《How AI Will Help Us Be More Secure.pdf》由会员分享,可在线阅读,更多相关《How AI Will Help Us Be More Secure.pdf(16页珍藏版)》请在三个皮匠报告上搜索。
1、AI is the Key to CISOs Top ChallengesUnlocking the Future2Some AI Fundamentals FirstAI Strengths:Reasoning and logic Communication skills Synthesizing information Pattern identification Creative problem-solving Translation Unstructured DataAI Limitations:Non-deterministic behaviorAccuracy Repeatabil
2、ity challengesLimited memory retentionSpeed&cost efficiency“Genius 13-year-old.Overconfident with short attention span and no street smarts”3What is Here Today but Coming TomorrowExpanded Context AwarenessContinuous Self-Improvement*Localized IntelligenceDeciding&Acting(Agents)Low Cost&High Performi
3、ng4AIs Impact on the EnterpriseOrganizationLocal agents(oracles)focused on each area of expertise(identity,cloud,emails,Jira)All meetings and communication will be analyzed and searchableSelf updating documentation&wikisAutomated management status reportsEngineeringLocalized models will monitor syst
4、ems&help remediate(self healing)Code and Cloud will become self documentingRequirements-driven code generation(requirements as code)Integrations will be automaticCISOs Top Challenges6CISOs top SECURITY challengesDetection&ResponseReportingVulnerability managementLeast privilegeCompliance and Measure
5、ment3rd party Incident Management7Fundamental Underlying Issues:The three CsCoverageCommunicationContext3C8Vulnerability ManagementContext-Who?What?Where?Why?How?Is it exploitable?If so by whom?Is there compensating controls?How hard/easy is it to remediate?Is it a critical system or area?Who owns t
6、he remediation?9Coverage Width&Depth Account Takeover(ATO)Missing logs,fields/Stopped logsThousands of vulnerabilities&alerts that need triagedConfiguration changesArchitecture ReviewsUser/System permissions10Communication Most Important&Waste of TimeWhy did we not fix that issue?How are we doing on
7、 OKRs?What is the risk of that asset?How can we trust you?11AI excels in the three Cs.Oracles&Synthesization of the state of the organizationWhat would you have 10,000 smart junior security engineers do?Communication is a translation challenge:ChatOps is back!CoverageCommunicationContext3C12Imagine
8、a WorldToday vs Tomorrow13Detection&Least Privilege Info:A new outbound call to was identifiedStripe is a trusted provider&only outbound calls are allowedEngineering documentation and discussions have identified Stripe being the new accepted payment providerThe Stripe libraries were introduced to co
9、de repo“payment-lib”on 3.3.2024A discussion with Cosmo who is the active contributor to“payment-lib”occurred at 1:22pm PT 3.3.2024 via Slack to confirm the domain is allowed outboundThis is expected behavior and is considered low risk for the following reasons:and is being allowed.14Vulnerability Ma
10、nagement&CoverageAn XSS issue was identified in the internal CIS system via the case commenting function.The issue was introduced in the last push to staging 3:35pm PTThe issue was identified via Nuclei assessment&issue is rated as low risk due to internal system,limited authenticated users required
11、&on a staging system 3:42pm PTThe code that has the vulnerability was found to be introduced by Josh Smith.3:43pm PTA fix with a PR was submitted and Josh was notified via Slack.3:44pm PT Josh has recognized the issue and accepted the PR 3:52pm PTA new rule was added to semgrep and requirements doc
12、was modified for this type of issue 3:53pm PTLocated at xxx/comment/$id Total Exposure Time:22 minutesActivity Report15Crown Jewel AlertYour requested approval settings are High for any Crown Jewel Trust Zones.A request for delete access for role sp-report-gen on s3 bucket bi-data-setec/tmp.Do you a
13、pprove?Recommendation is to grant access for the following reasons:Request was made by Martin Brice who is Principal engineer of the data-infra team who has ownership of this assetMeetings with Martin&the business media team discussed cleaning up the discarded reports on a regular basis.3.15.2024(de
14、eper summary here)Jira ticket 2928 was filed with request for expanded permissions for regular clean-up activities.Requirements document for sp-report added delete capabilityWe reached out to Werner Brandes head of security-engineering via Slack at 3.15.2024 who gives approval.Thank You Find me on Linkedin Caleb Sima