ESD Team

Fighting Fire with Fire: Using AI Security Tools to Defeat AI Cyber Threats

August 9, 2023
Share this blog post
Fighting Fire with Fire: Using AI Security Tools to Defeat AI Cyber Threats

On the 4th episode of Enterprise Software Defenders, hosts Evan Reiser and Mike Britton, both executives at Abnormal Security, talk with Steve Ward, former CISO at Home Depot. Home Depot is a Fortune 20 multinational home improvement retailer with nearly 500,000 employees and over $150 billion in revenue. In this conversation, Steve shares his thoughts on defensive strategy in the cloud era, how AI can impact resource management in cybersecurity, and fighting fire with fire when combating emerging AI threats.

Steve's unique career in cybersecurity started in the Secret Service, where he spent eight years as a special agent before moving to industry to help protect large organizations, including JP Morgan Chase & Co., TIAA, and Home Depot. Recalling his time at JP Morgan, Steve compares the more simplistic past requirements of operational security against the evolving security requirements of today." It was such a static environment that if you popped up on a VPN from Romania, it was an immediate alert, and we'd balance that and correlate that off of a vacation or corporate travel database. But you look at how finite that was and how static that was for users versus where we are today. It's exponentially more difficult to figure out who's supposed to be where that we've actually kind of given up on that." Steve explains that the current requirements of CISOs present a unique challenge surrounding the growing volume of data and access needing to be shared with employees in a modern business operation, "The more productive we are, the more data transfers, the more access requests there are. That's incredible, but that brings risks from an intrusion standpoint, meaning an access standpoint. It brings a tremendous amount of risk in how you control the data that flow and keep the integrity of that data over time. Very difficult to maintain productivity and balance that with security and data protection." 

Today, solutions in the form of new AI tools tackle numerous issues regarding the balance between productivity and safety in cybersecurity. Steve turns his excitement toward AI's developing potential to increase security teams' effectiveness, "I've heard numbers upwards of 90% of the alerts that come in are machine to machine. There are false positives, and it's just not something of interest. The finite number of things we are truly interested in from a bad actor standpoint is a very small percentage." Steve hypothesizes that the impact of AI will only continue to grow, "I think the time to discovery is going to reduce big time in the ops space, but I would even go a step further and say, using AI to determine the predictability of an attack before it happens. That's on the horizon." However, with the advent of any new technology comes caution for how criminals may leverage it. 

Steve warns that the advancement of AI security tools also indicates a rise of sophistication in weapons at the disposal of threat actors. "If you're not using AI to defend against AI, I think you're going to have a really big problem." In terms of the potential for unique attacks from various threat actors and the lack of required hacking sophistication, Steve hypothesizes about the future of AI cybercrime: "This AI allows you to be an amazing attacker with virtually no experience. I think the volume goes through the roof, and I think what people don't talk about enough is the level of accuracy of those breaches goes through the roof. You're going to have very novice technologists look like amazing hackers." As the barrier to entry for cybercriminals lowers, the ingenuity of defenders must increase, including the use of new technologies.

The growing needs within cybersecurity directly oppose the status quo of what has worked previously at the enterprise level. "We'll see attacks on really good SaaS software security solutions. And those solutions are going to fail, and it's going to raise a lot of red flags to go, 'We can't defend this with old tech.' I think old tech is going to get dissolved pretty quickly in these larger enterprises." This perspective places a critical weight on the companies responsible for staying one step ahead of would-be attackers to remain innovative, diligent, and lightning-fast in their defense. Steve emphasizes his approach to fighting fire with fire when it comes to AI threats, "I think there is going to be a pretty big shift of new companies in cyber built with an AI platform. If you're not doing that or you haven't done that, I think you're going to have a challenge over the next ten years, and I think we're going to see a lot of companies pop up that lead the way." The excitement surrounding the emerging abilities of next-generation AI tools is only the beginning as enterprise use cases continue to grow and meet the evolving needs of defenders.

Listen to Steve's episode here and read the transcript here.