A shock 91% of corporations have fallen victim to software supply chain incidents in only one 12 months, highlighting the necessity for higher protections for continuous integration/continuous deployment (CI/CD) pipelines.
Four in 10 corporations say misconfigured cloud services, stolen secrets from source code repositories, insecure use of APIs and compromised user credentials have gotten more common. The commonest impacts of those attacks are the malicious introduction of crypto-jacking malware (43%) and the required remediation measures impacting service level agreements (SLAs) (41%).
Attackers use AI to hone their craft and launch attacks that exceed a company's ability to maintain up. Since using offensive AI is to the advantage of attackers, cybersecurity providers must rise to the challenge and go all-in on AI to realize a greater defensive advantage and never lose the AI war.
Why software supply chains are a high-value goal
Attacking software supply chains is the ransom multiplier every attacker is searching for. Nation-state attackers, cybercrime syndicates, and advanced persistent threat (APT) groups routinely attack software supply chains because they’ve historically been the least protected area of a software company or company. Examples include the Okta breach, JetBrains supply chain attack, MOVEit, 3CX, Applied Materials, PyTorch Framework, Fantasy Wiper, and the Kaseya VSA ransomware attack. In these incidents, attackers exploited vulnerabilities within the software supply chain and impacted tons of of corporations worldwide.
Five areas where AI is strengthening supply chain security
It is becoming increasingly difficult to maintain up within the AI arms race. This is particularly true if you happen to, as an organization, are fighting adversaries using the newest generative AI tools, including FraudGPT and other AI tools. The excellent news is that AI is showing signs of detecting and slowing down – but not completely stopping – breaches and breaches of CI/CD pipelines. The five areas where AI is making an impact include the next:
CNAPP leverages AI to automate hybrid and multicloud security while shifting security across the SDLC. Cloud-native Application Protection Platforms (CNAPPs), which have AI and machine learning (ML) integrated into their platforms, effectively help DevSecOps detect threats early while scanning code in GitHub and other repositories before it’s written into an app . A CNAPP consolidates various security capabilities, including Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP), together with other tools resembling permissions management, API controls, and Kubernetes posture control, to supply end-to-end, comprehensive protection for cloud-native applications entire life cycle. Leading CNAPP providers include Cisco, CrowdStrike, Juniper Networks, Sophos, Trend Micro, Zscaler and others.
AI continues to extend endpoint security right down to the identity level while defining the long run by training LLMs. Attackers use AI to interrupt into an endpoint to steal as many sorts of privileged credentials as they’ll find, then use those credentials to attack other endpoints and move through a network. Closing the gaps between identities and endpoints is an amazing use case for AI.
A parallel development can also be gaining momentum among the many leading providers of prolonged detection and response (XDR). CrowdStrike Co-founder and CEO George Kurtz told the important thing audience at the corporate's annual Fal.Con event last 12 months: “One of the areas where we've really pioneered is having the ability to receive weak signals from different endpoints.” And we are able to link these together to seek out novel discoveries. We at the moment are extending this to our third-party partners so we are able to investigate other weak signals not only across endpoints but additionally across domains and develop novel detection.”
Leading XDR platform providers include Broadcom, Cisco, CrowdStrike, Fortinet, Microsoft, Palo Alto Networks, SentinelOne, Sophos, TEHTRIS, Trend Micro and VMWare. Improving LLMs with telemetry and human-annotated data defines the long run of endpoint security.
Adaptive automated threat detection: AI/ML models are designed to constantly learn from behavior and data patterns and achieve more adaptive automated threat detections over time. XDR and CNAPP providers use endpoint data to coach their LLMs, further improving their adaptability to automated threat detection and detection.
Given DevSecOps teams' strong desire to attain greater visibility into CI/CD pipelines, automated threat detection is increasingly being deployed as a part of a CNAPP platform. Identifying and classifying vulnerabilities and risks is now a crucial a part of the role of DevSecOp. It enables AI-based automated threat detection that may adapt in real-time to make sure the security of CI/CD pipelines.
AI streamlines and simplifies evaluation and reporting across CI/CD pipelines, detects potential risks or obstacles early, and predicts attack patterns. One of the explanations XDR and CNAPP vendors are doubling down on training their large language models (LLMs) with endpoint and attack data is to enhance the accuracy of risk prioritization and contextual evaluation. A CNAPP relies on a unified data lake and graph database for event logging, reporting, alerting, and relationship mapping, making it the best dataset for training LLMs and proven ML algorithms. AI-powered analytics ensure probably the most critical risks are addressed first, protecting the integrity of the software supply chain.
Using AI and ML to automate patch management. Automating patch management while leveraging different data sets and integrating them right into a risk-based vulnerability management (RBVM) platform is an ideal use case for AI. Leading AI-based patch management systems can interpret telemetry data for vulnerability assessment and prioritize risks by patch type, system and endpoint. Leading vendors include Atera, Automox, BMC Client Management Patch powered by Ivanti, Canonical, ConnectWise, Ivanti, Jamf, Kaseya, SysWard, Syxsense, Tanium and others.
“Patching isn’t nearly as easy because it sounds,” said Srinivas Mukkamala, chief product officer at Ivanti. “Even well-staffed and well-funded IT and security teams face prioritization challenges, amongst other pressing needs. To reduce risk without increasing workload, organizations must implement a risk-based patch management solution and leverage automation to discover, prioritize and even remediate vulnerabilities without excessive manual intervention.”
