Leveraging AI-informed Cybersecurity to Measure, Communicate, and Eliminate Cyber Risk

Thomas Nuth
Dilip Bachwani, Qualys CTO, shares the Qualys AI strategy with TruRisk AI at QSC 2023.

The threat landscape is constantly evolving, and so are the implications of cyber risk across any organization. As attacker tactics become more sophisticated and persistent, cybersecurity strategies must grow faster to scale. One way to help cybersecurity scalability is to incorporate AI. In fact, over the last five months, Qualys reported a 40% increase in organizations adopting AI-driven vulnerability management solutions, leading to a 30% reduction in vulnerabilities. According to a recent survey by Splunk, 86% of CISOs believe generative AI will alleviate skill gaps and talent shortages on security teams, which will tackle labor-intensive and time-consuming cybersecurity functions, such as patching so that SecOps can focus on more high-value risk-reducing tasks. Here are a few major contributing factors as to why more CISOs and security teams are relying on AI as a key part of their arsenal to combat rising cyber risk.

  • Tool and Asset Sprawl: CISOs are overwhelmed with asset and tool sprawl, compounding existing visibility issues. Where automation is possible and safe, cyber practitioners are eager to leverage AI for low-value, time-intensive tasks.
  • Ransomware Attacks: In the past six months, ransomware attacks have surged globally. According to a report by Cybersecurity Ventures, ransomware attacks are projected to cost organizations around the world more than $20 billion in 2023, a significant increase from previous years. To help fight ransomware, AI is helping cybersecurity experts monitor anomalous activity within their network, identify common attack tactics prior to the breach, and uncover blind spots within their environment.
  • Zero-Day Vulnerabilities: Zero-day vulnerabilities being discovered and exploited have also risen. Recent data from the Zero Day Initiative indicates that there has been a 52% increase in zero-day vulnerabilities reported in the last five months. By relying on AI, cybersecurity experts can improve their cyber hygiene with automated and improved asset data, helping with proactive security measures and faster response in the event of a zero-day event.
  • Phishing Attacks: Phishing remains a favorite tactic among cybercriminals. In the first half of 2023, the Anti-Phishing Working Group (APWG) reported a 65% increase in phishing incidents compared to the same period in the previous year. AI is a powerful tool used to combat phishing attacks, as the methods of the attack are well known but often hard to identify at pace and scale. AI can help identify phishing campaigns and institute remediation actions before they can become successful.

The Qualys Approach

Fortunately, Qualys has emerged as a leader in the practical application of AI throughout the Enterprise TruRisk™ Platform. With TruRisk AI, cybersecurity leaders can better classify critical assets, detect previously overlooked suspicious activity, and preemptively take action to block attacks before they result in a damaging breach. At the 2023 Qualys Security Conference (QSC), Qualys CTO – Dilip Bachwani recently outlined what Qualys is doing to further invest in TruRisk AI, offering a few summary points on what the future of AI looks like.

The Qualys TruRisk AI is built from a robust data lake, leveraging 14 multi-tenant platforms, 75 on-premises private cloud platforms, and over 30 petabytes of storage.

Use Cases for Qualys TruRisk AI

AI for Predictive Analysis: AI will increasingly be used for predictive analysis, helping organizations anticipate and prepare for emerging threats before they occur. With Qualys TruRisk AI, Qualys applies AI-powered predictive analysis of vulnerabilities using granular asset and threat intelligence data sourced from over 25 threat feeds. With this aggregated dataset, solutions like VMDR ensure an accurate record of all devices within a user’s environment, from asset inventory to remediation prioritization. With TruRisk AI, Qualys customers can automatically highlight the most critical vulnerabilities on essential assets, narrowing down potentially thousands of identified vulnerabilities to the most significant few. Indicators like “Exploitable,” “Actively Attacked,” and “High Lateral Movement” spotlight current at-risk vulnerabilities faster, without time-intensive analysis.

AI-Driven Autonomous Security: Autonomous security systems powered by AI will become more common, allowing for real-time threat response without human intervention. From a remediation standpoint, Qualys Patch Management (PM) and Custom Assessment and Remediation (CAR) leverage TruRisk AI-driven autonomous security capabilities to support autonomous or semi-autonomous remediation actions across their hybrid infrastructure using the TruRisk AI learning model.

The Qualys TruRisk AI Learning model identifies blind spots, helps recognize anomalous behavior, and pre-empt known attacks.

AI-Powered Security and IT Collaboration: IT continuously adds new assets to an organization’s attack surface. However, to many cybersecurity stakeholders, a new IT asset simply represents ‘another IP address lacking risk context.’ With TruRisk AI, security teams can leverage new threat insights gained from injecting asset data with predictive analysis. Adding asset data enhances collaboration between cybersecurity professionals and peripheral IT tools, thus streamlining incident response and threat mitigation processes. In addition, Qualys CyberSecurity Attack Surface Management (CSAM) with EASM also bolsters workflow operations between security and IT teams by complimenting the bi-directional integrations that exist between Qualys and CMDBs, adding more threat context to improve asset hygiene.  

Qualys TruRisk AI automatically identifies misclassified assets and categorizes them correctly to secure them and take action to reduce risk.

AI and Cloud Security: Extending AI to cloud security will help drive consolidation between conventional Vulnerability Management and CNAPP solutions. With Qualys TotalCloud™, a CNAPP solution, customers can harness deep learning AI to deliver advanced threat detection across cloud environments, particularly within containers. This AI’s proficiency offers an advantage over traditional security measures and swiftly identifies complex threats, including elusive ones like ELF malware in Linux containers, without relying on signature-based tools. Additionally, it provides a comprehensive view of the entire cloud kill chain by analyzing network traffic and detecting sophisticated techniques, such as beaconing attacks. With its capability to spot various threats in mere seconds and its dashboard’s immediate remedial actions, Qualys strengthens cloud environments against pre- and post-deployment threats.

Summary

Qualys TruRisk AI applies the practical aspects of artificial intelligence to help security practitioners better identify assets and users, discover critical assets, and propose remediation actions that may be overlooked. As stated earlier, AI not only provides organizations with the powerful cybersecurity insights they need to reduce their cyber risk, but it also helps CISOs achieve a more holistic approach to mitigating their cyber risk posture by keeping pace with mounting CVEs and new attack vectors. Over the next few quarters, TruRisk AI will continue to accelerate product innovation and the many solutions that make up the Qualys Enterprise TruRisk Platform.

To learn more about the Qualys Enterprise TruRisk Platform and how Qualys is operationalizing AI, go to:  https://www.qualys.com/cloud-platform/

Share your Comments

Comments

Your email address will not be published. Required fields are marked *