I love AI – especially Neural Networks. When you see a Neural Network in action, it feels like magic. I am excited to see the innovations AI brings to the world of security. However, I cringe to hear enterprises talk about using AI-based security tools when they clearly have not yet come to terms with the basics of security. Every data breach of the last 5 years could have been prevented with basic security measures that have been common knowledge for 20 years. Here are the fundamental controls an enterprise must put in place before considering any AI tools.
I will be the first to acknowledge this is not easy if you have your own data center. Cloud services like AWS (e.g. KMS) make it a little easier. This is one of the best reasons to move to the cloud.
Many SaaS and on-prem tools can help you log everything in one place. Choosing and installing a tool is 5% of the effort. 95% is finding all the logs and directing them to the tool. Once you have everything (and I mean everything) in one place, consider putting an AI-based anomaly detection tool on top of your log repository.
Use two-factor authentication everywhere.
Once again, easier said than done, especially for internal systems. Using Duo or Okta on the perimeter is much easier. Start with the perimeter.
Secure your own code.
In 2019, there is no reason to let insecure code slip into production. Free tools like FindSecBugs do a fantastic job of finding most coding mistakes related to security. Some of those tools work on byte-code, so you can run them in the runtime staging environment to ensure that no security issues remain in your code. You can also use tools such as Panoptics to run them for you.
Secure third-party code
Common Vulnerabilities & Exposures (CVEs) in third-party or open-source components are among the most common entry points for hackers. Tools such as Panoptics monitor such components and alert you of vulnerabilities. Use them and patch your apps in a timely manner.
None of this is new, but it needs repeating from time to time. We all know what to do. The biggest challenge is execution. This is why project management is one of the most important roles in a security practice. I rarely see project managers on security teams. Without one, good ideas can easily fall through the cracks. Consider getting a security project manager.
Thanks to Scott Murray for reviewing and editing a draft of this article.