How AI and zero trust are transforming resilience strategies

In this Help Net Security interview, John Hernandez, President and General Manager at Quest Software, shares practical advice for enhancing cybersecurity resilience against advanced threats. He underscores the need to focus on on-premises and cloud environments, adapt to new regulations, and address supply chain vulnerabilities.

Hernandez also discusses how AI and zero-trust architecture are becoming key elements in future cybersecurity strategies.

What practical steps can organizations take to improve their cybersecurity resilience in response to the increasing sophistication of cyberattacks?

It’s vital that organizations fully understand the infrastructure they need to protect and the threats they must be resilient against. When considering security architecture, zero trust often comes to mind first, and for good reason—it’s widely recognized and increasingly adopted. However, zero trust relies on signals that are often focused on cloud environments, resulting in critical components like on-premises Active Directory being frequently overlooked. With many organizations still using on-premises infrastructure it’s important to apply the same principles to on-premises Active Directory.

One of the first steps an organization should take is categorizing objects within their on-premises Active Directory that, if compromised, could affect the entire organization. We have to assume a breach, so we must reduce the blast radius of a breach, so it doesn’t affect the entire organization. In Active Directory this is known as Tier 0 and many organizations have not even defined what constitutes a Tier 0 object, leaving them vulnerable.

Implementing strong access controls, regularly updating systems, and enhancing endpoint security are all vital steps. However, it’s not enough to simply purchase a bunch of security tools, such as PAM, and assume the problem is solved. Organizations need to identify which objects are critical enough to be put into such systems—a step that many neglect.

In addition to implementing ‘technical’ measures, investing in cybersecurity training for employees is essential to staying vigilant and adapting to changing cyber threats.

How do global trends and geopolitical tensions impact cybersecurity resilience strategies?

At the backdrop of geopolitical tensions, the cyber threat environment is growing significantly in scope and complexity. Organizations must adopt the mindset that security breaches are inevitable in today’s landscape. The increasing sophistication, and capabilities of cyber attackers, including those backed by governments, and therefore with access to resources, underscore the reality that no system can be completely impervious to attacks.

The widespread adoption of technologies, like cloud computing and AI also brings new security risks and paths for potential attacks that need to be dealt with promptly. To make this happen, it is crucial for organizations to shift their cyber security approach from focusing on preventing incidents to adopting a more holistic strategy that includes detection, response and recovery measures.

With CrowdStrike as an example, it’s become clear that cybersecurity challenges go beyond intentional attacks and extend to accidental misconfigurations that can have damaging impacts on an organization’s resilience. This highlights the need for a comprehensive approach to managing risks. With the increasing dependence on technology, it’s important to be ready for unexpected situations since there is no certainty about what the future might hold.

How should organizations align their cyber resilience strategies with evolving regulatory requirements and standards?

Recognizing that simply meeting compliance standards does not ensure security is crucial; it’s the merely the minimum requirement for organizations to fulfill. Security frameworks like NIST or ISO 27001 typically help organizations in assessing their security posture and pinpoint areas for improvement. Moreover, these frameworks support management in comprehending and addressing risks proficiently and setting priorities. However, while compliance is vital, it’s not enough for establishing a comprehensive cyber resilience.

Companies need to take a strategic and holistic approach to security, that goes beyond just meeting regulations. This means integrating compliance into the foundation of a cyber resilience plan while also focusing on both recovery and proactive measures to deter certain TTPs (tactics, techniques, and procedures) whenever feasible.

How can organizations strengthen their cyber resilience concerning supply chain vulnerabilities?

To begin with, it’s essential for companies to conduct risk assessments and examine the cybersecurity posture of their suppliers. This includes Trade Agreements Act (TAA) compliance and scrutinizing their build processes. Understanding where and how software is developed is crucial, especially, in light of geopolitical tensions that may affect Independent Software Vendors (ISVs).

Organizations should implement stringent access management policies to protect the data they share with their supply chain partners effectively. Furthermore, they should carefully evaluate their supply chain, similar to the clean source principle, which states that an object is only as secure as its security dependencies. In other words, your organization is only as secure as the companies it does business with. This method ensures that only reliable sources are integrated into the supply chain.

Finally, creating a robust supply chain strategy and implementing business continuity plans can greatly minimize the impact of potential security breaches.

What trends do you see shaping the future of cybersecurity resilience? Are there any emerging technologies or practices that will significantly impact the field?

Organizations are now actively seeking their best strategies to tackle modern cybersecurity challenges.

Zero trust architecture continues to gain popularity, largely due to certain companies are looking to replace their on-premises Active Directory with a zero trust architecture model instead. However, they have some difficulties when dealing with legacy applications that are not easily compatible with modern solutions. Solving this issue is expected to be a notable trend in the near future.

We see AI at the forefront of shaping the future of cybersecurity resilience. Through collaborations with Microsoft Copilot, we are witnessing positive progress in this regard. In the coming years there will be an increase in the integration of AI into cybersecurity solutions, and I believe the insights and signals we provide to Microsoft will greatly improve security measures in the times.

Finally, Identity Threat Detection and Response (ITDR) has always been significant, but now it is more often seen by organizations as a critical component of cyber security. As more organizations strive to move toward zero trust architecture, they will more often prioritize a strategic and holistic approach to identity security, rather than using fragmented solutions.