September 19, 2024

00:43:13

KB On The Go: Zenith Live 2024 (Part 2)

KB On The Go: Zenith Live 2024 (Part 2)
KBKAST
KB On The Go: Zenith Live 2024 (Part 2)

Sep 19 2024 | 00:43:13

/

Show Notes

In this bonus episode, we’re joined by Claudionor Coelho, Chief AI Officer, and Deepen Desai, Chief Security Officer & Head of Security Research at Zscaler as they share the latest in zero trust networking and AI security to protect and enable organizations. Claudionor discusses the societal implications of AI, the fears of obsolescence, and the generational changes in communication, providing a comprehensive look at the future of AI in both the digital and human landscapes. Deepen highlights the incredible potential of AI in transforming cybersecurity through initiatives like Zscaler’s “copilot” technology and the use of predictive models to foresee and mitigate breaches and the pivotal shift from reactive to proactive cybersecurity measures, underscoring the necessity of a zero trust architecture to minimize breach impacts.

Claudionor Coelho, Chief AI Officer, Zscaler

Claudionor Coelho brings a wealth of expertise to help Zscaler deliver a competitive technology advantage through the development of AI and ML innovations. Prior to joining Zscaler, Coelho served as the Chief AI Officer and SVP of Engineering at Advantest, where he spearheaded the development of a Zero Trust private cloud solution tailored for the semiconductor manufacturing market. Before Advantest, Coelho was the VP/Fellow of AI and the Head of AI Labs at Palo Alto Networks where he led the charge in AI, AIOps and Neuro-symbolic AI, an advanced form of AI that enables reasoning, learning, and cognitive modeling, to help revolutionize time series analysis tools on a massive scale. Coelho’s career also includes vital roles in ML and Deep Learning at Google, where he developed a state-of-the-art Deep Learning technology designed for automatic quantization and model compression which played a pivotal function in the search for subatomic particles at CERN..

Deepen Desai, Chief Security Officer & Head of Security Research, Zscaler

As Chief Security Officer & Head of Security Research at Zscaler, Deepen Desai is responsible for running the global security research operations as well as working with the product group to ensure that the Zscaler platform and services are secure. Deepen has been actively involved in the field of cybersecurity for the past 15 years. Prior to joining Zscaler, he held a security leadership role at Dell SonicWALL.

