报告预览

How AI Will Help Us Be More Secure.pdf

编号：162725

PDF 16页 3.24MB 下载积分：VIP专享

下载报告请您先登录！

How AI Will Help Us Be More Secure.pdf

1、AI is the Key to CISOs Top ChallengesUnlocking the Future2Some AI Fundamentals FirstAI Strengths:Reasoning and logic Communication skills Synthesizing information Pattern identification Creative problem-solving Translation Unstructured DataAI Limitations:Non-deterministic behaviorAccuracy Repeatabil

2、ity challengesLimited memory retentionSpeed&cost efficiency“Genius 13-year-old.Overconfident with short attention span and no street smarts”3What is Here Today but Coming TomorrowExpanded Context AwarenessContinuous Self-Improvement*Localized IntelligenceDeciding&Acting(Agents)Low Cost&High Performi

3、ng4AIs Impact on the EnterpriseOrganizationLocal agents(oracles)focused on each area of expertise(identity,cloud,emails,Jira)All meetings and communication will be analyzed and searchableSelf updating documentation&wikisAutomated management status reportsEngineeringLocalized models will monitor syst

4、ems&help remediate(self healing)Code and Cloud will become self documentingRequirements-driven code generation(requirements as code)Integrations will be automaticCISOs Top Challenges6CISOs top SECURITY challengesDetection&ResponseReportingVulnerability managementLeast privilegeCompliance and Measure

5、ment3rd party Incident Management7Fundamental Underlying Issues:The three CsCoverageCommunicationContext3C8Vulnerability ManagementContext-Who?What?Where?Why?How?Is it exploitable?If so by whom?Is there compensating controls?How hard/easy is it to remediate?Is it a critical system or area?Who owns t

6、he remediation?9Coverage Width&Depth Account Takeover(ATO)Missing logs,fields/Stopped logsThousands of vulnerabilities&alerts that need triagedConfiguration changesArchitecture ReviewsUser/System permissions10Communication Most Important&Waste of TimeWhy did we not fix that issue?How are we doing on

7、 OKRs?What is the risk of that asset?How can we trust you?11AI excels in the three Cs.Oracles&Synthesization of the state of the organizationWhat would you have 10,000 smart junior security engineers do?Communication is a translation challenge:ChatOps is back!CoverageCommunicationContext3C12Imagine

8、a WorldToday vs Tomorrow13Detection&Least Privilege Info:A new outbound call to was identifiedStripe is a trusted provider&only outbound calls are allowedEngineering documentation and discussions have identified Stripe being the new accepted payment providerThe Stripe libraries were introduced to co

9、de repo“payment-lib”on 3.3.2024A discussion with Cosmo who is the active contributor to“payment-lib”occurred at 1:22pm PT 3.3.2024 via Slack to confirm the domain is allowed outboundThis is expected behavior and is considered low risk for the following reasons:and is being allowed.14Vulnerability Ma

10、nagement&CoverageAn XSS issue was identified in the internal CIS system via the case commenting function.The issue was introduced in the last push to staging 3:35pm PTThe issue was identified via Nuclei assessment&issue is rated as low risk due to internal system,limited authenticated users required

11、&on a staging system 3:42pm PTThe code that has the vulnerability was found to be introduced by Josh Smith.3:43pm PTA fix with a PR was submitted and Josh was notified via Slack.3:44pm PT Josh has recognized the issue and accepted the PR 3:52pm PTA new rule was added to semgrep and requirements doc

12、was modified for this type of issue 3:53pm PTLocated at xxx/comment/$id Total Exposure Time:22 minutesActivity Report15Crown Jewel AlertYour requested approval settings are High for any Crown Jewel Trust Zones.A request for delete access for role sp-report-gen on s3 bucket bi-data-setec/tmp.Do you a

13、pprove?Recommendation is to grant access for the following reasons:Request was made by Martin Brice who is Principal engineer of the data-infra team who has ownership of this assetMeetings with Martin&the business media team discussed cleaning up the discarded reports on a regular basis.3.15.2024(de

14、eper summary here)Jira ticket 2928 was filed with request for expanded permissions for regular clean-up activities.Requirements document for sp-report added delete capabilityWe reached out to Werner Brandes head of security-engineering via Slack at 3.15.2024 who gives approval.Thank You Find me on Linkedin Caleb Sima

友情提示

1、下载报告失败解决办法
2、PDF文件下载后，可能会被浏览器默认打开，此种情况可以点击浏览器菜单，保存网页到桌面，就可以正常下载了。
3、本站不支持迅雷下载，请使用电脑自带的IE浏览器，或者360浏览器、谷歌浏览器下载即可。
4、本站报告下载后的文档和图纸-无水印,预览文档经过压缩，下载后原文更清晰。

本文（How AI Will Help Us Be More Secure.pdf）为本站（张5G）主动上传，三个皮匠报告文库仅提供信息存储空间，仅对用户上传内容的表现方式做保护处理，对上载内容本身不做任何修改或编辑。若此文所含内容侵犯了您的版权或隐私，请立即通知三个皮匠报告文库（点击联系客服），我们立即给予删除！

温馨提示：如果因为网速或其他原因下载失败请重新下载，重复下载不扣分。

上海品茶

How AI Will Help Us Be More Secure.pdf

How AI Will Help Us Be More Secure.pdf