In a recent podcast interview with Zack Hack, Host of Cybercrime Magazine, Robert E. Johnson III, Cimcor CEO/President, discusses the latest views on AI and Cybersecurity. The podcast can be listened to in its entirety below.
Zack Hack, here. Welcome to The Data Security Podcast sponsored by Cimcor. Cimcor develops innovative, next-generation file integrity monitoring software. The CimTrak Integrity Suite monitors and protects a wide range of physical, network, cloud, and virtual IT assets in real-time while providing detailed forensic information about all changes. Securing your infrastructure with CimTrak helps you get compliant and stay that way. You can find out more about Cimcor and CimTrak on the web at cimcor.com/cimtrak.
Q: Welcome back, Robert. Great to be chatting with you again. How've you been?
A: I've been great. I appreciate the opportunity to be back on your show, Zack.
Q: Oh, you're very welcome, any time. Our topic today is AI and cybersecurity. Many issues that companies need to focus on regarding cybersecurity - Why do so many groups seem to think AI just might be the answer to all cybersecurity problems?
A: AI and machine learning is a very exciting and exploding new field and this technology is now being actively applied to the field of cyber security, so I think that AI and cyber is so popular because people are actually seeing results. So there are two areas that AI and cyber security really excels. One is correlating and mining a large data set in order to identify trends or emerging threats that would be too much for a human to comprehend or parse through. And then a second great use case of AI being successful in cybersecurity is identifying the exploding quantity of malware variants that are being created every day. You know, vendors are leveraging machine learning to analyze all of the previously identified malware. In order to identify similar patterns or variations of previous threats. This capability alone has been a tremendous boost to the cybersecurity industry and has really created this excitement about AI in cyber.
Q: All right, so let's talk about the Achilles heel of AI. I'm hearing a lot of good stuff about AI, but the concern regarding malware it's real. If AI is so wonderful, why do we have so many exploits and threats and new malware?
A: Well, I guess you're just cutting straight to the chase, Zack. That's a really good question. And you're right! With all the advances that we've made in AI, if you look at the data, we're not doing any better in securing our infrastructures. In fact, we're going the wrong way. The average time from infection to detection to remediation of a breach has increased from 273 days to 287 days. So yes, we're clearly going in the wrong direction, even with all the great new technology that's come to the forefront.
The issue of AI is that you must train it using machine learning algorithms and the AI is trained using malware that has been seen in the past. This training can take a while because it tries to compute a model that basically fits all of the malware that it has somehow seen in the past as part of its training set. But here's the problem: What about new techniques? New methods? New malware? Things are being created every day, created just a few minutes ago, that are original in nature, not variants. These are new techniques that have not been seen by the AI in the past. The AI was not trained on this type of new threat. So, as a result, they simply fall right through the cracks.
There are over 1 million new variants of malware being created every day. And our endpoint protection tools and our AI-based endpoint protection tools are so amazing that they can actually identify 450,000 of those threats every day. I think that's a feat of human engineering. But here's the rub: What about the other 550,000 variants of malware?
Q: All right, so if AI alone is not the answer- it's not as wonderful- it's not as cracked up as it's supposed to be, what do you think we can do, based on current technology?
A: Well, AI certainly plays a part, and I hope that the industry continues to make great progress on that front. However, I think that perhaps the most important strategy that can be used to secure infrastructure is to establish an authorized baseline of your key assets. In a way, that you can monitor its integrity over time. So this strategy is so powerful because it allows you to identify unexpected changes to your assets at any point. These changes may be a known malware threat, it could be an unexpected change to a key configuration file by an employee, or it can even be a new piece of malware that was just generated moments ago. I mean, that's the beauty of system integrity assurance is that it doesn't matter it doesn't have to be trained. It simply knows, this should not exist on this system. So integrity monitoring provides visibility into all the unexpected and unauthorized changes to your environment and it's really the first step in your journey to implement zero trust throughout the organization.
Now, our team has created a system integrity assurance platform called CimTrak, and CimTrak can monitor in real-time the integrity of servers, network devices, domain controllers, containers, cloud configurations, databases, and much more. Personally, I think this is the missing link. Your AI EDR tool, plus CimTrak provides incredible insight into your organization. And finally, provides you with the foundation that you need to deal with the emerging threats and zero-day attacks.
Q: Excellent information Robert once again fantastic speaking to you. always a pleasure and thanks for joining us today
A: Great show again and look forward to catching up with you again on the next show.
September 13, 2022