View Full Transcript

Episode Transcript

[00:00:16] Speaker A: Welcome to K beyond the go. And today I'm on the go in sunny and hot Las Vegas with Zscaler, and I'm reporting on the ground here at the Bellagio for the Zenith live conference. Zenith Live is the premier learning conference where experts converge to share the latest in zero trust, networking and AI security to protect and enable organizations. I've got a few executive interviews up my sleeve, so please stay tuned. Joining me now in person is Claudia Noel Coelho, chief AI officer from Zscaler. So, Claudio, thanks for joining and welcome. [00:00:45] Speaker B: Thank you very much. [00:00:46] Speaker A: So, yesterday you presented. Talk to me a little bit more about what you presented on. [00:00:50] Speaker B: I did a presentation on how we can use generative AIH graph neural networks to improve cybersecurity. One of the things that we did is that recently we announced the copilot at Zscaler. And some of the technologies that I presented yesterday, they were used to build the copilot technology. [00:01:09] Speaker A: So when it comes to AI in general, would you say, like people, and I've spoken a lot about this on my podcast, do you think people are fearful of it because maybe it's mainstream media that aren't technologists at heart that are engendering a lot of negative sort of energy towards it? So would you say that people just generally seem worried about it? [00:01:32] Speaker B: That's a very good question. I'm a member of the World Economic Forum AI group, and last year they were basically discussing like everyone, government officials, people, they were like, word that AI, specifically, large language models, chat, DPT type of technology, they are going to take over the world. People are realizing that that's not going to happen anytime soon because large language models, they are. I usually joke saying that by themselves, they are like expensive toys because they hallucinate a lot, and that makes it very hard to create like a trustful product based on them. But when you added like, all the infrastructure that you created before, like tools, algorithms, connections to other systems, then it makes a really powerful asset for a company. [00:02:22] Speaker A: So when you said anytime soon, when's any time? [00:02:25] Speaker B: So I still believe that we still have a long way to go. Anytime soon is basically like this. If you just take the LLMs itself, they do not have the capability to self train them. You need a whole software system on the back to connect to the systems, connect to other things. Suppose, for example, you have like a company that went to IPO last month. The LLM's cut out date was before that. That means that all the training data they used to create, like an LLM, happened before the cutout, the IPO of this company. So that means if you ask Dalm any questions about it, they will say, I don't know that information because it was before my cutout date was before that time. However, if you basically start connecting to search engines, DLM, and you use DLM as your next generation user interface, then it makes really powerful, we call them AI agents. And that has like a much better capability to basically answer questions and to interact with systems. And I think that is really the advantage of large language model based systems as opposed to just dlms. [00:03:34] Speaker A: So can I just ask, don't you think, like, where we are with AI in general and what people think, whether it's negative or whether it's positive, wasn't this sort of the inevitable we're going to get here eventually at this stage? So are people surprised, would you say that we're sort of here with everything that sort of happened? Look, even the last like 20 years and how technology's evolved so much? [00:03:53] Speaker B: I'm going to quote Gartner. I was in Gartner watching a presentation, and they said, LLMs here are here to stay. So if you think about how people develop software systems before chat DPT, like November 30, 2022, people used to have a pm that would imagine how you would interact with the software, and they would create the UI for user interfaces and the flow for the user interfaces. And that if you want to basically use the system in any way that is different than that, then you'd have to adapt yourself to the way that the person who designed the software to interact with LLMs, they can basically, with generative AI or large language models, you can actually detect the user intent. And that makes a huge advantage, because now, instead of having the person to adapt to the way that the software works, what you do is that the LLMs detect what you want to do, and it adjusts dynamically how the software will work. To answer your question, and that's what's the real advantage is from your perspective. [00:04:59] Speaker A: Being part of the World Economic Forum, what do you think people are fearful of? Now, I keep asking this because I'm very pro for it, but then, as I mentioned before, there are mainstream media, et cetera, that sort of come in and try to create this story that the world's over and robots are taking over. What do you think scares people? And I have some context around that, but maybe you answer that question first. [00:05:22] Speaker B: People are fearful of the unknown. They don't know what's happening is going to happen in the future. And one of the things that I usually say is this. In 1970 or 72, someone went to New York to Medicine Square Garden and then took a brick, something very large, and started talking with it. It was the first cell phone conversation in the world. And if you ask the people around it, people did not. If you ask people like, do you want a cell phone? They would say, why do I need a cell phone? And now it took like several years, like maybe 2030 years, until the cell phone matured, the cell phone industry matured, and then we have, like, iPhones now. What's happening right now is that the speed at which this technology is advancing is much faster than anything else that we have seen before. And that's what people are scared because it took like 30 years for people to get acquainted with cell phone. And remember, if you just think about a cell phone, you created business for app development. You created new opportunities for even people who sell cases for iPhones, okay, or cell phones. But right now, people don't have, don't know how long it's going to take until this technology matures or if it's going to mature or not and which opportunities they will create. But there are a lot of opportunities. I usually, I was looking a few weeks ago, and if you look at Anthropic, Anthropoc is one of the makers of one of the large language models. They had a posting about prompt engineers for jobs, saying, if you're looking to work with us to be a prompt engineer, then we are requesting that you have two, three years of experience. Remember, two, three years ago, there was no prompt engineering. There was no large language. And they were saying that you don't need to have a degree. You don't have to have, like, more than two, three years experience, but you are looking for people. So that shows that it