Cybersecurity is a back-and-forth between attackers and defenders, each looking for advantage—and, in some cases, learning from each other.
Taking cues from the bad guys might seem contrary to the threat defender mission, but once you strip away the specifics of what each side is doing, they’re both IT experts doing a job—one that often includes AI and automation. Foundation AI Global Security Advisor Mick Baccio shares the view that threat actors can be teachers for IT pros.
“We were trying to automate incident response, why would you not automate the offensive side?” Baccio said.
Researching how attackers use technology is part of assessing tactics, which can change your defensive posture. But attackers will research the response and defensive actions in general, requiring a shift on the part of defenders, Baccio said. One big difference? How things will be different once agentic AI becomes ubiquitous for both sides.
“At some point, it’s going to be my agentic AI-powered defensive stack against an agentic AI-powered offensive attacker,” Baccio said.
Applying the lessons. Over at Splunk, another subsidiary of Cisco, CISO Michael Fanning told IT Brew that red teams and pen testers are able to learn from the behaviors of cyberattackers.
“We’re going to see new ways attackers are using AI to their advantage, and we’ll learn from that to understand how we can create our own defender towards our advantage,” Fanning said. “We would be missing out on an opportunity to not learn from some of the things that they do.”
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Beyond just the immediate lessons from attackers, learning in the cybersecurity space is an evolving discipline. Baccio told IT Brew that getting many different perspectives is part of the job, whether team members or stakeholders. At Splunk, that’s security researchers; at Foundation AI, it’s developers.
“It’s being creative, and considering everyone’s viewpoint and also being super plugged into the community, whatever other folks are seeing or doing or working on,” Baccio said.
It’s only logical that the attacker side would have the same outlook. “Loosely affiliated cyber gangs,” Baccio explained, are as likely as defenders to work together and trade information with one another. The best way to combat that is to continue to keep the communication channels open between cybersecurity professionals.
“Getting better at sharing, not necessarily trade secrets, these are the things that are helping us work,” Baccio said. “That informal part, I think, goes a long, long way.”