The cybersecurity landscape is evolving at an unprecedented pace, driven by the rapid expansion of digital infrastructures, the adoption of cloud technologies, and the relentless advancement of threat capabilities, including new AI tools and techniques. This dynamic environment presents a dual challenge: not only must we defend against a diverse array of threats, but we must also do so faster than ever before.
The exponential speed of attacks leveraging zero-day and newly disclosed vulnerabilities demonstrates that threats have surpassed the capacity of traditional, reactive cybersecurity technologies and strategies. We must shift our focus towards more proactive, predictive, and, particularly, fully automated and AI-driven approaches to network and cyber defense.
Cyber Attacks Keep Getting Faster
The recent ConnectWise vulnerability that was widely exploited, allowing any remote attacker to gain unauthorized access and control, exemplifies the speed and potential scale that threat actors aspire to capture with new progressions of threat methodologies. SixMap global threat intelligence observed just four days between vulnerability disclosure by the vendor and massive, global-scale exploitation in the wild. Industry research reported 3,000 vulnerable instances reachable from the Internet for this vulnerability.
The rapid exploitation of the ConnectWise vulnerability underscores a broader issue within cybersecurity practices. The Verizon 2024 Data Breach Investigations Report highlights a critical issue in vulnerability management, showing that a significant percentage of vulnerabilities remain unremediated even after 30, 60, and 365 days. Their analysis reveals that 85% of vulnerabilities are unremediated at 30 days, 47% at 60 days, and 8% remain unremediated even after a year.
Adding to the challenge, attackers are moving faster and becoming more efficient in exploiting these vulnerabilities. According to CrowdStrike’s 2024 Global Threat Report, the average “breakout time”—the time it takes an attacker to go from initial intrusion to lateral movement—for adversaries was 62 minutes in 2023, sped up from 84 minutes in 2022.
The acceleration of attacks today highlights a critical gap in current cybersecurity practices: the lag between threat detection and response. As cyber threats evolve to exploit vulnerabilities at scale faster than ever, the window for effective response narrows dramatically. This underscores the urgent need for more efficient and proactive vulnerability management strategies that can handle both new and existing vulnerabilities effectively.
The Role of AI and Automation in Cyber Defense
“Velocity of action” emphasizes the importance of quick, decisive action to outpace opponents and deal effectively with evolving threats. This concept is important for developing cybersecurity tools and practices in the future that can meet or exceed the rapid pace at which cyber threats evolve and stave off the potentially severe consequences of delayed responses. Automation is how we achieve velocity of action.
In the face of escalating cyber threats, integrating automation into cyber defense systems as part of a comprehensive Continuous Threat Exposure Management (CTEM) program has transitioned from a value-added feature to a core necessity. Automation empowers cybersecurity operations with speed, efficiency, and scalability—attributes crucial to addressing today’s threat landscape. These are the four areas of cyber every security leader should be looking to incorporate various levels of AI and automation:
•AI in Network Security: Artificial intelligence is reshaping network security by enhancing the functionality of automated systems. AI empowers these systems to learn from previous incidents and adapt to new threats. It excels at uncovering complex patterns and subtle anomalies that might escape detection by human analysts. It simplifies the cybersecurity workflow by taking over routine and labor-intensive tasks, significantly improving operational efficiency.
•Automated Threat Prioritization: Automation in threat prioritization leverages AI to assess and rank threats based on their potential impact and likelihood of exploitation. By integrating threat intelligence from various sources, AI can prioritize the most critical vulnerabilities, such as those that can be leveraged for ransomware attacks, those actively exploited by known threat actors, and those with high EPSS (Exploit Prediction Scoring System) scores. This data-driven approach ensures that security teams focus their efforts on mitigating the most pressing risks.
•Automated Vulnerability Validation: Just because a vulnerability exists doesn’t mean attackers can reasonably exploit it. Automation can be used to validate that a network asset is actually exploitable in the infrastructure of a specific environment. This reduces the burden on security teams and allows them to focus on mitigating the threats that matter to their organization.
•Automated Threat Mitigation: Organizations should deploy capabilities that give them the option, but not the obligation, to auto-fix vulnerabilities at scale. While there are risks from taking an automated remediation approach, it should be an option for an organization to weigh those risks versus the risks posed by the imminent threat of a specific cyber attack. For example, when defenders are dealing with fast-moving attacks that allow adversaries to gain root privileges in remote code execution, automated remediation should be an option to stop the attack.
The journey towards a fully automated cyber defense framework is complex and necessitates a thorough evaluation of the operational considerations. Despite these complexities, the advantages of improved security, efficiency, and resilience make this pursuit highly valuable and worthwhile.
Ad