As IT infrastructures become more complex and distributed, enterprises face the formidable task of safeguarding users, data, applications, systems, and networks from relentless attacks. Compounding this complexity is the pervasive adoption of Generative AI (GenAI) and the onset of the Automation era. In response, organizations find themselves compelled to refine and rationalize their cybersecurity strategies, seamlessly blending technological advancements with human intervention.
In a recent interaction with CIO&Leader Geoff Swaine, Vice President, APJ, CrowdStrike delves into this dynamic cybersecurity landscape. Swaine emphasizes the critical balance between speed and visibility. The conversation explores the intricate interplay of technology and human insights in adapting to changing cybersecurity trends, shedding light on the profound impact of GenAI and the ongoing shift in the automation era. Excerpts.
Geoff Swaine, Vice President, APJ, CrowdStrike
CIO&Leader: What are the key trends in the cybersecurity landscape, and how do these reflect the evolving threat landscape?
Geoff Swaine: The common thread revolves around speed. You may have seen a global threat report that we release every year, and every year, we observe the time it takes for a threat actor to move laterally from one system to another decreasing. It used to be that only nation-state threat actors had access to high-speed attacks. We are now seeing this trend in organized crime and other parts of the threat landscape. Speed is critical for security, but visibility is equally important. You must be able to see everything, and observability is a crucial part of the issue we have been observing, as observability is getting harder and harder.
Real-time quality monitoring and observability pose significant challenges for businesses across sectors, especially considering the evolving nature of threats. Organizations are increasingly focusing on these aspects due to the dual concerns of enhancing security and reducing costs. There are more and more data sources, making it increasingly challenging to build queries to identify events. CrowdStrike has been exploring this space for some time, making investments a couple of years ago in our approach to observability. We need to converge these two platforms closely together.
CIO&Leader: Given the growing adoption of AI in all facets of enterprise development, what primary security considerations should enterprises and CIOs prioritize?
Geoff Swaine: In DevOps and cloud operations, seamless interaction with processes and information is paramount. However, integrating AI introduces challenges, particularly in addressing perceived security threats.
One primary concern revolves around the actions of large language models. Understanding the operations of these models, the assets they leverage, and ensuring privacy around the data they utilize are vital considerations. Maintenance of AI models is another focus point — questioning whether there is any unauthorized access to train the models in undesirable ways, potentially leading to what is colloquially known as “AI hallucination.”
Moreover, copyright, digital rights management, and governance issues become pronounced when AI generates content. For instance, the reliability of AI-generated business documentation or process flows comes under scrutiny, with potential security concerns arising from indirect prompt injections, where models may be trained to execute commands that pose harm.
From the perspective of CrowdStrike, a company deeply embedded in AI, the emphasis is on viewing AI as more than just an interface for large language models. The commitment is to leverage AI to discover the unknown and enable flexible workflows beyond the constraints of traditional sequential processes. The advice is to exercise caution, acknowledge the intricate nature of AI development, and ensure that security platforms are consistently updated to monitor and control potential risks.
Despite the challenges, the narrative acknowledges the excitement surrounding AI’s transformative potential, especially in a resource-constrained economy. Harnessing AI efficiently becomes paramount for creating numerous job opportunities, particularly at the entry level, and optimizing automation to address various societal and economic needs. As organizations venture into this exciting territory, a balanced approach, blending enthusiasm with caution, is essential to unlock the full potential of AI in enterprise development.
CIO & Leader: Can you delve into the security challenges of GenAI and how organizations can navigate them?
Geoff Swaine: The emergence of generative AI introduces new opportunities for interaction with this critical data, requiring heightened caution. It is essential to recognize that generative AI, while enhancing productivity, requires careful consideration of ownership and management of the outcomes.
Organizations must be vigilant internally with their teams using generative AI and externally when interacting with others’ IP. The potential for AI to build itself into a hallucination, following logical loops that may result in incorrect answers, underscores the importance of human oversight and appropriate validation. Security designers have witnessed instances where aggressive training models on AI can lead to inaccuracies, reinforcing the need for meticulous checking and human involvement.
Verification is anticipated to play a crucial role in the evolving landscape, offering a mechanism to ensure clarity and correctness in AI outputs. This, however, does not diminish the constant need for security. As AI generates and evolves, it introduces additional layers of data that require careful handling. The evolving nature of AI thinking, illustrated by the analogy of asking ChatGPT for a bread recipe evolving into sophisticated culinary instructions, underscores the importance of keeping track of each data generation.
