theCUBE + NYSE Wired present the East Coast AI Leaders Executive Series | Etay Maor, Cato Networks

Clips
More from theCUBE + NYSE Wired present the East Coast AI Leaders Executive Series

Etay Maor

Chief Security Strategist

Cato Networks

play_circle_outline Navigating Security Challenges in AI: Threat Detection, Resilience, and Targeting of Legacy Systems

play_circle_outline AI in security: data risk management and generative AI for resilience and threats.

play_circle_outline Leveraging AI for pattern recognition and data analysis in security

play_circle_outline AI for good opportunities to counter AI for bad opportunities

Info
Transcript

Etay Maor, Cato Networks

Etay Maor

Chief Security Strategist Cato Networks

Security strategist Etay Maor discussed the impact of AI on security, specifically in analyzing data for threats and protecting against attacks. Threat actors target AI systems with injections to bypass security measures, while the MITRE ATLAS initiative examines these attacks. Companies utilize AI for simulations, vulnerability detection, and two-factor authentication attacks. AI patterns aid in threat identification, though threat actors can adapt quickly. Law enforcement and security firms use AI to correlate data and identify malicious patterns. Cato Netw... Read more

explore Keep Exploring

What are some of the reasons for using AI in security and the potential threats to AI systems? add

What are the two main ways in which AI is utilized in the field of security? add

What are some key considerations regarding the role of AI in cybersecurity, particularly in relation to both defensive (blue teams) and offensive (red teams) strategies? add

What has the security industry been harnessing neural networks for, and for how long? add

bolt Powered by CUBE AI

Etay Maor, Cato Networks

search

>> Hello

>> everyone. Welcome back to theCUBE's coverage here in New York City at theCUBE Studios East, the New York Stock Exchange. We are on the balcony looking out over the floor. The closing bell is soon coming on, day one of three days of wall-to-wall coverage. I'm John Furrier, host of theCUBE. Got a great guest here, Etay Maor is back on theCUBE. Chief security strategy at Cato Networks, founding man of Cato CTRL. Great to see you. You're back on. We saw you at Black Hat. Now. Welcome back here at theCUBE East, partnering with NYSE and Brian Baumann, The Wired community. You've got this open source, we merged theCUBE community with the NYSE community, and it's been quite the explosion of interaction and engagement. It's great to have you here and see it.

Etay Maor

>> Thank you for having me. It was a great last time. Looking forward to this.

>> Yeah, I want to say thanks to you for coming on at Black Hat. One of the things about AI that's really interesting is that when we zoom out, we always say this on theCUBE, I think we chatted about it in Vegas at Black Hat was at the end of the day, it's a data risk problem. So, there's risk management and it's the data, data's everywhere. And actually all the most progressive AI action right now in generative AI is in the security area. Yeah, there's some infrastructure stuff, low- hanging fruit, Workflows. Yeah, point specific productivity gains check. But in terms of big impact, we're seeing a lot of gen AI, mainly because security folks are skeptical. It's got to work, it can't fail. So, you're seeing a lot of focus on real heavy- duty security challenges, especially on the threat side, but also on the resilience side. I mean, cyber resilience to traditionally been a ransomware problem. How do I recover from ransomware? But gen AI also has the same challenges of resilience. I've asked everyone, how do you define resilience and gen AI? Well, it's early days, but this is at the front end, the tip of the spear in the industry is security. In my mind. Of course, you're in it, you probably agree.

Etay Maor

>> Yeah. So when we look at AI, basically we looking at two different things. We use AI for security. You are saying data, right? So there's huge amounts of data that security folks need to look into. Can't really do it manually, so you use AI in order to find different patterns and identify threats. And on the side of resiliency on the other hand is yeah, these systems, these AI systems are going to be targeted, actually, they already are being targeted by threat actors. And so we need to make sure that we understand what are the techniques that they're using and how do we protect our own AI systems from these attacks.

>> It's interesting. One of the biggest... Well, first of all, the surface area is just now expanded, but also security also is a human challenge too. And we don't want to have bad configuration. People get in, but now you have models being promptly injected, prompt injections a big popular thing, but context poisoning is another one. I mean, it's like getting to the school, people in kindergarten, "Hey, smoke cigarettes, that's good for you. " I mean, you can influence the training early. Okay, you can do bad things to this data that's not yet been informed. How do you undo that? What's the resilience to that, Etay? I mean, so all these new things are cropping up. There's no observability, there's no real understanding of rollback. I mean, this is security 101.

