Thoughts on ISSA talk on using AI to automate security

Recently I attended the ISSA presentation in MN, the description of it:

The Power and Potential of Robotic Process Automation. And the Security Risks.

Please join us on March 22nd as we explore the powerful and emerging Robotic Process Automation technology in regards to what IT security professionals need to know about RPA platforms.
Robotic process automation (RPA) is a powerful and emerging technology that streamlines and standardizes many human user processes as well as harmonizes different systems across an organization’s environment. So what do IT security professionals need to know about RPA platforms?
Very simply, it is a new attack vector and organizations need to start to understand their risk.
Because RPA software interacts directly with business applications and mimics the way applications use and mirror human credentials and entitlements, this can introduce risks when the software robots automate and perform routine business processes across multiple systems.
Learn about the vulnerabilities attackers seek out in RPA and the methods you can employ to proactively secure, protect and monitor privileged credentials in RPA non-human user entities that mirror human entitlements.

Brandon Traffanstedt

Our featured speaker Brandon Traffanstedt has over 10 years of Information Security experience. He has fulfilled many roles during his time encompassing the main security domains along his way. He is an expert on cloud security along achieving some of the industry’s highest level of accomplishments.


 The RPA software is actually quite a good system from what he describes. This automated account, an AI, would monitor the corporate network and take over some tasks in place of an analyst. The speaker emphasized quite a bit that these RPA's would often run with too many permissions and that you need to be careful with the credentials the RPA. Maybe I wasn't paying enough attention but I didn't catch any advice beyond "no weak passwords, and check your privilege"

After the talk I asked a few questions just to confirm the things in the back of my head I was wondering about. These were the three things that stuck out.
  • The RPA account itself is not really monitored.
  • The companies blue team likely does not have adequate understanding of the AI to properly account for what the RPA is doing
  • Dev's are not security orient
So it sounds like the RPA is a program that runs with elevated permissions and the ability to monitor them adequately is currently a bit dificult. Which I confirmed with Brandon after the talk. If a malicious actor has credentials to the RPA, and masquerades as the AI profile, it is likely minimally monitored leaving a wider range of options for what an attacker can do without anyone questioning it.

My first thought was get someone who knows whats happening to monitor it. However having a security team to monitor the RPA, from a business perspective, is currently unreasonable in my opinion. I think a better solution would be to run two identical RPA's simultaneously, feeding them the same info and doing the same tasks. That way if a discrepancy occurs between the two it can be caught, logged, and notify someone in the SOC to shut it down immediately. I messaged a friend who basically said "PoC or it doesn't matter". So it probably won't matter, but I want to leave the thought idea here.

Aside from that. I met some interesting people here. One who stuck out was a salesman for vendor AI pentesting, and AI network defense, which was interesting. He was great, and made it sound like it was an absolute catchall. My personal issues with AI in that scenario is that if you can train an AI for defense, you can also train it to do the opposite, and even train against it until acceptable. The future of hacking will include AI as a way to augment our abilities. Its pretty cool stuff that I actually hope to see more of in the wild within the next 5 years both in the red team and blue team environments. This is kind of seemingly off topic but I think it's a good thing to be aware of now.

Comments

  1. UnknownMay 8, 2018 at 3:36 AM

    Your good knowledge and kindness in playing with all the pieces were very useful. I don’t know what I would have done if I had not encountered such a step like this.
    Blue Prism Training in Bangalore

    ReplyDelete
    Replies
    1. MLJuly 1, 2024 at 10:55 PM

      Delivering a talk on using AI to automate security for an Information Systems Security Association (ISSA) event can be both informative and impactful. Below is a structured outline for the talk, covering key areas such as the introduction to AI in security, practical applications, benefits, challenges, and future trends.

      artificial intelligence projects for students

      cyber security projects for students

      Delete
  2. UnknownMay 12, 2018 at 2:56 AM

    Thanks a lot very much for the high quality and results-oriented help. I won’t think twice to endorse your blog post to anybody who wants and needs support about this area.


    Best RPA Training in Bangalore

    ReplyDelete
  3. UnknownAugust 4, 2018 at 5:40 AM

    Your post is just outstanding !!! thanks for such a post, its really going great work.

    Blue Prism Training in Chennai | Blue Prism Training Institute in Chennai

    ReplyDelete
  4. Madhu BalanAugust 19, 2019 at 7:18 AM

    You have provided a nice article, Thank you very much for this one. And I hope this will be useful for many people. And I am waiting for your next post keep on updating these kinds of knowledgeable things
    Java Training in Chennai
    Java Training in Coimbatore
    Java Training in Bangalore

    ReplyDelete
  5. Anbarasan14August 20, 2019 at 5:32 AM

    I would like to thank the blog admin for sharing this useful information in my vision. I have been searching for this blog for a while.
    Spoken English Classes in Chennai
    Best Spoken English Classes in Chennai
    IELTS Coaching in Chennai
    IELTS Coaching Centre in Chennai
    English Speaking Classes in Mumbai
    English Speaking Course in Mumbai
    IELTS Classes in Mumbai
    IELTS Coaching in Mumbai
    IELTS Coaching in Anna Nagar
    Spoken English Class in Anna Nagar

    ReplyDelete
  6. Bangalore Training AcademyDecember 23, 2019 at 7:17 AM

    Your topic is very nice and helpful to us … Thank you for the information you wrote.

