Data Stewardship, Fighting AI-Powered Threats with AI, and Deploying Advanced Managed Detection and Response Solutions 

Amidst the digital onslaught, where every device is a potential target, a crucial TechNadu interview with Deepwatch's CEO sheds light on important aspects of data security. John DiLullo emphasized guarding against insider threats, negligence, and deception for bribes.

DiLullo challenged traditional perimeter security and highlighted AI-driven solutions as a practical means of addressing the ever-growing and complex security needs. He drew attention to the undetectable nature of zero-day exploits and AI-powered phishing attacks.

He drew attention to about 300,000 variants of malware discovered every day, and AI voice replicators creating an imitation of a family member’s voice with just a 30-second sample.

Speaking of Managed Detection and Response (MDR) as a comprehensive solution for various security risks, DiLullo discussed cyber resilience, business risks, social engineering, and more in this interview.

The discussion underscores the critical need for organizations to move beyond overwhelming security products and handle talent shortages with comprehensive AI solutions that truly connect cyber risk to business outcomes.

Continue reading for the full conversation.

Vishwa: You have over 30 years of experience in the tech world. What are your insights into the evolving human approach to data security, particularly as new gadgets and tools emerge? Do you see people maintaining security depending upon gadget types, the data it collects, its cost, or something else?

John: Unfortunately, most people, even security professionals, are hard-wired to approach security challenges by trying to solve classical perimeter protection problems. As humans, it’s just the way we think. 

Consider an ancient castle that needs protection. The King or Queen might build walls, a moat, and a drawbridge. They might post sentries, deny admittance without passwords or ciphers, and build booby traps and deadfalls. They are protecting a perimeter by denying admittance. 

Many of these same metaphors have been replicated in modern data and network security schemes, including the deployment of passwords, encryption, firewalls, etc. But today, the assets we are trying to protect are not bars of gold, they are ones and zeros. They are light as a feather and incredibly susceptible to theft. 

And, in many cases, modern enterprises do not even know when or if their assets have been stolen. What’s more, whether through negligence, mischief, or malice, 60%-70% of all data losses today occur from the actions or inactions of insiders. 

Employees work on personal devices, use the filthy public internet, eschew encryption disciplines, and conveniently forget that hundreds of millions of applications have moved to the public cloud, all contribute to the disintegration of the traditional perimeter, and these tectonic shifts have, in practice, rendered legacy security approaches inert.

Vishwa: With over 15 years in cybersecurity, you have observed infosec companies innovate against a spectrum of cyber threats. What threats require continuous monitoring and security measures that demand regular improvement?

John: All security efforts require constant vigilance, updating, penetration testing, posture assessment, and round-the-clock monitoring. That’s the nature of the beast. Some threats, however, you simply can’t see coming. Those are the unknown unknowns - the Zero Day exploits. Fortunately, there are emerging Digital Risk Protection techniques to help with detecting these threats and the hallmark breadcrumbs they can leave behind.

Of course, the softest targets (and the easiest to anticipate) have always been people. People make mistakes. They answer calls they shouldn’t, they copy the wrong email address, they get tailgated into a building, they click a malicious link by accident, they let their kids use their work computer, or they forget to shred a sensitive document that ultimately finds its way into the hands of a rogue dumpster diver.

In the old days, a perpetrator running an “advance fee” scam and posing as a Nigerian Prince was pretty easily detected. Armed with GenAI tools, today's scammer is virtually undetectable. In fact, some “scam” emails are written better than a typical Sophomore essay answer. 

Leveraging AI, with its ability to sift through millions of artifacts and its virtually unlimited computational horsepower, to detect the first appearance of these threats is the only practical solution. Otherwise, we will all find ourselves completely outnumbered and outmaneuvered by our cyber adversaries.

Vishwa: Drawing from your experience in both technology and cybersecurity, which infosec topics did you research more often to break down their complexities? What is your message to writers in this field so their content makes the most impact and is easily understood? What areas or kinds of topics need a more detailed or sensitive approach?

John: Like most practitioners in the field, I got my start in desktop and network security. Years ago, that was all that was available, and, sadly, it was often thought that was all that was needed. 

By some estimates, today there are 4,000 different security products in the market, and, year after year, losses from cyber crimes continue to go up. The reality is that most companies do not get their money’s worth from all the cyber investments that they have made. 

Many tools are only partially deployed, or they are run so poorly that they generate unmanageable volumes of low-fidelity alerts. 

This problem is compounded by an extreme talent shortage in the broader security field, and many companies find themselves in a morass of overworked security teams, countless missed alerts, stressed-out IT and Security executives, and nervous CEOs and Board members pondering the existential question: “Am I safe?”

A new breed of solutions called Managed Detection and Response (MDR) is the silver bullet, allowing companies to get more out of their existing security products and services. It also allows them to enjoy remote access to experts and technologies that they could never otherwise hire or deploy. 

This is especially true for the utilization of AI detection and response capabilities, but it’s also life-changing in areas such as threat exposure management, risk assessment, and threat hunting. 

Of course, practice makes perfect. A normal Security Operations Team sees very little “live fire” or active incident response time. I can’t speak for all MDR teams, but ours are battle hardened and have all the tools, techniques, training, and processes needed to confidently resolve a customer’s infirmities and to also thwart attacks when they come 24x7x365.

Vishwa: Which is a cybersecurity solution that you prefer using, and for protecting what type of data? Would you recommend a solution to our readers? Please explain your rationale and choice. 

John: Any type of data loss creates business risk and diminishes the integrity of a company’s information assets or the value of its intellectual property. We don’t know all the creative schemes that will be hatched to steal data, but we do know that the best available technology will be AI. 

