Fighting Fire with Fire- Leveraging AI in cybersecurity.pdf

1、PRESENTED BYHarnessing AI for End-to-End Cloud Security:From Development to RuntimeNayeem IslamVP Product Management Cloud SecurityDe-risk Your Business As cloud adoption accelerates3Leading causes cloud breachesVulnerabilities,Misconfigurations,and Malware70%of Log4Shell vulnerabilities have still

2、not been fixed,since last 2 yearsCIS benchmarks controls across major CSPs are not meet 50%of the time on averageCrypto mining malware is a growing threatCIS=Center for Internet Security;CSP=Cloud Service Provider;AWS=Amazon Web Services;GCP=Google Cloud PlatformSource:Qualys TruRisk 2023 Cloud Insi

3、ghts ReportMost Misconfigured Controls Across Major CSP34%57%60%0%10%20%30%40%50%60%70%AWSAzureGoogle cloudFigure 1:Average Failure Rates for AWS,Azure,and GCP for CIS BenchmarksAverage Failing RateHigh Unpatched Rate69.97%30.03%PatchedUnpatched136 DaysAverage Remediation Time of Log4Shell4Misconfig

4、urations And Vulnerabilities Are ImportantCheck for misconfigurations,like assets exposed to the internet and secrets that should be protectedMake sure best practices are followedGet an understanding of the extent of vulnerabilities and their criticalityRemediate based on prioritiesDe-risk Your Busi

5、nessYou cant effectively measure riskin the cloud without detecting threats6DETECTION BARRIERUnauthorized activitiesMalwareCrypto MiningSuspicion CommunicationBeacon activityMeasuring risk the wrong way,can lead to breachesVulnerability High RiskVulnerability High RiskVulnerability High RiskVulnerab

6、ility High RiskUnauthorized activitiesMalwareCrypto MiningSuspicion CommunicationBeacon activityUnauthorized activitiesMalwareCrypto MiningSuspicion CommunicationBeacon activityUnauthorized activitiesMalwareCrypto MiningSuspicion CommunicationBeacon activity7Threats are hard to detectMillion new mal