Cybersecurity - Need of the hour

High time we invest now, before its too late!

Anoop Jaishankar (AJ)

11/13/20233 min read

How hackers start their afternoons!
How hackers start their afternoons!

Time and again we have seen ransomware and malware attack critical infrastructure components of small/medium/large scale companies. In the enterprise software stack, security has been largely de-scoped or invested poorly. With the advent of AI, the attack vectors are growing larger by the day. In this write up I will address the urgency and the need of the hour to invest in application/cloud security augmented by trained AI/ML models.

The Solarwinds and the Microsoft Exchange Server flaws have caused widespread damage both in terms of monetary impact and the harm to the reputation of some large trusted enterprises. The cyberattack breached the computing networks of Solarwinds through trojan code that later installed a backdoor program. Through this program a remote user gained access to the infected computers. Thousands of computers were infected with this exploit. Hackers pursued a widespread espionage effort using these vulnerable computers. More information can be found here.

Solarwinds agreed to pay a hefty fine to settle the lawsuit as posted here. In addition, the US SEC sued Solarwinds for concealing the vulnerabilities and the cybersecurity attack. This came as a surprise move to some, but this is a forewarning to other companies to take adequate measures to protect their software.

With this backdrop, the industry, albeit slowly, is reacting and addressing some of these gaps. Cloud providers and software vendors are taking active measures to protect their software supply chain and bolster the security practices that were open to vulnerabilities in the past.

Most recently, theverge.com detailed how Microsoft is overhauling its software security after the major Solarwinds attack.

As part of the Secure Future Initiative (SFI), Microsoft is changing the way it builds and operates software. Use of AI is inevitable and sure enough, the new initiative will incorporate AI during software development. Static and dynamic code analysis will be part of the development process. In addition, AI will be used to install a cyber shield to protect against identity-based threats. Lastly, the vulnerability and security update timeline is being overhauled. It is still surprising to me that it takes over 90 days to implement even a partial fix to an Azure flaw that was found recently. Microsoft aims to cut this response time in half with these new initiatives (which is still over 45 days). We can do better than this and we hope to be a part of this journey.

In retrospect, a holistic approach to security is required to handle cybersecurity incidents. Since the attacks are getting smarter and are using vulnerabilities in multiple software/hardware components, we need to take a step back and address these issues comprehensively. Guardrails need to be installed across the gamut of an application’s lifecycle and the cloud infrastructure. A number of independent initiatives have cropped up in this space recently. However, we at Pervaziv AI, are confident that we have a winning product!

We are building Pervaziv AI with all of these considerations in mind. AI/ML is at the forefront of software development. We use the latest and the greatest in hardware technology and utilize the vast computing resources that are available to us. Our anomaly detection scheme is very promising and has proven to work in the industry. In addition, we are cloud agnostic and hence we can bring an outside-in perspective and augment the security initiatives of several cloud providers such as Google Cloud, Microsoft Azure and Amazon AWS. Follow the company page or the author on LinkedIn or check back on this website to learn more!

#applicationsecurity #cloudsecurity #cybersecurity #ransomware

Anoop Jaishankar (AJ)