A staggering 91% of enterprises have fallen victim to software supply chain incidents in just a year, underscoring the need for better safeguards for continuous integration/continuous deployment (CI/CD) pipelines.
Four in 10 enterprises say misconfigured cloud services, stolen secrets from source code repositories, insecure use of APIs and compromised user credentials are becoming common. The most common impacts of these attacks are the malicious introduction of crypto-jacking malware (43%) and the needed remediation steps impacting SLAs (service level agreements) (41%).
Among those enterprises that have experienced software supply chain incidents in the last 12 months, 96% suffered some impact. Source: The Growing Complexity of Securing the Software Supply Chain, Enterprise Strategy Group
Attackers are using AI to fine-tune their tradecraft and launch attacks that outpace any organization’s ability to keep up. With attackers’ use of offensive AI working to their advantage, cybersecurity vendors need to step up to the challenge and go all in on AI to gain a greater defense advantage and not lose the AI war.
VB Event
The AI Impact Tour – NYC
We’ll be in New York on February 29 in partnership with Microsoft to discuss how to balance risks and rewards of AI applications. Request an invite to the exclusive event below.
Why Software supply chains are a high-value target
Attacking software supply chains is the ransom multiplier every attacker is looking for. Nation-state attackers, cybercrime syndicates and advanced persistent threat (APT) groups routinely go after software supply chains because they’ve historically been the least-defended area of any software company or business. Examples include the Okta breach, JetBrains supply chain attack, MOVEit, 3CX, Applied Materials, PyTorch Framework, Fantasy Wiper and Kaseya VSA ransomware attack. In these incidents attackers exploited software supply chain vulnerabilities, affecting hundreds of businesses worldwide.
Five areas where AI is strengthening supply chain security
It’s getting more challenging to keep up the pace in the AI arms race. That’s especially true if you’re an organization battling adversaries using the latest generative AI tools, including FraudGPT and other AI tools. The good news is that AI is showing signs of identifying and slowing down – but not completely stopping – intrusions and breaches aimed at CI/CD pipelines. The five areas where AI is making an impact include the following:
CNAPP relies on AI to automate hybrid and multicloud security while shifting security left in the SDLC. Cloud-Native Application Protection Platforms (CNAPPs) that have AI and machine learning (ML) integrated into their platforms are effective in helping DevSecOps spot threats early while also scanning code in GitHub and other repositories before it’s written into an app. A CNAPP consolidates various security capabilities, including Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP), along with other tools like entitlement management, API controls, and Kubernetes posture control, to provide comprehensive protection for cloud-native applications throughout their entire life cycles. Leading CNAPP vendors include Cisco, CrowdStrike, Juniper Networks, Sophos, Trend Micro, Zscaler and others.
CNAPP consolidates a wide variety of security apps into a single, unified platform to improve data visibility and prediction accuracy, all contributing to stronger Cloud Security Posture Management. Source: Gartner, How Cloud-Agnostic Tools Can Secure Your Multicloud, Feb. 5 2024
AI continues to harden endpoint security down to the identity level while also defining the future by training LLMs. Attackers are using AI to penetrate an endpoint to steal as many forms of privileged access credentials as they can find, then use those credentials to attack other endpoints and move throughout a network. Closing the gaps between identities and endpoints is a great use case for AI.
A parallel development is also gaining momentum across the leading extended detection and response (XDR) providers. CrowdStrike co-founder and CEO George Kurtz told the keynote audience at the company’s annual Fal.Con event last year, “One of the areas that we’ve really pioneered is that we can take weak signals from across different endpoints. And we can link these together to find novel detections. We’re now extending that to our third-party partners so that we can look at other weak signals across not only endpoints but across domains and come up with a novel detection.”
Leading XDR platform providers include Broadcom, Cisco, CrowdStrike, Fortinet, Microsoft, Palo Alto Networks, SentinelOne, Sophos, TEHTRIS, Trend Micro and VMWare. Enhancing LLMs with telemetry and human-annotated data defines the future of endpoint security.
Adaptive Automated Threat Detection: AI/ML models are designed to continually learn from behavioral and data patterns and, over time, achieve more adaptive automated threat detections. XDR and CNAPP vendors are using endpoint data to train their LLMs to improve further how adaptive they are to automated threat detection and discovery.
Given the strong push to gain greater visibility across CI/CD pipelines by DevSecOps teams, automated threat detection is increasingly delivered as part of a CNAPP platform. Identifying and ranking vulnerabilities and risks is a big part of DevSecOp’s role today, making AI-based automated threat detection that can adapt in real-time table stakes for keeping CI/CD pipelines secure.
AI is streamlining and simplifying analytics and reporting across CI/CD pipelines, identifying potential risks or roadblocks early and predicting attack patterns. One of the reasons why XDR and CNAPP vendors are doubling down on training their large language models (LLMs) with endpoint and attack data is to sharpen the accuracy of risk prioritization and context analysis. A CNAPP relies on a unified data lake and graph database for event logging, reporting, alerting and relationship mappings, making it the ideal data set for training LLMs and long-standing ML algorithms. AI-enhanced analytics ensure that the most critical risks are addressed first, safeguarding the integrity of the software supply chain.
Using AI and ML to automate patch management. Automating patch management while capitalizing on diverse datasets and integrating them into a risk-based vulnerability management (RBVM) platform is a perfect use case of AI. Leading AI-based patch management systems can interpret vulnerability assessment telemetry and prioritize risks by patch type, system and endpoint. Leading vendors include Atera, Automox, BMC Client Management Patch powered by Ivanti, Canonical, ConnectWise, Ivanti, Jamf, Kaseya, SysWard, Syxsense, Tanium and others.
“Patching is not nearly as simple as it sounds,” said Srinivas Mukkamala, chief product officer at Ivanti. “Even well-staffed, well-funded IT and security teams experience prioritization challenges amidst other pressing demands. To reduce risk without increasing workload, organizations must implement a risk-based patch management solution and leverage automation to identify, prioritize, and even address vulnerabilities without excess manual intervention.”
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.
