On the 6th episode of Enterprise Software Defenders, hosts Evan Reiser and Mike Britton, both executives at Abnormal Security, talk with Rahul Naroola, Chief Information Security Officer at Dover. Dover is a Fortune 500 global manufacturing company with over 25,000 employees and $8 billion in annual revenue. In this conversation, Rahul shares his thoughts on AI-generated attacks, applications of AI to boost productivity, and realistic expectations for the future of AI security tools.
Rahul's experience at Dover has allowed him to witness the transformational speed of technology firsthand, particularly the shift towards cloud-based systems, SaaS, and today, with the integration of AI. While cloud technology has revolutionized the threat landscape, the balance between the advantages of scalability and user-friendliness and the challenges of maintaining security and control can sometimes be precarious. The importance of robust access management, incident response protocols, and strong authentication practices has never been more vital. Rahul points to the infamous Target breach as a turning point when boards began to realize the criticality of cybersecurity. As businesses approach the nexus of AI and cybersecurity, business leaders must start addressing the growing utilization of AI by security professionals and malicious actors. "We almost have to fight fire with fire. If our apps are using artificial intelligence to deliver products faster or deliver results faster to whoever their users are, security has to be in lockstep with that at some point in time."
As cyber threats have evolved from nascent concepts to full-fledged operational pitfalls, AI is becoming a powerful tool for enhancing security measures. AI tools have begun to aid in streamlining Security Operations Centers (SOCs) and handling large volumes of data. Rahul highlighted AI's role in improving threat detection and response times. "AI can make that work much easier and more streamlined for them [SOCs]. Now, our SOC and anybody that gets into that level of investment of time and education and use of these kinds of technologies in making these tools far more effective, far better to be used, and far more user friendly, they're going to have a big impact in the marketplace." However, he cautioned against the assumption that AI is a universal cure, acknowledging the potential for adversarial use of AI by threat actors. Rahul emphasizes the need for companies to balance leveraging AI for defense while remaining vigilant about the potential for AI-generated threats. "The more we can leverage artificial intelligence, not just for productivity but also for security reasons, over time it'll serve us better, but it's a cat and mouse game."
Looking ahead, Rahul discusses the need for continuous education and training to equip cybersecurity professionals with the skills to navigate the AI-driven landscape. He encourages security teams to engage with industry peers and attend conferences to learn from collective experiences. Rahul predicts AI will improve security operations and anticipates an AI-powered SOC that can interpret and respond to threats with minimal human intervention. "For your SOC, the people that are 24/7, a lot of that work could be done with a huge assistance from AI. Today, what happens in a typical SOC? You have a person who has 2, 3, or 4 screens, is looking at 20 different consoles, and is looking for any blips that happen. I think AI can make that work a lot easier and a lot more streamlined for them." Rahul highlights the uncertainty around ownership and accountability for AI-generated materials and the challenges in discerning AI-generated content from human-authored content. This uncertainty extends to the cybersecurity workforce, as Rahul discusses the need to adapt and train existing teams for the AI-powered future. "We can get an AI-savvy person or set of people. That's going to take some time to get. Nobody has that training right now. They're going through it at this stage. It just changes so quickly. There's no replacing a person that understands your business first."
The intersection of AI and cybersecurity promises innovation and challenges in a rapidly evolving landscape. Rahul's wealth of experience provides unique insights into the pragmatic integration of AI into security strategies. His perspectives underscore the importance of striking a balance between embracing AI for defense and staying vigilant against malicious actors' potential misuse of AI. As the cyber realm continues to evolve, the expertise of professionals like Rahul will play a pivotal role in securing the digital experience against emerging threats. AI is transforming both defense and offense strategies. Rahul's insights serve as a beacon for cybersecurity professionals, highlighting the challenges and opportunities in safeguarding the digital realm.
Listen to Rahul's episode here and read the transcript here.