At RSA 2018, TruSTAR co-founder Patrick Coughlin had the opportunity to moderate a series of panels in partnership with The Wall Street Journal and Highwire PR. We sat down with some of the industry’s most interesting leaders in cybersecurity to discuss latest cybersecurity challenges their teams are working to solve. This is part 5 of a 5-part series highlighting these discussions.
As malware and other attacks continue to infect corporations, companies have begun utilizing artificial intelligence and machine learning to protect themselves, yet a new trend is emerging. Disclosing and sharing vulnerabilities is a main combating technique this panel discussed.
This star panel features Karl Sigler, Threat Intelligence Manager at Trustwave, Justin Fier, Director for Cyber Intelligence and Analysis at Darktrace, Casey Ellis, founder and CTO of Bugcrowd, and Filip Chytry, Threat Intelligence Director at Avast.
The following is an excerpt from this conversation. Full video below
Patrick Coughlin, TruSTAR: How do you see the bad guys using artificial intelligence and machine learning and how is it changing?
Justin Fier, Darktrace: Machine learning can be used many ways. For example, it was used to weaponize data in the Equifax breach. We have seen subtle signs of malware just sitting there and watching your every move. It would be foolish to think attackers aren’t using artificial intelligence and machine learning. It’s a matter of time until they outpace us.
Patrick Coughlin, TruSTAR: Which defense strategies are working and which aren't?
Karl Sigler, Trustwave: Organizations are seeing the importance of entering exchanges and partnerships. Every organization has a microscopic view of the security ecosystem as a whole. Once you start sharing with other organizations and see what they’re sharing, suddenly your perception changes: How you prioritize, what controls you put in place, etc.
Filip Chytry, Avast: If you have a chance to see all the inputs, it helps you identify larger trends. We have 400M users, so we can see everything going on. But if you’re a smaller company you’re relying on aggregate data, aggregate sources, and threat intelligence to identify correlations and protect your users. You’re dependent on collecting data from elsewhere.
Casey Ellis, Bugcrowd: There’s a threat in trend vulnerability disclosure. Let’s learn from that, share it, and as a corporate get better at acting on it as a result.
Patrick Coughlin, TruSTAR: It’s a double edged sword. Now organizations that want to be doing it are talking about artificial intelligence but not patching their systems.