Why AI and autonomous response are crucial for cybersecurity (VB On-Demand)

Presented by Darktress

Today, cyber security is constantly evolving and improving. In this on-demand webinar, learn how the two organizations use continuous AI response loops to identify vulnerabilities, tighten defenses, and improve the outcomes of their cyber security programs.

See free on demand here.

The security risk landscape is in full swing, and the traditional on-premises approach to cyber security is no longer sufficient. Remote work has become the norm, and outside the walls of the office, employees are undermining their personal security. Cyber ​​threats posed by supply chains by third parties are still a major weakness, so organizations need to think not only about their protection but also about their suppliers to protect their priority assets and information from intrusion and exploitation.

And that’s not all. The ongoing Russia-Ukraine conflict has provided more opportunities for aggressors and social engineering attacks have increased tenfold and become increasingly sophisticated and targeted. Both play into the fears and uncertainties of the general population. Many security industry experts have warned of potentially dangerous actors taking advantage of AI to launch cyber-attacks, using their intelligence to optimize the route and speed up their attacks in the organization’s digital infrastructure.

“In a modern security environment, organizations should recognize that attackers are more likely to breach their perimeter defenses,” says Steve Lorimer, group privacy and information security officer at Hexagon. “Organizations should focus on improving their security posture and preventing disruptions to business, so-called cyber resilience. You don’t have to win every battle, but you do win important ones. “

ISO needs to find cyber security alternatives that overcome some resource challenges, add value to their team and reduce response time. Self-learning AI trains itself using unlabeled data. Autonomous Response is a technology that calculates the best action taken to accommodate attacks progressing at machine speeds, preventing attacks from spreading throughout the business and disrupting critical operations. And both are becoming essential to the security program to meet these challenges.

Why self-learning AI is needed in the new cybersecurity landscape

Attackers are constantly innovating, transforming old attack patterns into new ones. Self-learning AI can detect when something changes in the organization’s digital infrastructure, identify behaviors or patterns that have not been seen before, and act to isolate potential risk before a fully developed crisis disrupts business.

“It’s about creating layers at the end of the day,” Lorimer adds. “AI will always be a supporting element, not a place for human teams and knowledge. AI can empower human teams and reduce burdens. But we can never rely entirely on machines; You need more than luck to succeed in affiliate business. You need more than luck to succeed in affiliate business. “

Advantages of autonomous response

Often, cyber attacks start slowly; Many take months to move between espionage and infiltration, but the most important components of an attack happen very quickly. Autonomous response unlocks the ability of the machine to react quickly to identify and contain threats in that short window.

Another major advantage of autonomous response is that it enables “always-on” defense. Even with the best intentions in the world, security teams will always be limited by resources. There are not enough people to defend everything at all times. Organizations need a level that can enhance the human team, giving them time to think and respond with critical human contexts such as business and strategy skills. Autonomous response capabilities allow AI to make quick decisions. These subtle decisions give human teams enough time to make those macro-decisions.

Leveling: Taking advantage of attack path modeling

Lorimer says that once the organization has matured its thinking to the point of supposed breach, the next question is to understand how the attackers pass through the network. Now, AI can help businesses better understand their own system and allow attackers to identify the most dangerous ways to access their crown jewels or the most important information and assets.

Lorimer says the attack simulation allows them to tighten defenses around their most sensitive areas. And self-learning AI is really about a paradigm shift: instead of building defenses based on historical attack data, you need to be able to defend against novel threats.

Attack Path Modeling (APM) is a revolutionary technique because it allows organizations to map paths where security teams may not have as much visibility or originally thought to be sensitive. The network is never static; A large, modern and innovative enterprise is constantly changing. Therefore, APM can run continuously and alert teams of new attack routes created by the new integration with a third party or new device joining the digital infrastructure.

“This consistent, AI-based approach allows organizations to continually tighten their defenses, rather than relying on biennial, or even more frequent, red teaming exercises,” says Lorimer. “APM enables organizations to actively fix vulnerabilities in the network.”

Choosing a cyber security solution

“There are a few things ISO needs to look at when choosing a cybersecurity solution,” says Lorimer. First, the solution should raise human teams without doing significant extra work. Technologies should be able to maximize the value that the organization provides.

ISO should also look for any significant overlaps or gaps in technology in their existing security stacks. Today’s solutions can replace most existing stacks with better, faster, more optimized, more automated and technology-advanced approaches.

Beyond technology, ISOs should look for vendors that add human expertise and contextual analysis to the top.

“For example, Darktrace’s Security Operations Center (SOC) and Ask the Expert Services allow our team at Hexagon to gain insights from their global fleet, partner community and the entire customer base,” says Lorimer. “Darktress works with companies from all over the diverse industries and geographies, and that context allows us to understand the threats and trends that have not yet had an immediate impact on us.”

Hexagon operates in two main industry sectors: manufacturing and software engineering, and so every aspect of the business faces different, specific threats from different risk actors. Darktrace’s SOC offers insights from a wide range of industry experts and analysts based on their wealth of knowledge.

But even with the best tools, you can’t solve every problem. You need to focus on resolving issues that will really affect your ability to reach your customers and thus, your bottom line. You should establish controls that can help manage and reduce that risk.

“They’re about to come up with problems before they can maximize and map out potential outcomes,” says Lorimer. “It all comes down to understanding the risk to your organization.”

For more insights into the current threat landscape and to learn more about how AI can transform your cyber security program, don’t miss this VB on-demand event!

See free on demand here.

You can learn about:

  • Protection and security of citizens, nations, facilities and data with autonomous decision making
  • Implement consistent AI response systems to improve results and tighten security systems
  • Opponents can take advantage of decisive assets by simulating real-world scenarios to understand attack routes.
  • A combination of the physical and digital worlds to create intelligent security for infrastructure


  • Nicole EganChief Strategy Officer and AI Officer, Darktress
  • Norbert HankeExecutive Vice President, Hexagon
  • Mike BeckGlobal CISO, Darktress
  • Steve LorimerGroup Privacy and Information Security Officer, Hexagon
  • Chris PreimesbergerModerator, contributor, VentureBeat

Similar Posts

Leave a Reply

Your email address will not be published.