I love AI – especially Neural Networks. When you see a Neural Network in action, it feels like magic. I am excited to see the innovations AI brings to the world of security. However, I cringe to hear enterprises talk about using AI-based security tools when they clearly have not yet come to terms with the basics of security. Here are the fundamental controls an enterprise must put in place before considering any AI tools.
1. Encrypt everything
I will be the first to acknowledge that encryption is not an easy task if you have your own data center. Cloud services like AWS (e.g., KMS) make it a little easier, which is one of the best reasons to move to the cloud.
2. Log everything
Many SaaS and on-prem tools can help you log everything in one place. While choosing and installing a tool is 5% of the effort, 95% rests in finding all the logs and directing them to the tool. Once you have everything (and I mean everything) in one place, consider putting an AI-based anomaly detection tool on top of your log repository.
3. Use two-factor authentication everywhere
Once again, easier said than done, especially for internal systems. Using Duo or Okta on the perimeter is much easier. Start with the perimeter.
4. Secure your own code
Don’t let insecure code slip into production. Free tools like FindSecBugs do a fantastic job of finding most coding mistakes related to security. Some of those tools work on bytecode, so you can run them in the runtime staging environment to ensure that no security issues remain in your code. You can also use tools such as CodeLogic to run them for you.
5. Secure third-party code
Common Vulnerabilities & Exposures (CVEs) in third-party or open-source components are among the most common entry points for hackers. Tools such as CodeLogic monitor such components and alert you to vulnerabilities. Use them and patch your apps in a timely manner.
None of this is new, but it needs repeating from time to time. We all know what to do. The biggest challenge is execution. This is why project management is one of the most important roles in a security practice. If you don’t have one already, consider hiring a security Project Manager so good ideas don’t fall through the cracks.