Organizations must constantly contend with cyber threats and vulnerabilities because the risks to their digital assets are real. As a result, organizations engage in cyber risk management practices to protect the confidentiality, integrity, and availability of those assets. The need for such measures is clear and many overlapping methods are available, but are the current practices producing the intended results?
In addition to questioning whether the current practices yield results, organizations should also consider the growing challenges those practices face. For example, threat actors are launching more sophisticated attacks, leveraging AI and automation, and targeting cloud deployments and MFA software. At the same time, many cyber security teams face challenges from reduced budgets, limited staffing, and major initiatives such as cloud migrations and merger and acquisition activities.
Current Risk Management Practices Fall Short
Recent research from IDC found that 78% of cyber security leaders consider identifying high-risk assets, both people and technology, to be of moderate or high importance. Some methods for identifying these risks include pentesting, red teaming, breach and attack simulations, vulnerability scans, and attack surface management.
However, effectively carrying out these tasks is easier said than done. They require resources, coordination, and buy-in from IT, cyber security, and compliance departments. And even when teams are able to perform these preventative security tests, the relevance and value of the results are often short-lived due to the dynamic nature of today’s digital architectures. This fleeting relevance is particularly concerning since the IDC InfoBrief found that only 24-31% of companies across all industries can continuously run preventative exercises like pentests.
Finally, even when a company runs a pentest, it may not yield useful recommendations. For example, IDC reported that only 34% of companies feel like pentesting and red teaming exercises provide them with actionable insights on where and how to harden their defenses. That means that for most security teams, investing in these activities does not provide a return in risk reduction.
Overall, we can infer from the IDC InfoBrief’s findings that current, mainstream cyber risk management practices provide time-limited value, and they often do not go far enough to provide actionable insights for managing risk.
Using AI to Promote Risk Reduction
Darktrace’s Research & Development team sought to create a solution that would better help security teams manage risk by providing improved evaluations and clear guidance. To that end, they incorporated these capabilities into Darktrace PREVENT™.
PREVENT is made up of two products. The first is Darktrace PREVENT/Attack Surface Management™ (ASM), which monitors an organization’s attack surface for vulnerabilities and risks. It can search beyond known assets, typically surfacing 30-50% more assets than an organization realizes it has. With this capability, it can also identify shadow IT and brand abuse.
The other product is Darktrace PREVENT/End-to-End™ (E2E), which uses Self-Learning AI to determine every possible attack path in the internal system. It can also measure the potential security impact of each asset, meaning it can prioritize targets with higher value.
As PREVENT monitors the external attack surface and internal attack paths, it generates understandable reports for security teams, including prioritized lists of actionable insights. This real-time risk-prioritized insight enables security teams to proactively and efficiently manage their risk.
PREVENT also reduces risk autonomously, without the human security team. When combined with Darktrace’s detection and response capabilities in the Cyber AI Loop™, the AI will increase the sensitivity and protection around an organization’s high-value assets and the likely attack paths identified by PREVENT.
Most importantly, since PREVENT is powered by AI, it performs all these risk-reducing activities continuously, providing more frequent outputs to security teams. In these ways, PREVENT helps security teams preempt known and unknown attacks and achieve a high level of protection, even with a limited budget and staff.
Since the tool was launched last year, many organizations have already integrated PREVENT into their broader cyber risk management programs.
“PREVENT is an incredibly helpful way to understand risk, particularly when comparing changes over time,” said a Vice President of IT Operations & Cybersecurity in the facilities management industry. “Understanding vulnerabilities is one thing, but actually being able to digest and prioritize them is even better.”
The IDC InfoBrief found that traditional approaches to preventative security measures are not sufficient to reduce risk. These point protections lose effectiveness with dynamic digital infrastructure and, in most cases, do not yield clear and actionable insights. Instead, the InfoBrief recommends a holistic approach to risk management, with continuous monitoring powered by AI. PREVENT and the Cyber AI Loop encapsulate this recommended approach using Self-Learning AI to identify vulnerable assets and harden security around them.
For more insights, download the full IDC report here.
