AI, ML systems may be hacked by privileged users

Prominent limitations of cybersecurity solutions include the lack of large-scale threat analytics that leverage ML for both structured and unstructured data, the inability to empower end-user devices to detect threats and initiate the first-level response, general lack of context about the overall IT environment, and poor integration capabilities with other IT components.

It is worth mentioning that to effectively leverage the benefits of cybersecurity solutions, organisations need to be self-aware and undergo a cultural change.

A major pain point with the current generation of tools is the lack of ability to support the recent changes in technology and user behaviour. An unfortunate scenario like the current global pandemic has turned things upside down with organisations scurrying to enable employees to work remotely, and for CISOs, this has been a huge source of stress.

Despite figuring out the logistics, if the current security tools are inadequate, it is a career-defining call for most CISOs to allow remote work. Making the call to allow remote work can be risky, especially if, for example, the organisation’s endpoint security solution lacks the ability to automatically enforce restrictions based on the geolocation of the user or the device they are using to access enterprise information.

Other pain points include bring your own device environments, the growing number of IoT devices in the infrastructure, SecOps becoming more agile with DevSecOps, enabling just-in-time privileges for users, and integrating security tools for the quickest possible incident resolution process. These everyday pain points can be effectively addressed with a suite of solutions that take a central approach to information security.

Another innovation is strong identity mapping across the entire infrastructure to combat privileged internal users who can create duplicate identities to carry out motivated internal attacks. The goal of identity mapping is to hold users accountable for their actions amidst all the automations and self-learning systems. Malicious insiders can intentionally train AI models wrongly to carry out certain actions. This is why organisations need the ability to trace actions back to a human user.

Given the significance of the security orchestration, automation, and response approach and its growing adoption, ManageEngine is in a position to put together operations and security products from its suite that increases the value of customers’ investments. This suite of solutions can be integrated to deliver security orchestration, automation, threat analytics, and rapid security incident response from one central location.

Like in the other areas of technology, the next generation of security products are adopting specific operating principles that help CISOs stay at the top of their game. The next generation of products will be self-aware, be able to self-learn, and guarantee optimal security levels without requiring constant human intervention.

The processing and decision-making model will move to the edge—meaning processes, decisions, and implementation will move closer to the user—to enable rapid response from each user and each device who is under attack while a central engine detects and orchestrates a response. Solutions will also move to Zero Trust models for all information access and operations and enforce just-in-time privilege elevation for all users, regardless of their position in the organisation.

This shifts the operating model from understanding where the data is and where all it flows to building layers of security to protect it.

By Rajesh Ganesan, Vice President, ManageEngine.

Leave a Reply