Some AI models operate a million times faster than legacy solutions. Without leveraging AI in both detection and response operations, we cannot move quickly enough to protect against breaches and theft.

Vishwa: Could you detail specific cases of cybercriminal activities that leveraged AI capabilities? What are your observations regarding adversaries stealing user data from AI models, such as Studio Ghibli, that process user images? What are the potential risks for users sharing such data?

John: People are finally learning that if you share data or imagery on any platform, paid or free, you should assume that data can fall into the wrong hands. Ghibli-style image generators are a great example of a service that gets entrusted with sensitive imagery that may ultimately find its way into the wild. If you don’t want your data shared, don't share your data in the first place.

Unfortunately, many other AI-enabled cybercrimes are far too commonplace. First, AI LLMs are breathing new life into old scams. Phishing attacks are the most obvious, where the quality of spoofs has gotten much better. Gone are the easy tells of obvious misspellings, malformed URLs, and blurred logos. 

Now, AI is being used to generate what’s called polymorphic malware. This is malware that is cleverly modified automatically by an AI agent before transmission so that it looks different enough from known malware to confound even the most up-to-date firewalls and intrusion prevention systems. 

By some estimates, as many as 300,000 variant pieces of malware are minted every single day. Perhaps the scariest AI use case is the deep fake and real-time voice imitations that are being used in fake kidnappings and other confidence scams. 

Some of the better AI voice replicators can use samples of less than 30 seconds in duration to convincingly create a high-fidelity imitation of a family member's voice.

Vishwa: What steps would you recommend for users to maintain caution, especially concerning sensitive questions, image uploads, or the permanent deletion of their data after use?

John: No strategy is 100% foolproof, but there are several steps people can take that make a big difference. It goes without saying that you should be careful when sharing anything you don’t want getting out or that has a tangible financial value in intangible reputation or brand value. 

Adopting strong passwords and leveraging multi-factor authentication is a must, as is always using strong data encryption on your storage and transmission devices. Thoughtful backups of your most sensitive data are never a bad idea, as is building redundant transmission capabilities into your networks. 

Remember, at least half of all data losses happen as the result of carelessness vs. at the hands of a malicious party. Data stewardship begins with each of us.

Vishwa: What type of cybercrimes, campaigns, or tools is Deepwatch, the leading AI and human cyber resilience platform, best equipped to combat? Could you share Deepwatch's top threats, such as infostealers, phishing, or cyber espionage?

John: At Deepwatch, we don’t discriminate. We care about all attack vectors and any attempt to compromise our client’s data integrity, whether from inside or outside of the organization. In 2013, the MITRE attack framework was developed to help inventory all of the tactics and techniques adversaries could conceivably deploy in an orchestrated attack. 

This has been expanded over the years and now covers all the approaches an attacker will use to compromise a person's or company’s precious data. We map to this framework and have built a detailed inventory of “detections” to surface even the slightest irregularity. Mind you, there are many, and we can process in any typical week as many as 10,000 high-fidelity alerts for our customers.

There is a bright spot in this gloomy topic, and that is that MDRs hold the promise of reducing the costs of securely managing the IT assets of a modern enterprise. Our customers have to respond to fewer false leads and gain more confidence in detecting real incidents, enjoy measurably improved resilience, suffer fewer data losses, and usually need many fewer people to support their security operations.

Vishwa: Please detail Deepwatch’s human cyber resilience platform. What does it focus on, and what is its desired goal? We are keen to learn about its impact so far.

John: At Deepwatch, we focus on six distinct areas of the MDR solution:

• We assess each customer’s threat exposure. We generally do not ask our customers to invest in new security products, but we do take steps to understand their existing security footprint, address blind spots, and assess the fitness of their existing security product portfolio.
• We ingest alert telemetry and operational logs from our customers’ existing security tools and Incident and Event Management databases. We do this thoughtfully and avoid ingesting or storing excessive amounts of data that can add to costs and management headaches.
• We perform high-speed, AI-powered threat detections on the ingested logs using a combination of existing and custom-built detection algorithms. These are scored and prioritized by our patented Dynamic Risk Scoring engine and risk assessments of each alert, anomaly, or threat.
• We respond to detected threats using a combination of hyperautomation tools and human-driven efforts. This includes expert examination of alerts that may or may not pose actual threats, the isolation and quarantine of suspect hosts and users, and escalated alerting and assistance to on-site service providers when needed.
• We help our customers assess their risk by providing a GenAI interface to our system that supports natural language queries, providing “pushbutton” reports that can be leveraged by our customer’s security practitioners and risk managers to spot areas where their resilience can be improved and, uniquely, areas where customers are potentially over invested.
• Lastly, we help CISOs and security leaders connect the dots between cyber risk and business risk. Too many security practitioners are flummoxed by the question, “Are we safe?” That, however, is the inescapable question being posed by Boards, Regulators, and Insurers alike. 

Deepwatch provides our customers the tools, insights, and context needed to communicate with confidence actual business risks rather than simply spouting threat metrics and investigation outcome factoids. 

Our customers approach their Boards and Risk Management Committees with their shoulders back and their chins up, armed with a 360-degree view of the tangible security risks their enterprise has mitigated and those that still need attention.

The proof is in the pudding. Most of our customers enjoy a 50% or greater reduction in the cost of their cyber operations when deploying Deepwatch and a much lower rate of security incident occurrence. This is clearly why MDR is one of the fastest-growing segments of the cybersecurity landscape. 

Nearly every other cybersecurity product introduced in the last 20 years requires compute, storage, maintenance, training, incremental staff, incremental costs, and a decoder ring to decipher each product’s unique and arcane telemetry and confusing alerts. 

MDR is one of the few innovations in the last decade that gives money back to customers and lets them sleep better at night.