KnowBe4 Sponsor (13:51)

And now a word from our sponsor. Know before it's all connected and we're not talking conspiracy theories. When it comes to infosec tools, effective integrations can make or break your security stack. The same should be true for security awareness training. KnowBeFor, provider of the world's largest library of security awareness training, provides a way to integrate your existing security stack tools to help you strengthen your organization's security culture. KnowBe4's security coach uses standard APIs to quickly and easily integrate with your existing security products from vendors like Microsoft, CrowdStrike, and Cisco 35. Vendor integrations and counting Security Coach analyzes your security stack alerts to identify events related to any risky security behavior from your users. Use this Information to set up real time coaching campaigns targeting risky users based on those events from your network, endpoint identity or web security vendors. Then coach your users at the moment the risky behavior occurs with contextual security tips delivered via Microsoft Teams, Slack or email. Learn more@knowbe4.com SecurityCoach that's knowbe4.com SecurityCoach and we thank knowbe4 for sponsoring our show.

Dave Buettner (15:26)

Sven Krasser is Senior Vice President of Data Science and Chief Scientist at CrowdStrike. I recently caught up with him to discuss balancing AI and human intervention.

Sven Krasser (15:37)

I would say in the cybersecurity industry that leveraging AI is table stakes right now. Like, that's something that companies just need to take a look at. It is not necessarily an easy feat though. And I think one of the challenges is to build resilient and robust AI systems that can learn from human insights and improve over time. Right. Like basically you need to set up processes and flywheels that result not in just having a great AI model, but in having a process that produces better and better AI models as the threat landscape emerges and evolves and as adversaries adapt.

Dave Buettner (16:22)

I'm curious, from your position as a scientist, what was it like to see these tools come along and grow in their prominence?

Sven Krasser (16:33)

Yeah, I think there's quite some adjustment in the perception of it. Like, I remember when I got started with this, I don't think anybody was really interested in how the sausage was made. Like, I felt like we're using these very cool algorithms back there in our systems and people were more along the lines of, yeah, just keep me secure. Sounds interesting. I think that really changed, right? I think there is a heightened awareness about the utility of these types of tools. And I think in the public eye there is a lot more shared excitement now what these tools can do. And I think that is good in the sense that more people understand the promise and the importance of these types of technologies. On the other side, on the flip side of the coin, there's always a risk in trusting too much on just AI technology. It is not the panacea that really solves all of our problems as the human species. I think we still need human review, human input, human ground, truth to make the system successful. So that's something that sometimes gets lost in all the enthusiasm and hype that we're experiencing right now.

Dave Buettner (17:56)

So how do you go about balancing those needs? How do you make use of the promise of AI but also keep the humans in the loop?

Sven Krasser (18:09)

I think in our case that really is naturally evolving around how we set things up at CrowdStrike. I've been here since day one. So making this successful play to bring AI technology and has been something that has been on the forefront of my mind and the mind of all the other early employees that started here. So it's not something that we, that we bolted on, but that we considered as a design objective from the get go. And I think that that shows in the way how we're managing our offerings and services. Like any time human analysts are reviewing something for our, for managed services offerings, for our incident response offerings, that there's insights that these humans bring to the table about what the adversary has been doing, what the adversary has been attempting, and we're structuring our internal procedures in such a way that that information becomes fuel for the AI. And that's this flywheel that I was mentioning earlier. Right. Because these parts of the overarching system, the human aspect, the AI aspect, they really feed into each other. The better the AI is flagging abnormalities, the more efficiently humans can review and provide insights, and the more insights there are with firm and grounded review, the better the AI can be trained to give better results. So we're moving every day as we're doing our jobs here at CrowdStrike, we're moving more information, more potential threats from the domain of this looks fishy. Somebody needs to take a look at it into the domain of we are certain that this is good or we're certain that this is bad. Right. And that means we're freeing up times for the humans to take a look at the remaining less suspicious things to see if anything tries to fly under the radar there. And I think this is really what gets me excited about this technology every day. As you do your job. By virtue of how we have set this up, we can do a better job and we can do better countering the adversary.

Dave Buettner (20:29)

When you look at the range of tasks that people are doing in cybersecurity, are there certain things that are more suited for assistance from AI and some things that maybe aren't as good a fit?

Sven Krasser (20:43)

Yeah, I think there's a lot of work that needs to happen for effective security. Right. Like if you take this in two parts, right. Like there's the, like let's call it traditional predictive AI, there's the generative AI, the, the predictive AI classifiers that take a look at data and tell you if this data is good or bad. Those classifiers can work with a lot of input data at very, very high speeds and in very, very complex scenarios. I like to describe this as this high dimensional feature space where lots of records with lots of different dimensions can be analyzed very, very swiftly at line speed to basically stop the threat in its tracks. And then there is the generative AI aspect. Basically conversational systems, say, or systems that can now work with a lot of unstructured data and digest the essence out of that. Those systems, they tend to be a little bit slower just by virtue of how much more compute is required to pull that off. So they aren't necessarily working at line speed. However, they can take a lot of data that previously, say a human had to review and reason about that and point to the important aspects of the data or provide summaries or assessments. So it can really accelerate human workflows by using this generative AI technology, it can accelerate the human workflow. And for us, we're always on the clock, right? Like the time it takes an adversary to move laterally, like from establishing a beach head to basically entrenching itself in a victim network. Like that time has been trending down and down and down. And since this is a raise and we're on the clock, this is really a technology that can help the defender in large extents because it makes it very, very easy to review and reason about large chunks of unstructured information.