Etay Maor

>> To be honest, I feel like we are having the same discussions that we had almost 15 years ago around application security. Because you're right, threat actors are already targeting AI systems with bad injections. For example, we've seen malware code where in the code itself, they put injections. Why? Because they know that an AI system will scan it to see if it's bad code. So it's trying to tell the AI, "I'm not bad code, I'm actually, you need me. " So they try to make sure that they get in. So right, how do we protect from it? And interestingly enough, there is actually a very big initiative right now by MITRE called MITRE ATLAS that is similar for those who are familiar to MITRE ATT&CK to understand how threat actors operate. This is on the AI side. So how are threat actors targeting AI? And we've actually been part of that initiative along the way, the Microsoft CrowdStrike and 15 other companies. And it's really a deep diving into how threat actors are targeting AI systems.

>> This year, it's probably been my most fun. I've had a security conference. Well, I always have fun in the security conferences because you got the RSA, which is kind of like the big marketing show, business show, and then you got Black Hat, which is summer camp for hackers and white hats and who knows who's in the crowd there. But this is the year that has been kind of intoxicating from the standpoint of what is automation and trust and delegation concepts around teamwork and working together. Because now with agents on the horizon, you can almost have these fantasy conversations like, "Hey, blue and red teams could be AI hunters. " Okay, I can run digital twin simulations, like simulations to get a sense for where my efficiencies are. So, this was the year I've had actual conversations like, "Hey, I'm going to automate my red team and see what happens. " So a lot more going on that's gettable with the horsepower available. What's your reaction to that, Etay, and how should companies think about leveraging digital and data as first party simulations to get the benefit of what a digital twin does for manufacturing?

Etay Maor

>> So one of the key things around AI, and it's something we talk a lot about, is it's an enabler. It's in power. You can do a lot more with it. You can use a lot more data, you can do a lot more actions. And that goes, as you said, both for the blue teams who are trying to secure and both for the red teams who are trying to get in. And we need to harness that power because as I mentioned before, threat actors are already trying to do that. Now, just to make sure that we are on the same level here. There's no autonomous AI attacks that can just go and hack everything by itself. But threat actors, and we've seen discussions in criminal underground, CTRL, the cyber threats research lab that I run at Cato, we've seen discussions in Russian underground forums where they're saying, "Hey, we're hiring machine learning experts and AI experts because we want to build our own solution. We can't rely on the publicly available ones, which are not that good for us. " And so the initiatives are there. One more thing to add is we're focusing on targeting AI systems, but what we're also seeing now is AI being used to target more of the legacy systems. So we've seen tools sold on the underground to attack two- factor authentication and know your customer types of attacks. So they're using AI to generate videos and images to do new account fraud and it's account takeover. So the threat actors are not just focusing on the latest and greatest because they know the industry is still using two-factor authentication. Let's target that.

>> And that's why they target the old Windows systems that are running some IoT operating technology, OT system that's running an old version of Windows, for instance, because it's easy to get in. They know those threats, they exploit them.

Etay Maor

>> By the way, one thing that I've been playing around with a lot is the LLMs are really good at analyzing code. And you can just take theoretically a website, throw it in there, and it'll find vulnerabilities. It'll find vulnerabilities in the code, find vulnerabilities in different systems. And so yeah, that is something that we see being leveraged.

>> We saw this on misinformation over a decade ago. I think I might've been the first one at SiliconANGLE to actually report on this, especially on Facebook before that first election was identified as tainted. Infrastructure and content, in that case, misinformation is just a payload of the infrastructure and you're getting at something that's really important, which is the AI capabilities at the infrastructure level have certain intrinsic mechanisms that can be exploited. The payload for good or bad, you substitute good and bad, it's the same execution. What are some of those AI for good opportunities to counter the AI for bad opportunities that are emerging? Because for the two sides of the coin, you're going to have the good guys could run AI pattern recognition against threats. They could understand maybe get faster. Actually, I've seen the poll reverse over the last year. I would always ask, does AI benefit the bad guys or the good guys? This was the first year I heard consistency that AI is helping the good guys-

>> I agree. - ... than the bad guys. Your thoughts?

