Artificial intelligence has opened up new vulnerabilities in cybersecurity, requiring a different kind of security posture from companies looking to defend against increasingly advanced threat actors.
At Trellix, which specializes in detection and response, experts are preparing customers for targeted attacks in their sectors.
John Fokker of Trellix discusses how AI is changing cybersecurity.
“What we’re trying to do is elevate that intelligence … to a more proactive stance,” said John Fokker (pictured), head of threat intelligence at Trellix. “So, if there’s a weakness or there’s anything else, or let’s say you’re a company in a certain sector or geo, we will provide you with, OK, these are the threats relevant to your sector or geo … these are all the elements in their attack. And, by the way, you can increase your security posture by applying rule XYZ out of the box.”
Fokker spoke with theCUBE Research’s John Furrier and Savannah Peterson at mWISE 2024, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how AI has impacted ransomware and how organizations can strengthen their defenses. (* Disclosure below.)
An iron-clad security posture for a gen AI age
The last year has seen the rise of ransomware as a service, changing how threat actors collaborate together. Trellix, which provides extended detection and response, has found unsettling trends for AI in the ransomware space.
“We saw threat actors just like us trying to find solutions for things that were annoying,” Fokker said. “They used Gemini to get more information on vulnerabilities, web scanners. They’re researching some deep fake[s]. There was one instance that was really interesting and very timely that [the threat actor] was asking for … voice cloning type of software, specifically to extort politicians and crypto influencers.”
In response to these evolving attacks, cybersecurity is increasingly a team effort, according to Fokker. Trellix has a partnership with Google, allowing experts from both companies to pool their findings
“Our relationship is very, and stronger than ever,” he said. “We really have researchers helping each other out. We’re looking at similar threats, some of the most imminent threats to the U.S. administration. One of the things that we’re doing … is a project called RPP, or Research Partner Program, where we help out certain nations in the world that are on a heavy attack but might not have the funds to protect themselves.”
The companies deliver Trellix appliances with joint investigations to these government organizations, allowing them to defend against international attacks. Fokker’s advice for companies guarding against attackers such as email phishers or information stealers is to know their businesses inside and out.
“Asset management, actually knowing what you have within your network, knowing your attack service … but also internally knowing, OK, what’s my security posture?” he said. “These are some very basic things, together with patch management, understanding the threat landscape, all that stuff. Those are really basic things that we still see are not always done either correctly or up to a certain standard.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE Research’s coverage of mWISE 2024:
(* Disclosure: Trellix sponsored this segment of theCUBE. Neither Trellix nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)