This reality circles back to the initial emphasis on visibility and observability, where integrated platforms and tools in IT Ops contribute significantly. While these tools aid in managing the complexities, enterprise leaders face a significant challenge in securely comprehending the vast amount of data. Integrating observability, visibility, and data security remains a cornerstone in navigating the intricate landscape shaped by generative AI.
CIO&Leader: What specific innovations or strategies are being pursued to integrate security components seamlessly, thereby enhancing the capabilities of enterprises and businesses in this context?
Geoff Swaine: Addressing the challenges associated with the overwhelming volume of data, conventional SIEM technologies and log management tools often need to be revised due to the complexity of managing diverse sources and volumes. Extended query times have become a serious barrier, with queries taking exceptionally long durations, leading to significant inefficiencies. Some organizations have reported scenarios where queries initiated on Friday evenings would only yield results by Monday morning due to the intricate scripting required to navigate through the data complexity.
Another hurdle lies in data silos, where disparate data sources are spread across different locations, necessitating skilled resources to identify paths and streamline information flow. Given the scarcity of such professional resources and the potential costs associated with prolonged query times, a more efficient approach is imperative.
In summary, the ongoing pursuit of innovative strategies, compression techniques, and collaborative platforms underscores the industry’s commitment to overcoming data-related challenges and optimizing efficiency in the post-health crisis landscape.
CIO&Leader: Can you elaborate on how the recent acquisition of Bionic enhances your cloud security capabilities, particularly in the evolving landscape where more organizations are adopting a cloud-native approach?
Geoff Swaine: The recent acquisition of Bionic is a testament to our commitment to advancing cloud security. Our strength in runtime cloud security, encompassing aspects like API security, Cloud Identity and Entitlement Management (CIE M), and cloud workload protection, was already robust. With the addition of code-to-runtime protection capabilities, we’ve significantly elevated our cloud platform’s capabilities. This enhancement allows us to understand how an application will run in the cloud and empowers the development team with valuable insights.
The convergence of DevOps practices, bridging the gap between development and operations within the cloud, is a crucial aspect of this advancement. This integration is poised to accelerate development cycles, marking a potential game-changer. As more organizations embrace a cloud-native approach, like ours, the experience we’ve gained in building large-scale, cloud-based, scalable architectures becomes invaluable. Managing vulnerabilities in such architectures is a complex task, and the synergy between Bionic and our existing robust security controls creates a compelling offering for our customers.
CIO&Leader: What cybersecurity trends are anticipated to define 2024, and what specific areas are you focusing on to address these trends?
Geoff Swaine: In the evolving landscape of cybersecurity, endpoint detection and response (EDR) and next-generation antivirus dynamics are undergoing a significant shift. The traditional antivirus solutions are gradually making way for the next generation, particularly EDR. Concurrently, we are witnessing continuous advancements in sandboxing, firewall technologies, and the emerging concept of secure access service edge (SASE), causing many changes in the cybersecurity domain.
The notable transformation we are currently observing is the ascendancy of the platform. CrowdStrike, in its strategic vision, has consistently advocated for a centralized platform featuring a unified user interface, a single agent, and a streamlined console. This simplicity spans security and cloud operations, fostering ease of use and efficiency. The uniformity in UI and console, irrespective of the operational domain, contributes to reducing the overall cost of monitoring and managing the platform.
In addition, the compliance environment, subject to constant reviews and revisions, is becoming more rigorous globally. Notably, recent regulation changes, such as those in Australia and Singapore, underscore the need for stringent compliance measures. This becomes particularly crucial in the Indian context, where the Data Protection and Privacy Act enactments signify a heightened emphasis on data protection. Maintaining compliance is not just a regulatory necessity; it’s critical to securing and safeguarding data in the current regulatory landscape.
Organizations are cautious about investing in extensive and expensive security measures considering the economic landscape. However, the integrated approach of the platform is fast becoming a strategic choice for organizations striving for a balance between robust security and financial prudence.
As we navigate the current reality and anticipate positive shifts in the economy, the role of security remains non-negotiable. While investment opportunities emerge, security stands as a constant imperative.
Image source: Freepik