At RSA 2018, TruSTAR co-founder Patrick Coughlin had the opportunity to moderate a series of panels in partnership with The Wall Street Journal and Highwire PR. This is Part 2 of a 5-Part series highlighting various cybersecurity topics.
One frustrating constant in the digital world is that cybersecurity criminals always seem to be one step ahead. Security analysts must constantly keep track of the latest TTPs and close the gap between defense and offense. How we spend corporate cash to defend ourselves must be strategic as well.
The following is an excerpt from this conversation. Full video below.
Patrick Coughlin, TruSTAR: Are you seeing the bad guys using artificial intelligence (AI) or machine learning (ML) to execute attacks? How are we utilizing AI and ML to stop this?
Jeremiah Grossman, BitDiscovery: Bad guys don’t need ML because the hacking is easy. The number of systems an adversary can compromise is vast. The last Verizon report I read stated most cyber criminals are using exploits from about 1.5 years ago. AI and ML are more of an advantage on the defense side. New data inflows aren’t easily handled, and hiring more people isn’t always viable, so we have to leverage ML.
Dave Lewis, Akamai: Attackers don’t need to use artificial intelligence. The amount of security data we have accumulated as defenders is daunting. Criminals are not going to burn a zero-day when they could remotely mount a driver remotely and be in your network.
Jeremiah Grossman, BitDiscovery: This raises two budgetary problems. The first budgetary problem is on the defense side where we’re spending $81-90 billion for everyone to get hacked and there’s no efficacy. Money is spent on the wrong things. We see the compliance and chase it, but compliance doesn’t equal security. The second budgetary problem that we don’t talk about is how much the bad guys need to spend to counteract our work. If we spend $1M on defense, how much will he spend? Probably $1,000.
Patrick Coughlin, TruSTAR: How do we close the spending gap between defense and offense?
Jeremiah Grossman, BitDiscovery: You want an adversary tripped up in their kill chain. If the adversary will need to spend a week of time to get in, they’re gonna go somewhere else. We don’t have to make our systems bulletproof, we just have to make it tough enough so they’ll go somewhere else. It boils down to being just a little better than the others.