Why AI and autonomous response are crucial for cybersecurity (VB On-Demand)

Presented by Darktrace

Today, cybersecurity is in a state of continuous growth and improvement. In this on-demand webinar, you’ll learn how two organizations are using a continuous AI feedback loop to identify vulnerabilities, strengthen defenses, and improve the outcomes of their cybersecurity programs.

View here for free on demand.

The landscape of security risks is changing rapidly and the traditional on-premises approach to cybersecurity is no longer sufficient. Remote working has become the norm and outside office walls, employees are dropping their personal security measures. Cyber ​​risks introduced by the supply chain through third parties are still a major vulnerability, so organizations need to think not only about their defenses, but also those of their suppliers to protect their priority assets and information from infiltration and exploitation.

And that’s not all. The ongoing conflict between Russia and Ukraine has provided attackers with more opportunities, and social engineering attacks have grown tenfold, becoming more sophisticated and targeted. Both play on the fears and insecurities of the general population. Many security industry experts have warned about future threat actors using AI to conduct cyber-attacks, use intelligence to optimize routes and accelerate their attacks through an organization’s digital infrastructure.

“In the modern security environment, organizations must accept that it is highly likely that attackers will be able to breach their perimeter defenses,” said Steve Lorimer, group privacy and information security officer at Hexagon. “Organizations need to focus on improving their security posture and preventing business disruption, so-called cyber resilience. You don’t have to win every battle, but you have to win the most important.”

ISOs should look for cybersecurity options that alleviate some resource challenges, add value to their team and reduce response time. Self-learning AI trains itself using unlabeled data. Autonomous Response is a technology that calculates the best action to contain ongoing attacks at machine speed, preventing attacks from spreading throughout the business and disrupting critical operations. And both become essential for a security program to address these challenges.

Why machine learning is essential in the new cybersecurity landscape

Attackers are constantly innovating and transforming old attack patterns into new ones. Machine-learning AI can detect when something in an organization’s digital infrastructure changes, identify behaviors or patterns not seen before, and act to quarantine the potential threat before it can escalate into a full-blown crisis, disrupting operations .

“Ultimately, it’s about building layers,” adds Lorimer. “AI will always be a support element, not a substitute for human teams and knowledge. AI can empower human teams and lighten the burden. But we can never fully rely on machines; you need the human element to make gut-feeling decisions and emotional responses to influence more important business decisions.”

The benefits of autonomous response

Often, cyber attacks start slowly; many take months to move between reconnaissance and penetration, but the key components of an attack happen very quickly. Autonomous Response unlocks the ability to respond with machine speed to identify and contain threats in that short time frame.

The second major advantage of autonomous response is that it enables “always-on” defense. Even with the best intentions in the world, security teams will always be limited by resources. There are not enough people to always defend everything. Organizations need a layer that can empower the human team, giving them time to think and respond with critical human context, such as business and strategic acumen. Autonomous response capabilities allow the AI ​​to make immediate decisions. These micro decisions give human teams plenty of time to make those macro decisions.

Leveling: Using attack path modeling

Once an organization has matured to the point of presumed intrusion, the next question is understanding how attackers traverse the network, Lorimer says. Now, AI can help companies better understand their own systems and identify the riskiest paths an attacker could take to reach their crown jewels or key information and assets.

This attack simulation allows them to bolster defenses around their most vulnerable areas, Lorimer says. And machine learning is really all about a paradigm shift: instead of building defenses based on historical attack data, you need to be able to defend against new threats.

Attack Path Modeling (APM) is a revolutionary technology because it allows organizations to map the paths where security teams may not have as much visibility or were not originally considered vulnerable. The network is never static; a large, modern and innovative company is constantly changing. Thus, APM can run continuously and alert teams to new attack paths created through new integrations with a third party or a new device that is part of the digital infrastructure.

“This continuous, AI-based approach allows organizations to continuously strengthen their defenses, rather than relying on semi-annual or even rarer red teaming exercises,” Lorimer says. “APM enables organizations to proactively remediate vulnerabilities in the network.”

Choosing a cybersecurity solution

When choosing a cybersecurity solution, there are a few things ISOs should keep in mind, Lorimer says. First, the solution should increase human teams without causing substantial additional work. The technologies must be able to increase the value that an organization delivers.

ISOs should also strive to repair significant overlaps or gaps in technology in their existing security stacks. Today’s solutions can replace much of the existing stack with better, faster, more optimized, more automated and technology-driven approaches.

Beyond the technology itself, ISOs need to look for a vendor that adds human expertise and contextual analysis.

“For example, with Darktrace’s Security Operations Center (SOC) and Ask the Expert services, our team at Hexagon can gain insights from their global fleet, partner community and entire customer base,” said Lorimer. “Darktrace works with companies across all different sectors and geographies, and that context allows us to understand threats and trends that may not have impacted us immediately.”

Hexagon operates in two major industry sectors: manufacturing and software engineering, so every facet of the business faces different, specific threats from different threat actors. Darktrace’s SOC provides insights from broader industry experts and analysts based on their wealth of knowledge.

But even the best tools can’t solve every problem. You need to focus on solving the problems that will really impact your ability to deliver to your customers and thus your bottom line. You need to put in place controls that can help manage and mitigate that risk.

“It’s about facing problems before they can escalate and mapping out potential consequences,” Lorimer says. “It all comes down to understanding risks to your organization.”

To understand the current threat landscape and learn more about how AI can transform your cybersecurity program, don’t miss this VB On-Demand event!

View here for free on demand.

You will learn about:

  • Protect and secure citizens, nations, facilities and data with autonomous decision-making
  • Apply ongoing AI feedback systems to improve outcomes and strengthen security systems
  • Simulate realistic scenarios to understand attack paths that opponents can use against critical assets
  • Merging the physical and digital worlds to create intelligent security for infrastructure


  • Nicole EaganChief Strategy Officer and AI Officer, Darktrace
  • Norbert HankeExecutive Vice President, Hexagon
  • Mike Beck,Global CISO, Darktrace
  • Steve LorimerGroup Privacy & Information Security Officer, Hexagon
  • Chris PreimesbergerModerator, Contributing Writer, VentureBeat