Thinking sky-high in cloud security using AI (Guest blog from Exception)

Author: Mauricio Faoro, Cloud Engineer at Exception

Cybersecurity is a crucial aspect that should not be overlooked in the AI revolution. Together, they must be high on the agenda of Chief Information Security Officers (CISO), underlining the importance of delivering cybersecurity and best practices to protect data and applications hosted in the cloud.

AI offers significant potential to protect data and systems from cyber-attacks by preventing or reducing the costs and impacts of data breaches, maintaining regulatory compliance and mitigating evolving cyber threats.

Improve security posture with architectural guidelines

Unfortunately, there is no magic solution, and no single tool will defend all workloads of all cyber-attacks. However, there are some AI and machine learning powered services that can help improve security posture when combined with architectural guidelines such as the Zero Trust model.

AI-powered cloud security options include:

AWS Guard Duty continuously monitors AWS accounts, instances, serverless and containers workloads, users, databases and storages for potential threats. They expose threats quickly using anomaly detection, Machine Learning (ML), behavioural modelling, and threat intelligence feeds from cloud providers and leading third parties.
Amazon Detective simplifies investigation and helps security teams conduct faster and more effective investigations.
Macie is a data security service that uses ML and pattern matching to discover and help protect sensitive data.
Fraud Detector is a fully managed service using ML to enable customers to identify potentially fraudulent activities and catch more online fraud faster.
CodeGuru Security is a static application security testing (SAST) tool that combines ML and automated reasoning to identify vulnerabilities in code, providing recommendation fixes
Amazon Lookout for Metrics uses ML to detect and diagnose anomalies within business and operational data. It helps to reduce false positives, diagnose root causes and seamlessly integrate with databases and storage services
DevOps Guru uses ML to detect abnormal operating patterns to identify operational issues before they impact customers
SageMaker builds, deploys and trains enterprise’s own machine learning models.

Strength in numbers for a cyber-secure cloud environment

It is important to understand the division of responsibilities between cloud providers and customers when it comes to cloud security. AWS is responsible for securing the global infrastructure that runs its services, as well as the security of its own cloud services. This includes the security of hardware, software, networking and facilities.

AWS also offers security resources and tools to help its customers protect their data and applications. On the other hand, customers are responsible for making sure their cloud resources are secure. They also need to take measures to protect their data, including encrypting sensitive information both at rest and in transit. It is essential for customers to implement security controls for their applications, such as access control and input validation. Lastly, customers must monitor their cloud resources for any security threats and respond promptly to incidents.

AWS recommends that its customers adopt the Zero Trust model, which assumes that no user, device or workload can be inherently trusted. Instead, all access to resources is granted based on continuous verification of identity, risk assessment, and least privilege. However, moving towards Zero Trust should be done incrementally, with some level of flexibility to allow for innovation.

Conclusion – a securer cloud future using AI

Protecting applications and workloads from cyber-attacks is a never-ending challenge as new cyber-attacks emerge every day as new vulnerabilities are identified and exploited.

As cyber-attacks become more sophisticated, having a strong cybersecurity posture for your enterprise is critical. Cloud providers are offering a greater range of cloud services than ever that use AI and machine learning to help improve this posture.

Their list of services is constantly expanding, and we can expect AI to be integrated into more services in the future. By using AI, we can access a great number of services provided by cloud providers to help us defend against attacks.

However, it is equally crucial to remember the basics and follow security guidelines, in conjunction with the new tools and services. AI is here to assist us, directly or indirectly, in our fight against cyber-attacks.

Find out more about Exception

techUK - Putting AI into Action

Our Putting AI into Action campaign serves as a one stop shop for showcasing the opportunities and benefits of AI adoption across four strategic sectors - Health and Social Care, Cyber, Central Government and Transport.

techUK is coordinating a calendar of events, reports, and insights to demonstrate some of the most significant opportunities for AI adoption in 2024, as well as working with key stakeholders to identify and address current barriers to adoption.

Visit our AI Adoption Hub to learn more, or find our latest activity below.