Etay Maor

>> I completely agree. So far we've seen the bad guy use it, but only for very specific tasks like writing emails or short snippet of codes, while the security industry has been harnessing this power, to be completely blunt about it, for years now, right? It's been the buzzword in the last year. The first company I worked for in 2020 used neural networks for security, which is AI. So yeah, we do use it and it gives, as you mentioned, it gives us a lot of opportunities to sift through data lakes, huge amounts of data and be able to say, "Here are three events. " On their own, they're benign. But take the three at the same time, add context and all kinds of things that AI can do for a human it would take ages, immediately you can identify that there is this

>> Etay, it's always great to have you on

>> because you run the threat intelligence team, Cato CTRL with the acronym control, like CTRL, ALT, Delete, C-T-R- L, clever naming. You guys see a lot of stuff. You mentioned the Russian underground. There's clearly an economy. I want to get into some of the specific things you're seeing, but I want to comment on a dynamic that I'm seeing. I want you to give your reaction and maybe some commentary on it. I've seen the speed of agility for the good guys get better. And also law enforcement has been good at disrupting in some cases, arresting folks. I think that one team was arrested a month and a half ago. They were taken down, actually out of the market. So what's happening, certainly on the ransomware side is you can disrupt the bad guys, but they reconstitute quickly. They have good... "Okay, great, we got fumbled. Okay, we've got disrupted," but they know how to get back together. An opportunity to keep disrupting and then identifying where they're reconstituting their gang, if you will, because it is an organized crime syndicate.

Etay Maor

>> It is. - What patterns is AI bringing to the table?

>> Is there any movement there in terms of identifying and keeping that? Maybe it's a consistent offensive disruption to the bad guys and then identifying movement within their ability to reform.

Etay Maor

>> So, you raise one of the biggest issues with intelligence in general, which is once you find a source, do you arrest it or do you let it continue work while monitoring it? Because once you arrest it, as you said, the bad guys move somewhere else. I've seen this with a very well-known identity shop that's been used on the dark web. FBI shot them down, which I'm very happy to see it happen about a year and a half ago. They're already up and running. It's a Russian gang that's running somewhere else. So, what do you do about it? What AI does is it's yet another tool in the tool set of law enforcement, of security companies to try and correlate, coordinate information, contextualize it, be able to take huge amounts of data. So, you look at different posts the way they are written, different names that they use, different aliases.

>> It's almost a signature. Etay, that's great. The big thing right now is business results, right? So we love the conversation. You guys are doing great. Love that you got the lab and you're ahead of it and you teach. It's all great. Let's talk about the company. How are you guys doing? Give a quick overview of snapshot of the business. You guys do a lot of good content, but what are you working on now? Put a plug into what you're working on. We're going to hire. Is there certain folks you want? Give a plug for the company.

Etay Maor

>> Okay, so first of all, business-wise, doing great. Over 2,500 customers. Employee-wise, we are constantly growing. Major growth coming this year as well. So, always looking for those people who want to get and help companies protect their networks. Going in actually all the different fields, whether it's R&D, marketing, operations. Other than that, a couple months ago we talked about over 200 million ARR, so the company is constantly growing and growing up market.

>> So, you think it'll be public here soon on the big board?

>> I hope. Hopefully.

>> Next time you come on, we'll make sure that your logo's up there, get the closing bell coming up here a few minutes. Great to have you on. Again, big fan of the company. You guys do a great job and I really appreciate you guys coming on. theCUBE. Of course, we cover you on SiliconANGLE. Shout out to Eddie who knows how to get on SiliconANGLE and the team. You guys are great to cover. And again, love following the business momentum. AI will be a game changer. You guys invest in a lot of content. Really appreciate that. If you're watching, check out Cato Networks. Etay, thanks for coming on. Appreciate it.

>> Thank you very much for having me.

>> Okay, we are here at theCUBE East where we are rolling out our point of presence, our access point. This is our media infrastructure connecting Silicon Valley to Wall Street in partnership with the NYSE Wired community that Brian Baumann's been initiating. And again, we are an independent operator on the show floor. We'll see a lot more coverage coming here from our studio above the balcony, as well as a studio we will be building out. And again, we're going after here, it's DC, London, who knows? Maybe even Tel Aviv, right? So we will want to put our regions out there, and again, love doing what we do. And I just want to support theCUBE. Join the Wired Network, join the community here in New York, Silicon Valley, or just theCUBE in general. I'm John Furrier, your host of theCUBE. Thanks for watching.