Blog TruSTAR Industry Talks: The Evolution of the Modern Cybercriminal with Akamai and BitDiscovery

TruSTAR Industry Talks: The Evolution of the Modern Cybercriminal with Akamai and BitDiscovery

At RSA 2018, TruSTAR co-founder Patrick Coughlin had the opportunity to moderate a series of panels in partnership with The Wall Street Journal and Highwire PR. This is Part 2 of a 5-Part series highlighting various cybersecurity topics.

One frustrating constant in the digital world is that cybersecurity criminals always seem to be one step ahead. Security analysts must constantly keep track of the latest TTPs and close the gap between defense and offense. How we spend corporate cash to defend ourselves must be strategic as well.

TruSTAR invited security leaders Dave Lewis, Global Security Advocate at Akamai, and Jeremiah Grossman, CEO of BitDiscovery to discuss.

The following is an excerpt from this conversation. Full video below.

Patrick Coughlin, TruSTAR: Are you seeing the bad guys using artificial intelligence (AI) or machine learning (ML) to execute attacks? How are we utilizing AI and ML to stop this?

Jeremiah Grossman, BitDiscovery: Bad guys don’t need ML because the hacking is easy. The number of systems an adversary can compromise is vast. The last Verizon report I read stated most cyber criminals are using exploits from about 1.5 years ago. AI and ML are more of an advantage on the defense side. New data inflows aren’t easily handled, and hiring more people isn’t always viable, so we have to leverage ML.

Dave Lewis, Akamai: Attackers don’t need to use artificial intelligence. The amount of security data we have accumulated as defenders is daunting. Criminals are not going to burn a zero-day when they could remotely mount a driver remotely and be in your network.

Jeremiah Grossman, BitDiscovery: This raises two budgetary problems. The first budgetary problem is on the defense side where we’re spending $81-90 billion for everyone to get hacked and there’s no efficacy. Money is spent on the wrong things. We see the compliance and chase it, but compliance doesn’t equal security. The second budgetary problem that we don’t talk about is how much the bad guys need to spend to counteract our work. If we spend $1M on defense, how much will he spend? Probably $1,000.

Patrick Coughlin, TruSTAR: How do we close the spending gap between defense and offense?

Jeremiah Grossman, BitDiscovery: You want an adversary tripped up in their kill chain. If the adversary will need to spend a week of time to get in, they’re gonna go somewhere else. We don’t have to make our systems bulletproof, we just have to make it tough enough so they’ll go somewhere else. It boils down to being just a little better than the others.



Why Automated Data Workflows are a Foundational Capability for Enterprise SOCs SOAR technologies and the adoption of orchestration have fundamentally changed the way we think about cybersecurity, and we’re all better for it. ... Read More
Black Hat 2019 Recap: Strategies for Understanding Your Attacker   Read More
CSA Security Update Podcast: TruSTAR CEO Paul Kurtz on the Value of Information Sharing on Threat Intelligence   TruSTAR’s CEO and co-founder Paul Kurtz recently appeared on Cloud Security Alliance’s podcast, CSA Security Update, and sat down with podcast host ... Read More
TruSTAR Sits Down With the Shape Security's Director of Engineering to Discuss Fraud & Account Takeover Trends The TruSTAR team recently had the opportunity to sit down with Jarrod Overson, the Director of Engineering at Shape Security. Jarrod, an expert in ... Read More