It’s been reported that a new, generative AI worm dubbed “Morris II” has emerged. And for many, this new, generative AI worm is an understandable reason to panic.
Pushing back against hysteria, however, we discover that Morris II only targets AI apps and AI-enabled email assistants. No attack is a good one, but at least this one’s very specific. More importantly, the recognition that just as AI is helping to accelerate and automate attacks, it will also drastically improve security efficacy.
While AI threatens to overwhelm reactive security teams with the pace and sophistication of its onslaught, it can likewise enable proactive prevention through predictive processes and controls. This is critical to giving security teams the chance to withstand the barrage that awaits them.
Scaling alongside AI-enabled attacks#
There are two proactive efforts that scale well when accelerated attacks become the norm. Neither of these efforts need to be AI-powered to be effective against AI-based attacks, but AI can certainly enhance both of them. I believe not having these techniques in place will almost guarantee security teams will fail to keep up with AI-enabled attacks.
The first is zero trust. Zero trust is not a single product or solution – it is a paradigm for architecting infrastructure. Individually authenticating each access request is a good starting place. A core tenet of zero trust entails eliminating the assumption (i.e. “implicit trust”) that a user on the inside is already authenticated and authorized to use a resource.
Crucially, zero trust is capable of scaling in the face of accelerated attacks. Many organizations benefit from zero trust’s tendency to automatically contain attacks. This reduces the blast radius of any successful intrusion and can even foil attackers’ reconnaissance efforts. Isolating users and assets with techniques such as microsegmentation prevents attacks from spreading.
However, complete network microsegmentation can be challenging. Instead of jumping into full microsegmentation, many organizations benefit by focusing on isolating access to their most important resources – their “crown jewels.” They do this by expanding zero trust network access (ZTNA) for remote workers into the office, so all workers in the office also use ZTNA. ZTNA expansion, typically referred to as universal ZTNA, can even eliminate the need for network access control (NAC).
The other important effort is vulnerability management. Today, vulnerability management is often done in ways that do not scale. Many organizations, in the face of massive numbers of published common vulnerabilities and exposure (CVE), recognize they cannot patch everything and must prioritize. Prioritization is the right decision, but how you prioritize CVEs matters.
Most organizations prioritize CVEs by severity, choosing those with the most severe risk rating to patch first. The problem with that thinking is that only a small number of CVEs are ever actively exploited. It therefore makes more sense to prioritize actively exploited CVEs over severe but rarely exploited vulnerabilities. Smarter prioritization of patching, as can be enabled by AI, will make a material difference in how organizations reduce their exploitability. Unified vulnerability management will help organizations more effectively triage their outstanding vulnerabilities.
Although AI will inevitably be used by attackers to improve the quality and enhance the pace of their attacks, there are proactive measures we can take to scale our defenses. Zero trust and smart vulnerability management can help prevent attacks by proactively reducing the attack surface and lowering real risk.
Learn more at zscaler.com/security.
Zscaler https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5tcyNkDr4lqeP29jJNeCWF7kpEp9LwP3RzzSWfuUOFMaPW7S8-zchAQOKHwKACLloe355K90RHstIaWvrnkJuxGoJQtCKP44XS5JJQU36WGArLSf7QXCUE3MRASA1Qk_MZ3AxYBq_C12RjVs9WiQi7aloY8ydnL8_kU40-XLZkTUDpw4BgmMMOrjAMnA/s1600/zz.png
