I was fortunate enough to attend OpenText World (OTW) last week hosted at The Venetian Las Vegas. The event placed a significant focus on the revolutionary potential of artificial intelligence (AI) and how OpenText Aviator Platform can fundamentally increase productivity. Of particular interest to me, there was a spotlight on AI's pivotal role in elevating our cybersecurity solutions.
Exploring AI's Crucial Role in Cybersecurity
OTW featured several presentations and demonstrations that showcased the capabilities of ArcSight Intelligence, particularly in its utilization of unsupervised machine learning (ML) for enhancing threat hunting activities. The Fortify team also provided insights into the evolution of Audit Assistant, highlighting the substantial improvements achieved through ML model enhancements in the latest release to improve false positive identification and triage.
There were also presentations and demos of how integrated ML technology is enhancing solutions in other product portfolios, including Brightcloud, the NetIQ Risk Service, and the new Financial Risk Modeler that’s a built-in capability on Voltage Fusion. They also had a great demo of our next generation security analytics platform and how it will support use cases like XDR. The journey of leveraging AI & ML for enhancing our products and services is an ongoing one, and we are committed to pushing the boundaries of what's possible to better serve our organizations.
The reason behind this heightened focus in AI is that we at OTCS firmly believe that AI has the potential to lay the foundation for an exceptionally robust and scalable cyber defense. AI holds the promise of significantly bolstering our organization’s cybersecurity posture. However, it's important to stress that AI should not be perceived as a miraculous, all-encompassing solution. Rather, it should be seen as a crucial component within a broader, multifaceted cybersecurity strategy.
The Vital Role of Defense-in-Depth Security in an AI-Driven World
In essence, while AI is a powerful tool, it is not a silver bullet that can single-handedly protect our organizations against all cyber threats. Instead, we should continue to advocate for a layered approach to cybersecurity, often referred to as defense-in-depth. This layered strategy involves the deployment of various security solutions and detection mechanisms that work in concert to safeguard organization’s digital assets.
Imagine cybersecurity defenses as a series of concentric circles, each offering a unique layer of protection. If a threat manages to breach one layer, the subsequent layers are there to step in as a next layer of defense. This multi-layered approach ensures that even if one defense mechanism is bypassed, the others remain active and vigilant. Below is an example representation from the Defense-in-Depth Security Guide blog.
Source: https://ussignal.com/blog/moving-beyond-blinky-box-security-to-defense-in-depth-security
Successfully protecting against malicious actors necessitates a fusion of security controls and detection methodologies. The goal is for these layers to collaborate cohesively to recognize and neutralize potential threats. That's why we are committed to integrate with other tools and provide accessible APIs is so crucial.
Practical Hurdles of Layered Security
However, it's essential to acknowledge that maintaining and ensuring the effectiveness of layered security can be more challenging in practice than in theory. In reality, the assertion of multiple protective layers can be compromised by vulnerability exploits, immature security control implementations, insiders, or attack patterns that have evolved past the current state of protection.
The Reimagining Cyber podcast episode Unconventional approaches to improve enterprise resilience with Jim Routh pulls the thread on this reality. Jim shares the importance of taking a risk-based approach to augment standards-based security controls with unconventional controls to thwart evolving threats. I also agree that it’s imperative that we diversify our cybersecurity strategies to establish a resilient security stance.
AI/ML-driven solutions like ArcSight Intelligence can assist in detecting attack vectors that manage to evade or circumvent standard, layered security controls. These AI-based technologies can also enhance human efforts to match the scale, speed, and complexity of cyberattacks in the constantly evolving cybersecurity landscape.
Summary
We all recognize that AI will be vital in the future to thwart bad actors, but it’s not a silver bullet. OpenText Cybersecurity’s solutions, bolstered by AI, can help ensure thorough readiness against cyber threats, safeguarding your digital assets and data.
The AI sessions at OTW are available on the OpenText World hub. Below are some other assets that you may want to explore:
- ArcSight Intelligence - Resources on Sales Enablement Central, ArcSight Intelligence blog
- Audit Assistant WP – Leveling up Fortify’s Audit Assistant AI
- NetIQ Risk Service Web Page
- Brightcloud Web Page