just created opportunities for new market, for new programs, for new qualifications for people that did not exist before. [00:07:25] Speaker A: Sure. Absolutely. Okay. So there's a couple of things in there. So would you say that people's fears would be fear of unknown, but also the speed? Because what you're saying before, like originally, like, yes, things would come out, but not to the same velocity as now. So then what are the opportunities that do exist? And you're right. Like, things, you know, even before, like when the Internet started, there were no google. Like all of that sort of started up when the, you know, in the nineties, when the Internet sort of started. So it has created jobs like Zscaler and all that went around, like, all this time ago. So what are the opportunities that do exist that you foresee. [00:07:57] Speaker B: So first of all, you have to understand that whenever a new technology comes in, it's used both for good and for bad. So if I basically imagine that I can turn on hallucination, large language models are known to hallucinate, which means that they generate like completely out of the blue answers for you that you could call creativity, or if you basically want them to do some action, they call it hallucination, but it's bad. But hallucination on itself, it's not a bad idea. In my talk yesterday, I was saying, let's suppose you want to create a new product in healthcare, and I was even joking, saying, I'm not going to be talking about cybersecurity, because if it gives me a good idea, I'm not going to mention it to you here in my presentation. But if you go to LLM and turn on hallucination and you say, give me ideas for a product and names in healthcare industry and explain to me why this name is a good name, and it gave me very good names, one of the names I would have to look at my presentation here, but it gives really credible names and marketing names for a product that would probably be a hit in the market. So it makes your like the idea of creativity, it makes your creativity go to anywhere you want, because you can evaluate opportunities and you can evaluate scenarios much quicker than what you could do before. [00:09:18] Speaker A: Where do you think we're going to traverse to now? As you said, that the velocity is there, things are increasing like much faster than before. What do you sort of see the next twelve months, like realistically, but then also broaden that into the next five years in terms of AI, like, what are the things that we're going to see, even if it's on a consumer level? [00:09:33] Speaker B: So let's split this into two parts. Number one, large language models. Number two, deep learning, including graph neural networks. For example, a few months ago, Google DeepMind created a startup to work on new drug discovery, because they have been using like a graph neural networks and deep reinforcement learning to actually search for new drug components. Remember that whenever you buy a new drug, or if you watch like on advertisement for new drugs on the tv, they basically say how wonderful the drug is. And then at the end they say this drug, although it's wonderful, it may kill you, it may give you something, some side effects. And the list of side effects is very extensive. So there is like the need to search for new drugs in the market that will reduce the side effect. And that's why Google basically created this new company that is, or it funded the new company just to search for new types of drugs. And you can imagine that those types of system, because they're maybe operating at atomic level, to do search for new compounds or new connections between drugs or molecules. They can search for new materials. They can search for new drugs. They can search for, I don't know, dermatological, like medical supplies, tools and things like that. Okay, this is one point. Now you need to interact with those systems and what is the best way for you to interact with those systems other than spoken language or written language? So if you can interact with those systems saying, oh, you know what? I did not really like the way that this molecule is behaving. Let me try it a little bit in a different way. And the system started doing the thinking by itself. So you can think about this. It's like it's a copilot that helps you think about the problem that you're trying to solve. [00:11:22] Speaker A: Isn't that better, though? Because why would you want to use your own computational power when you have a machine to do it for you? [00:11:27] Speaker B: Yeah, and that's one of the real advantages of this technology, is because it's how we are going to be seeing this being used in the near future. New materials, new drugs, or new ways to solve problems or new products in the market. So you're going to be accelerating the way we can introduce or solve real problems. [00:11:45] Speaker A: Do you think as well, that in terms of skill set of people, do you think people are sort of, I don't want to say the word lazy, but maybe people are like, oh, well, now I've got to go up skill again. When I just went to university or college, what do you guys call it here for, like, four or five years, and now I've got to do something again. Do you think people just aren't motivated to go out and learn a new skill set because their current skill set potentially could become obsolete? [00:12:07] Speaker B: That's one of the fears people have, is that because if the machine is doing so well for you, then people started basically getting, let's call it like a number, for lack of a better term. And there is like this comic book called idiocracy book movie called idiocracy that talks about the iq of people going down because the machines started doing everything for them. But in fact, on the other side, you can imagine that people will just find the new ways or start solving additional ways. The way that I think is that AI, large language models, and deep learning in general, they're going to become your exoskeleton. I don't know if you ever watched the movie Alien two, but there is this part on the movie where Sigourney Weaver dresses up an exoskeleton to fight an alien. And she knew that she would not have enough strength to fight the alien without the exoskeleton. But the exoskeleton, which at the time was like a mechanical piece, it would help her to have, like, superhuman strength. So the way that I like to think about this technology is that it's going to enable you to have super human strength. [00:13:08] Speaker A: Do you think people are, people's iq? Are they going down? Would you say? [00:13:13] Speaker B: No? I said, this is like the comic movie that I watch it because that is, like, what people are fear that it's going to take over so many of the intelligence or the jobs, or even, like, the most jobs that people do, that actually people will not have anything to do. [00:13:29] Speaker A: Okay, what about we're reliant, though, on it? So, for example, like, nowadays, no one goes anywhere without their phone. You've got your wallet, you've got your navigation, you've got talking to someone. So, like, we are reliant then on a phone. But, like, back in the parents days, like, there