Dave Buettner (22:56)

What about human intuition? Is there still a place for that where someone just looks at something, looks at some data, reads some research or something, and says to themselves, this just doesn't feel right. And I'm not sure, but I sense that I need to do some digging here.

Sven Krasser (23:15)

Yeah, I mean, there's definitely something to it. And you know, it's cybersecurity is. It's a battle of human minds against human minds eventually, right? Like there's humans that want to steal something, information, say, from other humans. And AI is a tool in that, in that game, but it's still a game of human wit. So we need to leverage AI because the adversary certainly is looking for every edge that they can get. But I would say, you know, there is value in human intuition if I can kind of nail it down a little bit with a metaphor. There's some games that computer systems are very good at playing these types of games, like say chess, for example. Chess systems, very smart at this point. Other games, let's say poker, they are a lot harder for automated systems to excel in because there's a lot of reading the room, reading the situation as somebody bluffing, looking at contextual cues. So that might be a good matter for this concept of intuition that you're referring to.

Dave Buettner (24:36)

Now, that's interesting. Do you have any advice for folks who are on this journey of trying to, to dial it in for their own organization of balancing the AI and the human intervention of what they should do in terms of best practices to get where they need to be?

Sven Krasser (24:53)

I think everybody needs to take a look at how they can leverage this new technology that is out there with respect to generative AI. I think traditional AI has been around for quite a while and how they can get more value out of their data using traditional AI as well. So I think that's kind of the call to action. Right. The problems that we're facing, they're more and more data driven. We have more and more data that needs to get analyzed. And that's just something where you need to bring the right tools to the table. Right. Like when you need to excavate something, it's great if you have a shovel. It's better if you have an excavator. Right. So that's really what we're looking at.

Dave Buettner (25:38)

That's Sven Krasser, CrowdStrike's senior vice president of Data science and chief scientist. And finally, imagine after all your holiday shopping, you are simply famished and you could get your Big Mac for just a penny. Sounds like a dream, right? Well, a Researcher discovered that McDonald's McDelivery app in India had a super sized security flaw allowing exactly that. With clever tinkering, users could manipulate cart prices, hijack orders and even track delivery drivers in real time. This wasn't just about cheap burgers. Sensitive data like driver names and license plates was publicly exposed. And hackers could redirect someone else's fries straight to their doorstep. It all boiled down to poorly secured APIs with vulnerabilities like broken object level authorization, allowing for these exploits. To McDonald's credit, they fixed everything within 90 days after receiving the hacker's detailed report. While this ethical hacker enjoyed a bounty instead of fries, the case underscores the need for stronger cybersecurity in consumer apps. Let's hope mixed security gets beefed up worldwide. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com well, friends, it is that time of year. The N2K CyberWire team is getting ready to settle into our long winter's nap. We will be taking a publishing break starting this Tuesday, December 24th through Wednesday, January 1st. Fret not. While we are out, we've got some fun surprises planned for you. In your podcast feeds. If you've got some downtime or want to pop those AirPods in and not engage in any more family togetherness, head over to your favorite podcast app and check out our goodies. We will emerge from our nap on January 2nd. We'll see you then. As we wrap up another incredible year at the Cyberwire, I want to take a moment to shine a spotlight on the amazing people who bring our stories to life every single day. This podcast is more than just a production. It's a labor of love, talent, and unwavering dedication. And none of it would be possible without our phenomenal team. To Liz Stokes, who produced today's episode and so many others with precision and care, thank you for your relentless commitment to delivering content that informs and inspires. To Trey Hester, our mixer, your technical expertise and creative touch make every episode shine. Elliot Peltzman, your original music and sound design give the Cyberwire its unmistakable rhythm and soul. We are endlessly grateful for your artistry Jennifer Ibin, our executive producer and Brandon Karpf, our executive editor. Your leadership and vision guide everything we do, keeping us focused on our mission. Simone Petrella, our president and Peter Kilpe, our publisher, your support and belief in this team enable us to grow and excel. To all of you, thank you for the hard work, late nights, and countless moments of collaboration this year. Here's to the stories we've told, the challenges we've tackled, and the milestones we've achieved together. I am proud to be part of our team and can't wait for all that lies ahead in the New Year. Happy Holidays and thank you for making the Cyberwire extraordinary. On behalf of all of us, Merry Christmas and Happy Holidays. I'm Dave Buettner. We'll see you back here next year. Sa.