Darktrace
show image

The cyber arms race in the cloud: new threats require a new approach to defense

With companies rushing to embrace digital transformation projects, 2020 will see an explosion of cloud adoption across businesses in all sectors. And while the efficiency and scalability of cloud applications has revolutionized organizations globally, it has also added to the complexity of digital environments. Many organizations now lack crucial visibility into their networks and into their data. As a result, vulnerabilities are emerging across all areas of the digital estate.

The fundamental problem that organizations face today is that security teams have historically adopted a fragmented approach to defending their borderless, digital infrastructure. By having workloads spread across multiple cloud native platforms, such as Salesforce, Office 365, and Dropbox, companies lack an integrated, granular perspective of where their data is, how it moves, and who can access it. This issue is exacerbated by the use of multiple cloud vendors, as each vendor plays their own individual role in the shared responsibility model for security. And while the products being used appeal to innovation and collaboration, they fail to contribute to a holistic approach to cyber security. The outcome is a myriad of disjointed solutions, which often leave gaping vulnerabilities in organizations’ security posture.

Yet, a lack of visibility is not the only issue. Problems such as unintended configuration exposure or an unsecured cloud platform are technically legitimate, and may therefore not be flagged by native security solutions or traditional cyber defence tools as a vulnerability – with poor visibility, they may not even be noticed at all. Unfortunately, issues like these allow for the proliferation of malware such as ‘Xbash’, which arose two years ago; insecure cloud platforms and those configured with weak passwords were its main targets.

The current saving grace of Xbash is that its attacks are automated, meaning it is currently only able to act along certain vectors – simply put, its actions are predetermined by a cyber-criminal. But what if it made use of offensive AI to supercharge its attack? In this instance, the malware would be able to scope out a system, find its weakest region and then independently choose whatever method would be most successful for the target environment. Even more terrifying a prospect, the malware would be able to change tactics, and even change its targets, mid-attack.

The threat facing cloud computing from AI-powered attacks must not be underestimated – the damage could cripple entire areas of a business in a matter of seconds – both financially and reputationally. If companies hope to counter Xbash 2.0, cloud security will need a fundamental shift in thinking; the key to defending against this next generation of attacks is by pitting AI against AI.

An ‘immune system’ approach is now being adopted by thousands of leading firms worldwide to combat cyber-threats autonomously, in real time. By deploying unsupervised machine learning to understand what’s ‘normal’ for an entire digital estate, including cloud environments, security systems can quickly identity foreign actors in their network – and gain full visibility of their digital estate. Defensive AI solutions can take the initiative and fight back, just as our immune systems do in our bodies, assessing the appropriate course of action to stop an attacker in their tracks.

In 2020, cyber-criminals will be leveraging the most innovative AI technology in their attack techniques, so we can expect cloud-based offensives to become faster and more furious. In this new climate, artificial intelligence is the only way that we can truly prepare our data, and our businesses as a whole, for the fight back against tomorrow’s threats.