    Learn Hadoop Training from the Industry Experts we bridge the gap between the need of the industry. Bangalore Training Academy provide the Best Hadoop Training in Bangalore with 100% Placement Assistance. Book a Free Demo Today.
    Big Data Analytics Training in Bangalore
    Tableau Training in Bangalore
    Data Science Training in Bangalore
    Workday Training in Bangalore

    ReplyDelete
  7. hamiJanuary 17, 2020 at 3:41 AM

    I simply were given to this first rate website no longer lengthy ago.
    I was actually captured with the piece of assets you've got got here. Big thumbs up for making such exceptional weblog web page.

    click here formore info.

    ReplyDelete
  8. shreekaviFebruary 24, 2020 at 11:35 PM

    Really awesome blog. Your blog is really useful for me. Thanks for sharing this informative blog.
    Software Testing Training in Chennai
    Software Testing Training in Bangalore
    Software Testing Course in Coimbatore
    Software Testing Training in Madurai
    Software Testing Training Institute in Bangalore
    Software Testing Course in Bangalore
    Testing Course in Bangalore
    Ethical hacking course in bangalore

    ReplyDelete
  9. subhaJune 7, 2020 at 2:11 AM

    thanks for posting useful information.You have provided an nice article, Thank you very much for this one.Promobuddy is one of the best page.i relly happy to seee this.
    Ai & Artificial Intelligence Course in Chennai
    PHP Training in Chennai
    Ethical Hacking Course in Chennai Blue Prism Training in Chennai
    UiPath Training in Chennai

    ReplyDelete
  10. subhaJune 12, 2020 at 7:28 AM

    I feel satisfied to read your blog, you have been delivering a useful & unique information to our vision.keep blogging.
    Digital Marketing Course In Kolkata keep it up
    Ai & Artificial Intelligence Course in Chennai
    PHP Training in Chennai
    Ethical Hacking Course in Chennai Blue Prism Training in Chennai
    UiPath Training in Chennai

    ReplyDelete
  11. deivaSeptember 6, 2020 at 6:47 AM

    I would like to thank the blog admin for sharing this useful information in my vision. I have been searching for this blog for a while.
    angular js training in chennai

    angular js training in omr

    full stack training in chennai

    full stack training in omr

    php training in chennai

    php training in omr

    photoshop training in chennai

    photoshop training in omr

    ReplyDelete
  12. AnonymousMay 17, 2022 at 4:35 PM

    perde modelleri
    Mobil Onay
    TURKCELL MOBİL ÖDEME BOZDURMA
    nft nasıl alınır
    ankara evden eve nakliyat
    trafik sigortası
    dedektor
    web sitesi kurma
    aşk kitapları

    ReplyDelete
  13. DigisnareAugust 4, 2022 at 6:01 AM

    Good
    https://www.digisnare.com/

    ReplyDelete

Post a Comment

Popular posts from this blog

Bandit 12

Bandit 12 bandit12@bandit:~$ ls data.txt bandit12@bandit:~$ mkdir data bandit12@bandit:~$ cp data.txt ./data bandit12@bandit:~$ cd data bandit12@bandit:~/data$ ls data.txt bandit12@bandit:~/data$ file data.txt data.txt: ASCII text 0000000: 1f8b 0808 4572 4259 0203 6461 7461 322e ....ErBY..data2. 0000010: 6269 6e00 0143 02bc fd42 5a68 3931 4159 bin..C...BZh91AY 0000020: 2653 59a3 fd61 8800 0019 ffff dffb 1ff5 &SY..a.......... 0000030: f7d7 dfdb fe4f ffb3 b5f7 ffdf b2d8 fefb .....O.......... 0000040: e7dd fffa fefd 7f7b d1fb fe3f b001 3b56 .......{...?..;V 0000050: a106 81a0 1a00 07a8 0068 01a1 a69a 0000 .........h...... 0000060: d1a0 d034 6868 34f5 0641 a000 000d 000f ...4hh4..A...... 0000070: 5064 00d0 321a 69e9 0323 1a27 a883 4003 Pd..2.i..#.'..@. 0000080: 41a0 01ea 0000 0003 4000 0068 7a4f 4800 A.......@..hzOH. 0000090: 0c8c 803d 41a0 64d1 a3d4 d1a3 6a68 01a0 ...=A.d.....jh.. 00000a0: 34da 8340 003d 4347 a83a 69a6 8699 0034 4..@.=CG.:i....4 00000b0: 3203 4610 3
Read more

Bandit level 14

Bandit 14 Level Goal The password for the next level can be retrieved by submitting the password of the current level to port 30000 on localhost . Commands you may need to solve this level ssh, telnet, nc, openssl, s_client, nmap Helpful Reading Material How the Internet works in 5 minutes (YouTube) (Not completely accurate, but good enough for beginners) IP Addresses IP Address on Wikipedia Localhost on Wikipedia Ports Port (computer networking) on Wikipedia Okay so I know telnet doesn't have authentication. I know I'm probably using that so I check the man page. Synopsis telnet [ -8EFKLacdfrx ] [ -X authtype ] [ -b hostalias ] [ -e escapechar ] [ -k realm ] [ -l user ] [ -n tracefile ] [ host [ port ]] Okay so the command will be "telnet localhost 30000", remember those instructions from the previous level on where that password was? Neither do , lets read it again! "The pa
Read more