Justin Fier is the director of cyberintelligence and analytics at Darktrace, a leading AI cybersecurity company.
By all accounts, Capital One defended its customers’ data with the imposing array of cybersecurity tools that you’d expect from one of the largest banks in the United States. And yet a lone hacker managed to bypass those tools and obtain the sensitive personal information of more than 100 million people, a breach that will likely cost the bank well more than $100-million when all is said and done.
The hacker – a former employee of Amazon Web Services, which hosted the compromised database – gained access to the AWS server by exploiting a misconfiguration in one of Capital One’s application firewalls. Such misconfigurations along the customer’s interface with the cloud have become a favourite target for cybercriminals, accounting for the vast majority of cloud security failures. And as organizations of all kinds continue to adopt ever more cloud and SaaS services, the task of safeguarding them is insurmountable for human beings alone.
The fundamental flaw
At a time when virtually all enterprises have adopted cloud infrastructures that expand and evolve as needed, configuring firewalls and other endpoint protections to remain properly positioned can be a daunting challenge. These conventional security tools are designed to defend the digital perimeter – an antiquated strategy given today’s borderless networks.
Moreover, modern developers now have the ability to spin up a virtual server in minutes, without having to consult their firm’s security team. As a consequence, such teams are losing visibility – and, by extension, control – over their own cloud environments.
While nearly half of organizations don’t even bother looking for malware on the cloud, Capital One had a relatively mature cloud security posture – at least by traditional standards. It is therefore all the more alarming that the bank didn’t become aware of the breach until more than three months after the fact, when it received a tip from an outsider who’d stumbled upon the stolen data. That a major financial institution was blind to this level of compromise further demonstrates the urgency of rethinking cloud security.
Of course, there is no silver bullet when it comes to cyberdefence – and that goes double for the cloud. Motivated attackers will inevitably find a way inside the nebulous perimeters of IaaS (Infrastructure as a Service) and SaaS (Software as a Service) environments, whether using insider knowledge, critical misconfigurations, personalized phishing e-mails, or mechanisms that have yet to be seen. The path forward, then, is to use artificial intelligence to understand how users behave within those perimeter walls, an understanding that shines a light on the subtle behavioural shifts indicative of a threat.
Demystifying the cloud
Compared with traditional, on-premises networks, modern cloud and hybrid infrastructures introduce a number of complicating variables of which AI is uniquely equipped to make sense. For one, AI tools need not delineate and secure the cloud’s intrinsically nebulous perimeter. Rather, the latest such tools take an inside-out approach: analyzing what goes on inside a given cloud environment in real time to keep pace with ever-evolving users and architectures. As the environment changes, in other words, so, too, does the AI’s understanding of normalcy.
This adaptable nature of artificial intelligence is also pivotal given the unpredictable nature of cloud attacks. With thousands of new cloud services being developed, released and updated around the world, identifying security vulnerabilities before they are exploited is a tall order, especially since different users interact with each service in different ways. Indeed, the risks inherent to IaaS and SaaS are highly user-dependent – the same activity associated with, say, a subtle insider attack when carried out by one employee might well be benign when done by another. AI’s capability to uncover hidden patterns, connections and anomalies is ideal for complex problems like these.
By employing AI systems, we can gain the necessary knowledge of bespoke cloud environments to catch threats in their nascent stages – before they escalate into crises. Ultimately, the cloud promises to unlock new heights of efficiency and new forms of collaboration, so long as we’re willing to look after it with equally innovative cybersecurity. Because while there may never be a silver bullet for safeguarding cloud services, AI does offer hope for a silver lining.