true
Blog TruSTAR Industry Talks: The Evolution of the Modern Cybercriminal with Akamai and BitDiscovery

TruSTAR Industry Talks: The Evolution of the Modern Cybercriminal with Akamai and BitDiscovery

At RSA 2018, TruSTAR co-founder Patrick Coughlin had the opportunity to moderate a series of panels in partnership with The Wall Street Journal and Highwire PR. This is Part 2 of a 5-Part series highlighting various cybersecurity topics.

One frustrating constant in the digital world is that cybersecurity criminals always seem to be one step ahead. Security analysts must constantly keep track of the latest TTPs and close the gap between defense and offense. How we spend corporate cash to defend ourselves must be strategic as well.

TruSTAR invited security leaders Dave Lewis, Global Security Advocate at Akamai, and Jeremiah Grossman, CEO of BitDiscovery to discuss.

The following is an excerpt from this conversation. Full video below.

Patrick Coughlin, TruSTAR: Are you seeing the bad guys using artificial intelligence (AI) or machine learning (ML) to execute attacks? How are we utilizing AI and ML to stop this?

Jeremiah Grossman, BitDiscovery: Bad guys don’t need ML because the hacking is easy. The number of systems an adversary can compromise is vast. The last Verizon report I read stated most cyber criminals are using exploits from about 1.5 years ago. AI and ML are more of an advantage on the defense side. New data inflows aren’t easily handled, and hiring more people isn’t always viable, so we have to leverage ML.

Dave Lewis, Akamai: Attackers don’t need to use artificial intelligence. The amount of security data we have accumulated as defenders is daunting. Criminals are not going to burn a zero-day when they could remotely mount a driver remotely and be in your network.

Jeremiah Grossman, BitDiscovery: This raises two budgetary problems. The first budgetary problem is on the defense side where we’re spending $81-90 billion for everyone to get hacked and there’s no efficacy. Money is spent on the wrong things. We see the compliance and chase it, but compliance doesn’t equal security. The second budgetary problem that we don’t talk about is how much the bad guys need to spend to counteract our work. If we spend $1M on defense, how much will he spend? Probably $1,000.

Patrick Coughlin, TruSTAR: How do we close the spending gap between defense and offense?

Jeremiah Grossman, BitDiscovery: You want an adversary tripped up in their kill chain. If the adversary will need to spend a week of time to get in, they’re gonna go somewhere else. We don’t have to make our systems bulletproof, we just have to make it tough enough so they’ll go somewhere else. It boils down to being just a little better than the others.

 

 

TruSTAR Industry Talks: Scoping Out the Security Space with Darktrace, Trustwave, Bugcrowd and Avast At RSA 2018, TruSTAR co-founder Patrick Coughlin had the opportunity to moderate a series of panels in partnership with The Wall Street Journal and ... Read More
CryptoLocker Deep-Dive: Our Manifesto for Why We Use Bitcoin Addresses as an IOC Follow the Money: Tracking Adversaries Through the Blockchain WhiteRabbit is an open source research tool we're debuting at Black Hat and DEF CON ... Read More
TruSTAR Industry Talks: State of the Current Threat Landscape with Endgame, Cyber Threat Alliance and Veracode At RSA 2018, TruSTAR co-founder Patrick Coughlin had the opportunity to moderate a series of panels in partnership with The Wall Street Journal and ... Read More
TruSTAR Industry Talks: Securing Digital Transformation with Qualys At RSA 2018, TruSTAR co-founder Patrick Coughlin had the opportunity to moderate a series of panels in partnership with The Wall Street Journal and ... Read More