I recently read an article about a new generative AI worm called “Morris II” and it immediately made me worried: Will the AI learn the best way to phish me? Can the AI predict where vulnerable systems and users are? Can the AI simply find new, previously unreported vulnerabilities that put me at risk? Will all of this happen at quantum speed?
For many, a new generative AI worm is an understandable reason to panic.
But if we shake off the hysteria, we see that Morris II only targets AI apps and AI-enabled email assistants. No attack is good, but at least this one is very specific. And more importantly, it brings the realization that just as AI is helping to accelerate and automate attacks, it will also greatly improve security effectiveness.
While AI threatens to overwhelm reactive security teams with the speed and sophistication of attacks, it also enables proactive prevention through predictive processes and controls, which is critical to giving security teams a chance at withstanding the attacks that await.
Scales with AI-powered attacks
There are two proactive efforts that can scale well when accelerated attacks become the norm: These efforts don't need to leverage AI to combat AI-based attacks, but AI can certainly enhance these two efforts: I believe it's almost certain that security teams will not be able to keep up with AI-enabled attacks without these techniques in place.
The first is Zero Trust. Zero Trust is not a single product or solution, but a paradigm for designing your infrastructure. Authenticating each access request individually is a good starting point. A core principle of Zero Trust is the elimination of the assumption that internal users have already been authenticated and authorized to use resources (i.e. “implicit trust”).
Importantly, Zero Trust is scalable in the face of accelerating attacks. As a Gartner analyst, I have seen many organizations benefit from Zero Trust's trend to automatically contain attacks, reducing the impact of a successful intrusion and even thwarting attackers' reconnaissance activities. Isolating users and assets using techniques such as microsegmentation can help prevent attacks from spreading.
However, full microsegmentation of your network can be challenging. Rather than jumping to full microsegmentation, many organizations find it beneficial to focus on isolating access to the resources that matter most, or “the most valuable resources.” They achieve this by extending Zero Trust Network Access (ZTNA) for remote workers to the office, so that all workers in the office can also use ZTNA. ZTNA extensions are often referred to as Universal ZTNA and may even eliminate the need for Network Access Control (NAC).
Another important initiative is vulnerability management. Currently, vulnerability management is often done in a way that does not scale. Faced with the huge number of published Common Vulnerabilities and Exposures (CVEs), many organizations realize that they cannot patch everything and must prioritize. Prioritization is the right decision, but how you prioritize CVEs is important.
In my experience, most organizations choose to prioritize CVEs by severity and patch those with the most severe risk ratings first. The problem with this mindset, as my former Gartner colleague Craig Lawson points out, is that only a small percentage of CVEs are exploited in the wild. Therefore, it makes more sense to prioritize CVEs that are exploited in the wild over severe but rarely exploited vulnerabilities. Smarter prioritization of patching, enabled by AI, will make a big difference in how organizations reduce the likelihood of exploitation.
This is an area where, among other areas, the recent acquisition of Avalor has provided important enhancements: Integrated Vulnerability Management, part of Avalor's Data Fabric services, enables organizations to more effectively triage open vulnerabilities.
While attackers will inevitably use AI to improve the quality and pace of their attacks, there are proactive steps we can take to shore up our defenses. Zero Trust and smart vulnerability management can help prevent attacks by proactively reducing the attack surface and mitigating actual risk.
This is what Zscaler CEO Jay Chaudhry meant when he said, “Fight AI with AI.” Given the potential acceleration of attacks, AI-enabled proactive protection should be considered a necessity.
Learn more about.
