
Reducing CVEs and Swiss cheese
Once your organization has identified the possible vendors who can help consolidate your security stack, be sure and check how many HIGH or CRITICAL CVE’s have been released in the last few years on the products you’re considering. And check on how long it took to fix them.
By consolidating your stack, you will reduce complexity. By eliminating the ‘Swiss cheese’ products in your security stack, you will eliminate the gaps most likely to be exploited in the future by artificial intelligence.
For information about cyber security products powered by AI, click here. To receive compelling cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.
Amazon Reports Record Q1 2024 Earnings and Launches Amazon Q Assistant
Amazon has once again surpassed expectations with its Q1 2024 earnings report. The company posted record-breaking revenue and net income figures, highlighting its continued dominance in the tech industry. Alongside the impressive financial results, Amazon also unveiled its latest innovation, Amazon Q, their generative AI assistant…
Coalition of news publishers sue Microsoft and OpenAI
A coalition of major news publishers has filed a lawsuit against Microsoft and OpenAI, accusing the tech giants of unlawfully using copyrighted articles to train their generative AI models without permission or payment. First reported by The Verge, the group of eight publications owned by Alden…
Jaret Chiles, Chief Services Officer, DoiT – Interview Series
Jaret Chiles is the chief services officer (CSO) of DoiT and is responsible for all aspects of their client services organization. With 25+ years of experience across consulting and managed services, cloud adoption, technical sales, security and compliance, he is instrumental in building out a key…
Inside Microsoft’s Phi-3 Mini: A Lightweight AI Model Punching Above Its Weight
Microsoft has recently unveiled its latest lightweight language model called Phi-3 Mini, kickstarting a trio of compact AI models that are designed to deliver state-of-the-art performance while being small enough to run efficiently on devices with limited computing resources. At just 3.8 billion parameters, Phi-3 Mini…
How to Hire – and When to Fire – a Chief AI Officer
Generative AI is quickly becoming part of corporate agendas worldwide. Nevertheless, most organizations are still struggling to get their GenAI operations up and running. A recent Accenture survey revealed that only 27% of executives are in a position to scale such capabilities. Indeed, more than 70% are still at square…
How AI can benefit zero trust – CyberTalk
EXECUTIVE SUMMARY:
The zero trust framework is a cornerstone of modern cyber security threat prevention and defense architectures. At its core, zero trust calls for continuous verification of every request and transaction within a network — regardless of source or destination.
As cyber threats take on new characteristics, some organizations are looking to artificial intelligence in order to support the efficacy of zero trust implementations.
In this article, we’ll explore how AI can enhance zero trust initiatives. In particular, we’ll dive into how AI can render zero trust more capable and competent, providing practical insights that your organization can put into action.
How AI can complement zero trust
1. Adaptive access controls. Within zero trust, AI may be able to shift security from a more static operation to one that’s particularly dynamic and adaptive.
AI-powered zero trust access controls can flexibly modify and customize permissions based on immediate evaluations of users. The AI can intelligently ascertain whether to authorize or restrict users by reviewing contextual factors, such as user location, device status and behavioral trends.
In turn, this ensures that zero trust is continuously enforced, while simultaneously reducing administrative burdens and human error rates.
2. Privileged access management. With the integration of AI, privileged access management becomes more vigilant and effective. Employing AI-powered monitoring means that organizations can better enforce strict access controls and granular permissions – core tenants of the zero trust framework.
3. Advanced analytics. AI-based tools can aggregate and analyze information from a wide breadth of sources at near-lightning speed. In turn, CISOs can identify anomalous behavior at an expedited rate, leading to faster detection and mitigation of potential security breaches within the zero trust architecture.
4. Automated incident response. In a zero trust environment, where every access request is carefully reviewed, but the margin for error is non-zero, in the event that an incident manifests, AI can assist with incident response.
Further details
As time wears on, organizations are highly likely to integrate AI into zero trust architectures in a range of different ways. Exactly how remains to be seen, of course.
Nonetheless, even at this nascent stage, organizations can leverage AI within the zero trust framework to achieve a more dynamic, intelligent, and ultimately, more secure IT environment.
For further insights into artificial intelligence and cyber security, please see CyberTalk.org’s past coverage. For information about GenAI and zero trust, please click here.
Lastly, to receive timely cyber insights, informative interviews, recent research and easy-to-understand analyses each week, please subscribe to the CyberTalk.org newsletter.
5 Best AI Apps for Couples (April 2024)
In the age of artificial intelligence, couples are discovering innovative ways to strengthen their relationships and foster deeper connections. From AI-powered dating apps that prioritize compatibility to virtual relationship coaches offering personalized guidance, technology is changing the way couples navigate the complexities of love and partnership….