For decades, cyber-attackers have had the upper hand. In an ever-changing security risk landscape, organized cybercriminals have leveraged information-sharing more to their benefit. 

But what could tip the scales in the other direction? What could give the defenders the much-needed advantage?

With cyber-attacks against businesses and governments escalating in frequency and severity, it is no longer enough for your organization to understand only your own defenses. You must be able to understand your cyber “enemy,” too.

Across the cybersecurity industry, there is an urgent need to make it harder for attackers to succeed. That’s where AI can help.

Step 1: Understand yourself

The first step in gaining the upper hand is to understand your infrastructure, vulnerabilities, and the obstacles you may face in ratcheting up defenses.

Organizations must have visibility into the entire spectrum of their digital assets continuously and in real-time. You cannot protect what you do not know. Without an end-to-end understanding of what is going on within your organization, you will not be able to identify when something is amiss.

But unfortunately, detection alone is not enough.

Historically, the cybersecurity industry has been reactive, only detecting threats it observed beforehand. When researchers and security professionals identify a new cyber-attack, an automated system issues a pre-programmed action, or a human operator runs a series of pre-planned playbooks to counter the attack step-by-step.

This process can take too long or miss parts of an attackers’ movements. Blanket response mechanisms also fail to react to and contain real-world attacks, which creative and determined threat actors are constantly tweaking and improving.

At a fundamental level, attackers want to exploit vulnerabilities. That’s why cyber-attackers have always had the upper hand because security teams have not seen many of these unnoticed cracks in advance. Attackers can identify novel paths, leveraging security gaps that organizations may not realize exist. They continue innovating, combining new methods to create novel approaches, and exposing dormant software vulnerabilities like Log4Shell.

Our adversaries are showing no signs of slowing down.

A small proportion of organizations currently conduct no adversarial assessment, meaning they do not actively look for vulnerabilities within their systems. Even those organizations with a mature and well-resourced blue team who complete adversarial assessments still often fall short of defending their critical assets from cyber-attack simulations by the red team.

An accomplished red team requires a qualified group of individuals with a honed skillset. The demand for such services is high, while proficient individuals are in short supply — this is true across the entire industry.

These exercises take time and other resources, meaning organizations often end up testing their defenses irregularly. And frequently, security teams focus on patching vulnerabilities and updating systems between these exercises, only to meet a new laundry list six months later.

Step 2: Understand your enemy 

The next step for defenders to gain the upper hand is to understand the enemy deeply: you need to comprehend the tactics, techniques, and procedures (TTPs) they will use. You cannot prevent future attacks from an enemy you do not know.

While identifying your “crown jewels,” or your most critical assets, might be a solid first step to mounting a robust defensive posture, understanding the potential routes a threat actor may take to access that data can help you better defend those assets.

Security leaders must understand: What TTPs do attackers commonly use? What paths might they take to cause the most disruption to the business, the most damage to systems, or even the most danger to infrastructure safety?

There is an urgent need to take preventive measures against these cyber-attackers with broad-spectrum adversarial simulation across all digital assets.

AI has already improved defensive progress, innovating the areas of threat detection, investigation, and response. Despite this advancement, organizations are still reacting to attackers. We need to make it easier for organizations to become more proactive. The fundamental priorities of cybersecurity organizations need to change.

We need to leverage AI to emulate attack paths, launch controlled attacks, and test defenses. This “attack path modeling” activity can show organizations the most likely routes an attacker will take to access its “crown jewels” and help organizations discover their cyber risks from the inside.

These modeled attack paths based on real-time data from your organization’s environment can help blue teams prioritize mitigations, ranking the allocation of resources to maximize efficacy. The approach allows organizations to understand priority vulnerabilities continuously rather than depending on irregular exercises, reducing the needed resources to complete these simulations.

Organizations can leverage this technology to compare attack paths based on impact and occurrence probability to distinguish which will be most valuable to an adversary. Adversaries want to exploit vulnerabilities across a wide range of domains, both internal and external to an organization. So, sourcing data across those domains is critical to creating a complete, end-to-end model of potential attacks.

These capabilities are often only available to major banks and governments that often have bigger security budgets but without the power of AI to support human skills. However, attack path modeling can help expand access.

This process can aid in neutralizing potential attack paths at the most critical “choke points” — without disrupting business activity. Focusing security spent on the choke points bespoke to your organization, in real-time, across multiple domains has a significant impact on preventing adversaries from achieving their objectives. It moves the needle in hardening an organization holistically.

By leveraging a combination of technologies to model and simulate attacks, security teams will finally identify their risks proactively rather than reactively. Security teams can tackle risk head-on by understanding themselves and their enemies by enabling innovative technology approaches.

In the art of cyber warfare, attack path modeling supports the potential to give security teams ways to “future proof” people and organizations against unknown threats. With forward-looking cybersecurity, we may finally be able to tip the scales in favor of the defenders and give them the power to defeat an aggressive enemy.

Max Heinemeyer is Director of Threat Hunting at Darktrace.


Sponsored articles are content produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. Content produced by our editorial team is never influenced by advertisers or sponsors in any way. For more information, contact sales@venturebeat.com.