Q1. What impact is the rise of generative AI technology having on the cyber threat intelligence field?
It is proving useful as a human language tool to vastly reduce the amount of time and resource needed to do day to day security and network operations. In a security operations center, this vastly helps to reduce our industry wide skills gap, and the mean time to detect & respond to threats (MTTD/MTTR). Resources such as analysts that would otherwise be focused on these day to day tasks are being upleveled and upskilled. For example, generative AI can enable an analyst to interact with their security fabric to create playbooks based off descriptions, threat hunt and triage.
Q2. Given the increasingly interconnected nature of the digital landscape, how crucial is threat intelligence sharing among stakeholders? What are some of the potential barriers or challenges to effective collaboration?
Threat intelligence sharing has always been important between stakeholders, however recently it is becoming increasingly crucial due to several factors. One being the agility of the attackers – from our recent FortiGuard Labs Global Threat Landscape Report we observed that the average attack window in 2H 2023 was just under 5 days, or 43% faster than the first half of 2023. Sharing actionable intelligence on attacks frequently helps to respond to threats within this shrinking attack window. The other factor is the flourishing cybercrime ecosystem – such as ransomware operators and their affiliates. Sharing threat intelligence and working together between public and private sector is imperative to create a chain of disruption against cybercriminals. A great example of this is the Cybercrime Atlas initiative under the World Economic Forum.
Q3. What are some of the key themes and trends that Fortinet plans to focus on during Black Hat USA 2024? Can you share some insights on the interactions and discussions Fortinet plans on having with attendees at the event?
This year at Black Hat USA 2024, the Fortinet team will be taking time with attendees to walk through live demonstrations that highlight the breadth of the Fortinet Security Fabric platform. We’ll talk through what a converged platform looks like and how Fortinet can deliver automation, management, orchestration, and interoperability across customers’ increasingly hybrid networks. Specifically, the demos will cover a broad range of solutions and services, including advanced detection and protection, modern endpoint security, cloud-native protection, and zero-trust edge, as well as a handful of Fortinet partner talks at the booth. We will also have an interesting session by Tony Giandomenico, Global VP, Cybersecurity Consulting, Proactive and Reactive Services at Fortinet, exploring which parts of the threat landscape are rapidly changing and discuss how this disconnect could impact your organization’s ability to detect and respond to incidents.
Q1. What emerging technologies or approaches do you foresee having the biggest impact on email security, especially around email authentication and verification?
Email has always been, and continues to be, the main delivery mechanism for social engineering, malware, and credential attacks. Email-based malware and credential attacks remain the number one option for all levels of adversaries, and they don’t require a high level of technical sophistication to carry out. And because these attacks are designed to exploit the human factor and not a vulnerability that can be patched, there is almost no doubt they will endure as a favored tactic.
However, social engineering has evolved in less predictable directions. Different technologies have enabled the payloads to evolve such as deepfaked audio and video, AI-assisted translations and personalization. These new technologies are amplifying their impact to commit financial fraud, account takeovers, and more.
While it’s still a relatively small part of the overall threats that malicious actors attempt to deliver to our customers, we are starting to see phishing attempts that can use AI to craft convincing messages to cleverly translate to different languages using AI. Deepfaked audio and video can impersonate someone in a seemingly urgent message coming from an executive or your own boss.
These personalization tactics, coupled with AI-powered content creation, make these fraudulent emails far more believable and dangerous. Combating them requires advanced solutions that can detect them. We have a number of protections in place, and we are always working on new innovations that stay ahead of threat actors.
Q2. How might the rise of AI-powered cyber-attacks change the landscape of threat detection and response over the next few years? How has Proofpoint evolved its strategies to help customers address the threat?
AI-based attacks currently make up a very small percentage of our threat telemetry. If you take Business Email Compromise (BEC) attacks, which was the leading cause of financial loss for organizations last year, the hardest part for threat actors is managing money mules, opening bank accounts and creating infrastructure like lookalike domains.
But, as I mentioned, we do see these new technologies enabling threat actors in new ways. We see GenAI being leveraged for nefarious means, allowing BEC actors, who until recently could only focus on social engineering attacks in English or a few other languages, to craft well-written phishing emails in literally any language. With ChatGPT, we have seen a notable uptick in campaigns targeting Japanese and Korean companies in local language and observing local business customs, which effectively has opened up new virgin territories for attackers.
On the defense front, AI has become a critical part of a detection ensemble, especially for pure social engineering attacks without a traditional payload like a link or attachment. AI’s concept of explainability also provides much-needed analysis and threat identification at scale that can be used by security professionals to minimize breach risk and enhance security posture.
AI and ML have been in Proofpoint’s DNA since our inception, and we continue to build on our AI and ML heritage by investing and innovating around the latest attacker trends to give customers the best efficacy against the ever-changing threat landscape. And as we secure trillions of human communications every year, we don’t have to worry about running low on training data.
Q3. What opportunities will customers and other organizations at Black Hat USA 2024 have to meet with and learn more about Proofpoint's plans and strategies? What can they expect to see and hear from Proofpoint at the event?
The fragmentation across email security and data protection solutions allows threat actors to win, again and again and data to be exfiltrated. Organizations need a simple, unified and effective way to catch every threat, every time, every way a user may encounter it, using every form of detection. Proofpoint has redefined human-centric security, which Gartner has identified as one of three strategic priorities for CISOs in 2024 and 2025.
In pioneering human-centric security, we’ve brought together previously disconnected functionality to accomplish two critical goals. The first is helping organizations protect their people from targeted attacks, impersonation, and supplier risk, along with making their people more resilient and cyber aware. The second is to help them defend their data from users that put it at risk, whether by mistake or intentionally.
We’re focusing on giving our customers the best solution to solve this problem leveraging modern AI technologies, behavior analysis and threat intelligence. We’re delivering deeper, more comprehensive technology integrations with our peers across architectural domains, from SASE/SSE and XDR on the infrastructure side to identity and security operations. We are building upon our existing partnerships —including Palo Alto Networks, CrowdStrike, Microsoft, CyberArk, Okta and many more—to enhance outcomes for our joint customers.
Our team values the direct connections made with customers, prospects, and partners, and we’re looking forward to face-to-face meetings in our private meeting rooms, a night out at our private executive dinner, and discussions at our booth #1740 to learn more about our human-centric approach to cybersecurity through engaging product presentations, live demonstrations, giveaways and more.
