Interviews | December 19, 2023

AI is Helping Close the Cybersecurity Skills Gap

Carbon Black | NCC Group | ThreatLocker

Jason Rolleston
Vice President and General Manager

Carbon Black

Q1. With the increasing integration of AI, machine learning, and automation in cybersecurity products, what approaches or advancements is Carbon Black exploring to enhance endpoint threat detection and response?

AI is already contributing to closing the cybersecurity industry's skills gap and automating routine tasks. This leads to enhanced effectiveness and empowers individuals to engage in more critical thinking. One significant advantage of this shift in approach is that it allows cybersecurity professionals to redirect their focus towards activities such as threat hunting, which can have a more substantial positive impact on their environments. As AI increasingly takes over routine tasks, the demand for skilled defenders will grow significantly, providing organizations with opportunities to strategically enhance their security efforts. Instead of dedicating their efforts to identifying malware, these professionals will have the freedom to pursue entry points, lateral movements and other stealthy tactics used by adversaries attempting to maintain a presence and maximize their gains.

Carbon Black has long-leveraged machine learning and AI techniques to enhance analysts and help them make better decisions, faster and we’ll continue to implement features that positively impact the security analysts experience.

Q2. Looking at 2024 and beyond, what do you see as some of the biggest emerging security threats and what should organizations be doing right now to stay ahead of those threats?

In 2024, organizations need to stop focusing on the payload and deal with cybersecurity more holistically. Companies worry too much about the encryption part of ransomware and not enough about the things that actually matter. Before ransomware is deployed, there are numerous red flags already missed that could have stopped an attack from happening such as indicators of espionage. Ransomware may be the leak in your ceiling, but by the time you notice it, the black mold has already spread throughout your environment.

Instead of centering investments and efforts around cyber incidents, businesses will focus on risk management. Many organizations have not invested in a Risk Management foundation and it's starting to show- most are unable to meaningfully address new regulation through their own comprehensive security strategy. Move on to things you can solve such as major vulnerabilities or gaping holes in your environment and prioritize collecting the best quality data possible.

Additionally, adversaries rely on the average team’s lack of visibility, knowing that they're most likely deploying “easy button” cybersecurity solutions that result in a false sense of security. Targeted attacks are rising, but organizations are also dealing with the responsibility of ensuring their actions do not harm others, in other words, "duty of care." Failure to prove duty of care has serious implications for how companies defend their networks- and potential consequences like fines and reputational damage.

Q3. What insights, product demonstrations or educational content did Carbon Black share with attendees and potential customers that visited Carbon Black's booth or sessions at Black Hat Europe 2023?

At Black Hat Europe, Carbon Black focused on how the industry can close the Risk Gap, otherwise known as the growing distance between an organization’s status quo defenses and its exposure to directed attacks. This also factors in the increasing burdens of meeting compliance and governance requirements. Carbon Black demonstrated how people can:

  • Shut down directed attacks
  • Prove duty of care
  • Embrace a positive security model
  • Gain visibility and context faster

We gave attendees insights into our cloud solutions, where security professionals gain visibility and context faster with our Extended Detection Response (EDR) solutions, while demonstrating our prevention capabilities with our Next Generation Anti-Virus tools and our Application Control product. Most importantly, we integrated these solutions through our product demonstrations, showing attendees how to simplify their security stack and integrate them into their other security solutions, such as ServiceNow and Splunk.dss

On Day One, John Wilkinson, a Carbon Black Senior Solutions Engineer in the UK, took attendees through a presentation titled "You Can't Stop What You Can't See." He demonstrated live a ransomware attack and how security teams truly rely on visibility and context for the best security posture, giving them the ability to provide that duty of care to the business they are protecting.

Matt Hull
Global Head of Threat Intelligence

NCC Group

Q1. How did the criminal threat landscape evolve in 2023? Looking at 2024 and beyond, what do you see as some of the biggest emerging threats?

The pervasive threat from organized crime groups should still be at the forefront of people’s minds in 2024. We have seen a gradual increase in the activities of Initial Access Brokers, the deployment of info-stealer malware, and of course extortion in the form of ransomware. In terms of the latter, we have seen record numbers of victims in 2023, but most notably, we have seen yet again new and novel techniques used by ransomware operators to maximize their gains. As global government and law enforcements implement new regimes to tackle the threat from ransomware, criminals will continue to evolve and diversify their services. Even if an organization doesn’t perceive a direct threat to ransomware as plausible, they should really be thinking about the potential impact to their supply chain.

Q2. What explains the increased threat actor interest in OT environments and critical infrastructure targets. What can organizations and government do to make it harder and costlier for adversaries to carry out these attacks?

OT Environments are particularly susceptible to ‘down-time’ and any opportunity to extort a victim is a good one for those groups that are financially motivated. OT environments also have the potential to be vulnerable due to older legacy technologies being in place, and these have the potential to be exploited.

Q3. What were some of NCC Group's goals in participating at Black Hat Europe 2023. What did you want attendees at customers at the event to take away from your company's participation at the event?

The main thing we wanted to show in our talk is that the cybersecurity ecosystem must rely on a collection of different skills and business areas. They wont work in isolation. From my perspective, I wanted to show that Cyber Threat Intelligence, which is still sometimes regarded as a ‘nice to have’, should very much be at the heart of that ecosystem.

Danny Jenkins
CEO and Co-founder


Q1. Looking at 2024 and beyond, how do you expect threats to endpoint devices and technologies to evolve?

Considering the landscape, the evolution of threats to endpoint devices and technology is likely to manifest in an increase in supply chain attacks, a growing trend of weaponizing existing tools, and a heightened focus on exploiting vulnerabilities. This underlines the evolving landscape of endpoint security threats, emphasizing the need for proactive measures to counteract these emerging challenges.

Q2. What is it going to take for organizations to be able to mitigate the next generation of AI-enabled phishing attacks, malware and other threats? How should organizations be preparing now for these threats?

The landscape has shifted with AI enabling attackers to craft sophisticated emails and create unique, undetectable malware. Mitigating the next generation of AI-enabled threats demands a shift toward a zero-trust approach. Adopting the assumption that all software is potentially harmful until approved, implementing strict limitations on application functionalities, and enforcing controls like dual-factor authentication are vital. This strategy aims to contain damage in case of phishing incidents, ensuring that even if a user falls victim, the impact is limited. It's a proactive stance to counter the evolving nature of AI-enabled phishing attacks and malware threats.

Q3. What were ThreatLocker’s goals at Black Hat Europe 2023? What did you highlight at the event?

At Black Hat Europe 2023, ThreatLocker aims to serve as an educational resource, enlightening the market and IT professionals about evolving risks. Our primary objective is to engage with a broader spectrum of European companies, gaining deeper insights into their challenges. Through this, we aspire to enhance our understanding of the unique issues faced by organizations in Europe, fostering a more comprehensive approach to addressing their cybersecurity concerns.

Sustaining Partners