The risks and best practices of deploying AI to an enterprise – Martin Roesch, Anurag Lal – ESW #366
Full Audio
View Show IndexSegments
1. The risks and best practices of deploying AI to an enterprise – Anurag Lal – ESW #366
We all might be a little worn out on this topic, but there's no escaping it. Executives want to adopt GenAI and it is being embedded into nearly every software product we use in both our professional and personal lives. In this interview, Anurag joins us to discuss how his company evaluated and ultimately integrated AI-based technologies into their products. We discuss:
- What to be aware of when deploying GenAI
- Key use cases and successes organizations are having with GenAI
- Some of the risks to be aware of
- How to prepare employees for GenAI
- Best practices to prepare for evolving threats
Announcements
Stay up-to-date with us on X (formerly known as Twitter) for the latest show clips and updates! Find us @SecWeekly and stay connected with our cybersecurity community.
Guest
Anurag Lal is the President and CEO of NetSfere. With more than 25 years of experience in technology, cybersecurity, ransomware, broadband and mobile security services, Anurag leads a team of talented innovators who are creating secure and trusted enterprise-grade workplace communication technology to equip the enterprise with world-class secure communication solutions. Lal is an expert on global cybersecurity innovations, policies, and risks.
Previously Lal was appointed by the Obama administration to serve as Director of the U.S. National Broadband Task Force. His resume includes time at Meru, iPass, British Telecom and Sprint in leadership positions. Lal has received various industry accolades including recognition by the Wireless Broadband Industry Alliance in the U.K. Lal holds a B.A. in Economics from Delhi University and is based in Washington, D.C.
Host
2. Shifting Cybersecurity Philosophy from Threat-Centric to Compromise-Centric – Martin Roesch – ESW #366
For decades, security teams have been focused on preventing and detecting threats, only to find themselves buried so deep in alerts, they can't detect anything at all! We clearly need a different approach, which will be the topic of our conversation today with Marty. We'll be discussing a shift in philosophy and tactics. We'll discuss whether SecOps has a hoarding problem, and possible paths out of the current situation preventing today's teams from successfully detecting attacks. Finally, we'll discuss the impact AI has on all this (if any).
Segment Resources:
Announcements
You're invited to InfoSec World 2024 at Disney’s Coronado Springs Resort in Lake Buena Vista, FL, from September 23-25. Join top cybersecurity experts for this premier event! Save 25% on your pass by using code ISW24-SW25 when you register at securityweekly.com/infosecworld2024. Don’t miss out on this exclusive opportunity!
Guest
CEO at Netography. Proven entrepreneur and business leader. Original author of the Snort open source project. Founder of Sourcefire and early pioneer of the Open Core business model.
Hosts
3. Is GenAI Having a Rough Time? We check in to see how it’s doing. – ESW #366
We've made a slight tweak to the news format, only focusing on the most interesting funding and acquisition stories. As always, you can go check out Mike Privette's Return on Security newsletter for the full list of funded and acquired companies every week.
This week, we discuss two $100M+ rounds, from Huntress and Semperis. We also discuss NetSPI's acquisition of Hubble, and the future of the CAASM market.
We focus on the important of detection engineering, echoing some of Martin Roesch's thoughts from our interview with him just before the news. One story is from the excellent DFIR report, a website and newsletter you should absolutely be subscribed to if detection engineering is important to you. The other story is from Thinkst, and showcases their ability to create file share honeypots with file listings that can now be tailored to specific industries.
We discuss the results of some polls that RSnake ran on Twitter, to get feedback from folks on what they think about these models where CISOs are reportedly getting kickbacks for buying products from companies they advise.
We also discuss the latest whistleblower insights about Microsoft and the state of security there, and the recent Polyfill.io incident that targeted over 100k websites with malware.
Finally, we spend the rest of the news segment discussing the current state of Generative AI, from our own perspectives, but also through the lens of Bruce Schneier's latest blog post, a year old post from Marc Andreesen, and a rage-fueled rant from an angry Aussie.
Don't miss the squirrel story - we highly recommend sending it to all your PhD friends (or not, if they're easily insulted and/or likely to hold a grudge).
Hosts
- 1. FUNDING: Huntress Raises a $150M Series D
$150M Series D at a $1.55B valuation, led by Kleiner Perkins, Meritech Capital, and Sapphire Ventures. Total funding is now $309.8M.
"Huntress is the leading cybersecurity partner for small and mid-sized businesses (SMBs) and the managed service providers that support them."
- 2. FUNDING: Semperis Secures $125 Million in Growth Financing – Semperis
$125M "venture round" (or Series D down round?) led by Hercules Capital and JP Morgan. Total funding is now $498.3M
"Semperis is a developer of enterprise identity protection and cyber resilience for cross-cloud and hybrid environments."
- 3. ACQUISITIONS: NetSPI expands proactive security with strategic acquisition of Hubble
- 4. MARKET UPDATE: Cybersecurity Market Update: May 2024 Insights & Trends
- 5. DETECTION: IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment
The latest in a series of writeups detailing how attacks happen (and apparently a brisk business selling detections as well!)
- 6. DETECTION: A Bird’s-eye view: ShareFinder-How Threat Actors Discover File Shares (The DFIR Report)
An article that doesn't mention AI? What???
The TL;DR is that juicy stuff is in file shares. Attackers like them. Which is why setting a file-share-based trap for attackers is a really good idea.
There actually was an angle for GenAI here - generating file names and file content at scale for these file shares. But it looks like Thinkst is already doing the file/directory structure generation for you, so that's covered!
- 7. DUMPSTER FIRE: Robert Hansen (RSnake) runs some surveys on sentiment around the Gili Ra’anan model
This is largely unsurprising and reminds me of a similar survey I did around how people felt about companies buying fake awards.
If you haven't read the original investigative piece, click here.
- 8. BREACHES: Whistleblower Says Microsoft Dismissed Warnings About a Security Flaw That Russians Later Used to Hack U.S. Government
Some insider insight on the culture of bad decisions that culminated in a breach that will take many years for Microsoft to live down.
- 9. BREACHES: Polyfill.io JavaScript supply chain attack impacts over 100K sites
- 10. ESSAYS: Navigating the Entrepreneurial Journey: Highlights from BuildCon
- 11. AI ESSAYS: How AI Will Change Democracy – Schneier on Security
A thought-provoking essay on all kinds of weird, unintended outcomes AI could result in. If you'd prefer a video version of this essay, it follows Bruce Schneier's RSA talk pretty closely.
- 12. AI ESSAYS: Why AI Will Save the World
An essay that seems largely self-serving, I don't think this is Marc's next "Software is Eating the World" essay. I think it might be more akin to his "Metaverse" moment. Everything we're hearing about AI suggests it can't do any of the things he's suggesting without human assistance.
At least, not right now. I don't think it's a given that this technology will continue to improve and have breakthroughs at the same speed we saw from GPT2 to GPT4o, I suspect we'll start seeing issues and regression at some point.
- 13. AI ESSAYS: I Will Fucking Piledrive You If You Mention AI Again — Ludicity
- 14. AI HYPE CHECK: From Dare Obasanjo on X: “…you aren’t just adopting AI, you’re doing data management as well.”
Just a few tweets, but really cuts to the heart of enterprise challenges in adopting GenAI: if your data is a hot mess, the AI will reflect that mess. GIGO still applies in the age of GenAI. Much of the problem here is a data hygiene/governance problem.
- 15. SQUIRREL: ChatGPT Now Has PhD-Level Intelligence, and the Poor Personal Choices to Prove It
A great laugh. I predict 50% of the folks you share this with won't realize it's satire.
