CISO Corner: Securing the AI Supply Chain; AI-Powered Security Platforms; Fighting for Cyber Awareness
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: facing hard truths in software security, and the latest guidance from the NSA.
April 12, 2024
Welcome to CISO Corner, Dark Reading's weekly digest of articles tailored specifically to security operations readers and security leaders. Every week, we offer articles gleaned from across our news operation, The Edge, DR Technology, DR Global, and our Commentary section. We're committed to bringing you a diverse set of perspectives to support the job of operationalizing cybersecurity strategies, for leaders at organizations of all shapes and sizes.
In this issue of CISO Corner
The Race for AI-Powered Security Platforms Heats Up
Why MLBOMs Are Useful for Securing the AI/ML Supply Chain
The Fight for Cybersecurity Awareness
Ambitious Training Initiative Taps Talents of Blind and Visually Impaired
Vietnamese Cybercrime Group CoralRaider Nets Financial Data
XZ Utils Scare Exposes Hard Truths About Software Security
NSA Updates Zero-Trust Advice to Reduce Attack Surfaces
The Race for AI-Powered Security Platforms Heats Up
By Robert Lemos, Contributing Writer, Dark Reading
Microsoft, Google, and Simbian each offers generative AI systems that allow security operations teams to use natural language to automate cybersecurity tasks.
Both Google and Microsoft have committed massive resources to developing generative artificial intelligence (AI) tools for cybersecurity. Security Copilot from Microsoft can find breaches, gather, and analyze data with help from generative AI. Google's Gemini in Security is a similar rival service.
Now a startup has entered the fray, Simbian, with its own system that leverages generative AI as well as large language models (LLMs) to help security teams by automating configuring event management systems (SIEM) or security orchestration, automation, and response (SOAR).
While each offering has its own set of benefits, they all strive to streamline processes for strained cybersecurity teams. The question that has yet to be answered is whether teams will ultimately trust the automated systems to operate as intended.
Read more: The Race for AI-Powered Security Platforms Heats Up
Related: How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Why MLBOMs Are Useful for Securing the AI/ML Supply Chain
Commentary By Diana Kelley, CISO, Protect AI
A machine learning bill of materials (MLBOM) framework can bring transparency, auditability, control, and forensic insight into AI and ML supply chains.
The software bill of materials (SBOM) has become an essential tool for identifying the code that makes up an application, but in the age of artificial intelligence (AI) the SBOM has some limitations in machine learning frameworks.
A machine learning software bill of materials, or MLBOM, could fill the gaps left in a traditional SBOM and add protections to data and assets.
Read More: Why MLBOMs Are Useful for Securing the AI/ML Supply Chain
Related: Where SBOMs Stand Today
The Fight for Cybersecurity Awareness
Commentary By Erik Gross, CISO, QAD
Investing in cybersecurity skills creates a safer digital world for everyone.
Spreading awareness of risk is the best way to mitigate cybersecurity risk, but the task of constantly training and re-training people on the latest threats can be daunting. The age of artificial intelligence is making it even more difficult.
Building a culture of security is paramount, and it can be achieved with thoughtful cybersecurity training with a focus on a personal approach, storytelling, and helping people feel comfortable talking openly about cybersecurity. Humans are unpredictable, and a cybersecurity training process that accepts that humans are complex creatures have had the most success.
Read More: The Fight for Cybersecurity Awareness
Related: Q&A: The Cybersecurity Training Gap in Industrial Networks
Ambitious Training Initiative Taps Talents of Blind and Visually Impaired
By Jennifer Lawinski, Contributing Writer, Dark Reading
Novacoast's Apex Program prepares individuals with visual impairments for cybersecurity careers.
Blind and visually impaired (BVI) people are an untapped talent resource for cybersecurity companies struggling to attract talent. With just a computer outfitted with a screen reader and Braille keyboard, BVI people can become valuable contributors. Two cyber CEOs have launched Apex Program, an online, on-demand course for BVI people who want to break into cybersecurity.
So far, four students have completed the course and one has already landed a job as a SOC 1 Analyst. Now the White House is getting involved, and there's even a short film in the works featuring the Apex Program.
Read More: Ambitious Training Initiative Taps Talents of Blind and Visually Impaired
Related: 3 Ways Businesses Can Overcome the Cybersecurity Skills Shortage
Vietnamese Cybercrime Group CoralRaider Nets Financial Data
By Robert Lemos, Contributing Writer, Dark Reading
With a complex attack chain and using Telegram for its command and control, CoralRaider targets victims in Asian countries — and appears to have accidentally infected itself as well.
A newcomer on the Vietnamese cybercrime scene, a group called CoralRaider is making moves — and rookie mistakes like infecting their own systems — along the way.
Security researchers at Cisco Talos have been tracking CoralRaider's activities and found they are motivated by profit, even though the group is having trouble getting their operation off the ground. So far, Cisco Talos analysts haven't seen any indication CoralRaider has yet successfully delivered a payload, but the group is actively working to improve their cybercrime skills.
Read More: Vietnamese Cybercrime Group CoralRaider Nets Financial Data
Related: Ransomware, Junk Bank Accounts: Cyber Threats Proliferate in Vietnam
XZ Utils Scare Exposes Hard Truths About Software Security
By Jai Vijayan, Contributing Writer, Dark Reading
Much of the open source code embedded in enterprise software stacks comes from small, under-resourced, volunteer-run projects.
The backdoor recently discovered in the XZ Utils tool should be a wake-up call for cyber teams that open source repositories are riddled with vulnerabilities.
These projects are volunteer-run, under-resourced, and unable to keep up with the latest threats. XZ Utils is itself a one-person operation. Enterprises using code from these open sources do so at their own risk.
Organizations are advised to vet their use of code from public repositories and determine whether they have appropriate security controls. Experts also recommend having engineering and cybersecurity teams define processes and roles for onboarding open source code.
Read More: XZ Utils Scare Exposes Hard Truths About Software Security
NSA Updates Zero-Trust Advice to Reduce Attack Surfaces
By Dark Reading Staff
Agency encourages broader use of encryption, data-loss prevention, as well as data rights management to safeguard data, networks, and users.
In its ongoing effort to provide both the public, as well as the private, sectors with support in getting on a path to zero trust, the National Security Administration has issued guidance related to data protection, or as NSA categorizes it, the "data pillar." Recommendations from the agency include the use of encryption, tagging, labeling, and more.
Prior to this data security guidance, NSA provided a detailed guide to network macro- and micro-segmentation and its role in building up a zero-trust framework.
Read More: NSA Updates Zero-Trust Advice to Reduce Attack Surfaces
About the Author
You May Also Like