Your Security Is The Key To Our Success!

AI Matters: Hammers & Nails

toolsoftrade

Ever heard the old adage, “When all you have is a hammer, every problem looks like a nail.”? It pops into my head every time I have a conversation about using AI (the hammer) to solve “Wicked” problems (the nails) in Cyber Operations. Don’t get me wrong, I am stoked by the potential of (Generative) AI. The buzz is contagious. In some ways it feels like we are living in a modern Renaissance. A fountainhead of creativity, experimentation and insight, if you will. However, I am also a weathered practitioner and aspiring curmudgeon, who knows there is no such thing as a silver bullet. Responsible AI is not easy or cheap. Full Stop!

Shouts out to
Chris Roberts, as this post was inspired by a conversation we had and this line from his recent LinkedIn post positing: “Do we need A.I. to solve our problem? If so, why?”

To that end, I’ve compiled a short list of observations and possible approaches you should consider when determining if using AI will actually solve a problem a create new problems to solve.

1.
Inertia and status quo - In my experience, most organizations struggle with the fundamentals. Once they find a path that “works”, they resist change because its “good enough” #statusquo. This is sad because it means people lose their ability to imagine the world of possibilities, by building a perceptual blind spot for seeing alternatives. Improving the fundamentals is always a good thing. Incremental changes are often more valuable than “big bang” projects or transformations that take months or years to complete. Optimizing existing workflows as a normal practice can yield more benefit/value at higher frequencies. However, you must proceed with caution, as the way to fail at scale is to automate a broken business process. Please don’t make that mistake.

2.
It Takes a Village – The key to creating a pipeline of cyber operations optimization candidates [aka Innovations] is to understand the “Wicked Problem” you are trying to solve. I mean really understand it. You should be able to explain it to a 12-year-old or an executive in a suit ;) If you need to role play that conversation this would be a good time to confer with your favorite chat bot. [Insert Phun Prompt Here: “Explain to me as if I am a 12-year-old, why passwords are important but not executive friendly?”]. Next, you will need to identify your core stakeholder community. 3-5 stakeholders will typically give you the perspectives needed to find critical mass and more importantly governance & resourcing support. Finally, you need to understand what motivates your key stakeholders, what they value and how they are graded. Ensure your Innovation candidate selection criteria and KPI’s resonate with your stakeholders and your stories are tailored to them. Make it real to them when describing the possibilities of a new approach. Be disciplined and ruthless, once selection criteria are agreed. Move quickly with purpose. Don’t get distracted with “bright shiny things” that do NOT align with your selection criteria. Each use case should tell a story that appeals to at least 75% of your stakeholder community. Less than that and inertia will make it too hard to realize value in a timely manner. Move on from candidates that do not make the cut, without regret as there should be a continuous pipeline of other opportunities to be reviewed.

3.
Latent Capabilities – Take the easy wins first! – Once you have a vetted pipeline of innovation candidates, it’s time to determine if you can extract incremental value using the AI features or embedded capabilities already in place. This is most easily accomplished by reading the tin and looking for key words like BIG DATA, Behavioral Analysis, Machine Learning, Neural Network, LLM or (Generative) AI. It’s very likely you have been using AI-enabled tools already. If so, how are they performing? If they are available but you aren’t using them, why not? Of course, if capabilities were available and you weren’t aware of them or there are commercial considerations, then we need to quickly determine what level of effort is needed to implement. If it doesn’t pass the sniff test move on to the next candidate. Leverage your suppliers to educate but temper their claims with real world testing and assessment.

What next? Look for opportunities to integrate, optimize and automate at scale for operational improvement, which could include AI force multipliers such as Security Co-Pilots, organizationally aware GPT agents or automated Hackbots. We will look at these use cases in future blogs.

So, do we need an AI to solve our “wicked” problem? The simple answer is probably not. However, there are “Wicked” problems that AI can address and you should be looking for those opportunities too. Because AI Matters. Stay tuned.

Day-Con XVII: Summit Notes

cfys
Once again, neighbors came together to discuss wicked problems and how the community could & should address them. The 17th annual event's tag line is "Chlorine for your soul!". Check out the summit notes HERE to learn more.

Future Shock: The Future of Fraud Today

pointoforigin
Below is the abstract and link to the referenced material, including the presentation, from the Taste of IT on Nov 8, 2023. This is the first release in the Future Shock series. [FYI: Mo was unable to attend so I presented his slides]. Enjoy!


"The presenters will discuss the evolution of Organizational Identity Fraud and the abuse of organizational identity assets from the beginning of the World Wide Web to its current incarnation. They will assess the state of organizational identity asset protection programs and answer the question “Are organizations prepared for the world of software defined everything, nation state threat actors and coexisting with the Internet of Dangerous Things?”

The presentation will update the definition of Corporate Identity Assets and introduce relevant, novel, and forward-thinking threat catalog items associated with Organizational Identity Fraud. The presenters will articulate control affinities and practical life-cycle management practices for consideration, positing how transformational trends in mobility, computing and social media conspire to make organizations more vulnerable, while demonstrating how marketing, security and operations can join forces to turn the tables on their adversaries by becoming “hard targets”.

Building on prior work published in 2006 (
https://www.sans.org/reading-room/whitepapers/engineering/corporate-identity-fraud-life-cycle-management-corporate-identity-assets-1650 ) and 2021 https://www.sans.org/white-papers/corporate-identity-fraud-ii-future-fraud-today/ ) the presenters will share new research & insight that demonstrate multi-domain mayhem caused by abusing organizational identity assets and exploiting (hidden) dependencies! Further, they will share their methodology, findings, and novel & emerging threat catalog items (aka relevant use cases).

Presentation Link
HERE

Innovation Matters: Invisibility Cloak

toolsoftrade
“Wicked” Business Problem:
The simple act of connecting a device to a network (wired or wireless) exposes (high-value) it to more risk.                                
Innovative Approach:
Provide dynamic connectivity protection and resource sharing, in hostile environments, with no externally visible attack surface.
  
Vetted Solution:
BYOS’ human friendly approach uses a physical dongle to effectively “Cloak” personal computing devices, rendering them invisible and allowing them to connect with confidence.
 
Call To Action:
If you are interested in learning more dm me on LinkedIn or check them out @ BYOS [ Tell them Bryan sent you ;) ]

Innovation Matters: Ransomware "Kill Switch"

radicalthinking

“Wicked” Business Problem:

Organizations running flat networks are especially vulnerable to high-impact attacks that rely on lateral movement like ransomware.
                               
Innovative Approach:
The ability to move from a flat network to a layer-3 isolated (micro-segmentation) network (IT/OT) in a matter of hours with NO downtime or 3
rd party agent software.
 
Vetted Solution:
Airgap’s elegant approach is truly innovative and worthy of consideration. Using DHCP to build a layer-3 overlay network, they can transform a legacy network into a virtual Purdue compliant environment. Prebuilt logic provides the ability to prevent ransomware propagation and introduces a “kill switch”, which can be activated in the case of a ransomware outbreak.
 
Call To Action:
Educate yourself on
Airgap's innovative approach to layer-3 isolation and segmentation.