After decades spent building information security perimeters around network devices, companies are being ravaged by cyber criminals who have proven deadly effective at circumventing their protections – leading many to warn that the situation can only be fixed if companies embrace new identity-based security paradigms that leverage artificial intelligence (AI) for support.
“We are seeing a lot of sophisticated attacks done by bad actors who are constantly trying to identify gaps and weak spots in your security perimeter,” explained Amit Saha, co-founder and chief growth officer with Saviynt.
“They’re trying to really expand their breaches to ensure they are able to extract as much information as possible, and as much leverage as possible, from the enterprise.”
Over and over again, massive companies are being breached – and millions of customer records stolen – after even just one slipup by an employee who has made mistakes managing a crucial password, or reused passwords that were compromised in a data breach.
With cyber criminals trading billions of such credentials online every year, the value of an identity-based security perimeter – in which people, applications, and devices must regularly reconfirm their identity based on their current status – becomes clear.
“You are also dealing with external or supply chain users where you probably have lesser control over those identities,” Saha said. “In some cases, the identities are very deeply embedded within your ERP systems and you need to really understand the authorisation model within those systems before you can even design the right set of security controls.”
Given the complexity of those controls and the proliferation of connected devices – which must also be managed within new identity-based security perimeters – AI has become critical to help companies keep up with the potentially overwhelming surge of notifications and updates that such devices generate.
“When we look at how efficient we can be as humans to detect this growing attack surface of machine identities, it just becomes too much,” said Saviynt senior vice president of strategy Henrique Texeira, calling it “cognitive overload for organisations to do that – defining policies and writing controls – by human means.”
“AI is quite useful for finding that needle in the haystack,” he continued, “to detect anomalies or to recommend things – and we’re seeing that by using AI, we can help organisations be more efficient in fighting back against those attackers that are also using the same type of technology.”