was no phones and stuff like that. You just had to know where you were going, and you had to pray that the person that you were meeting up with was there on time and all that type of stuff. So now are we going to become more reliant then on this technology? And we can't live without it. [00:13:58] Speaker B: So let me give you, like, an example. When I was, like, a kid, I. That's when vhs, like, a videotape, came. And at that time, my father bought a video cassette machine. It was part of the first one in the family. And I subscribed to a company that you could just rent the tapes to watch at home. And I had an answer that basically came to me and said, I don't know why you're spending money on this. People will never replace a movie theater by just watching movies at home. And now we have Netflix. So it changed the way that people basically do business. I still value a lot about human interaction. I think that once people have to understand is that human interaction is really what people need to focus on. [00:14:41] Speaker A: Do you think people are focused on that, though? [00:14:44] Speaker B: Sometimes? No, because if you look at the video games, I see that the new generation of kids, they try to spend more time on the video games than actually going out and spending time. But I wish that people, eventually they're going to realize that interaction is important, human interaction. [00:15:00] Speaker A: So I'm a millennial, but the generation below me is the z. So would you say that their human interaction level is not the highest in comparison to other generations? And then. So what does that then look like? [00:15:13] Speaker B: Not that it's the highest, but it's different. Each generation, they basically change the way that people interact with each other. With each other. And it's very funny because my wife was complaining to me recently that the kids these days, they only use like, chat, discord or WhatsApp to talk to other people. And that did not happen before. And then I showed her a picture from 1930 about people on the subway reading newspapers. [00:15:38] Speaker A: Yeah. Oh, yes, I think I've seen that. And it's now it's replaced with a phone. [00:15:42] Speaker B: Yes. So it changes the technology. [00:15:44] Speaker A: So what excites you the most about AI? [00:15:47] Speaker B: It's the possibilities that right now, for example, Natalia was basically congratulating me because I was a seed investor in a company in Brazil ten years ago, and the company has just been acquired, and it was the first deep learning company in Brazil, the one I invested. And at that time, we would have to rebrand the company to create scenarios and do a lot of, like, what if analysis to what, the end? Right now, if I have like a chat GPT, or if I have like, a larger language models, I can start doing analysis on this and basically running several scenarios in parallel. And although they will hallucinate and I will throw away maybe like half of the stuff that it will return to me, some of the scenarios they may generate for me, they're actually going to be pretty good that I can follow up on that. And just this opportunity, this possibility of the larger language models and generative AI, to be able to do this analysis in a much faster way, it's like. [00:16:46] Speaker A: Incredible in terms of people sort of listening. And going back to your comment before around leveraging large language models, or AI more specifically, as a co pilot, what would you sort of say to people to start thinking more along those lines? Not necessarily a replacing, but a tool that's sort of assisting. Do you have any sort of advice for people? [00:17:07] Speaker B: Do not fear about it, embrace it, because I think in the future it's not going to be about AI is going to replace you, but it's going to be like, if you don't use this tool towards your advantage, then you're going to become obsolete. [00:17:23] Speaker A: Do you think people are aware of that? [00:17:25] Speaker B: The next generation is aware of that, the new generation like Generation Z or Alpha, they are aware of that because they're using it extensively. I teach at a university in the Bay area too, and I have seen and actually tell my students whenever going to write the report, ask chat PT or ask the large language model to help you write the report. It's not for it to write the report entirely because it's going to hallucinate badly, but if you do it in a controlled way, it's going to generate a lot of content for you that you can utilize later on. [00:18:00] Speaker A: What do you mean hallucinate badly? What does that mean? [00:18:02] Speaker B: So that's a very good point. My wife is a medical doctor and she was asking me like to show her how large language models could help her create papers. And then it basically gave a topic to chat GPT and asked chat GPT to generate references. None of those references actually existed. It made up those references. I told her, whenever you ask like larger language model to create a reference for you, you have to double check because you may find out that they are invented. They're made up. [00:18:34] Speaker A: Wow. So you're just saying it's just a bit of a wild west at times. [00:18:38] Speaker B: Yeah, that's why I said that you have to be very careful when you build copilot to try to constrain as much as possible hallucination. [00:18:45] Speaker A: What do you think about these large media outlets that are complaining, trying to sue OpenAI around, leveraging their content for large language models? What do you think about that? [00:18:56] Speaker B: It's a very, very good question. You have to understand part of the presentation that I gave to some universities recently, I told them that written content has eroded badly in the past few years. That means that this is like the fourth copilot I work in my life. And think about this. It used to be before that, whenever people would write a technical document or any kind of document, they would start thinking about section topics. Then they would write the topic sentences, then they would basically expand the topic sentence to paragraphs and that would make how you would write pieces any kind of document. Right now I have seen documentations that says the next picture shows everything you need to know about whatever the topic is. They show a very complex picture, almost like an Ikea, how to assemble menu that you cannot extract any information from that picture because it is just too complex. So largely because of these larger language models, they rely more and more on written, well written pieces to train the large language model. Remember LLMs, they communicate with you through spoken language, total spoken or written language. So they need to be trained on very well written documents, and you cannot train them without well written documents. And some people are saying that they're going to run out of training text to train the next generation of larger language models by the end of this year or next year. [00:20:26] Speaker A: So would you say that media outlets are within their rights to feel violated by this? [00:20:33] Speaker B: To certain degrees, yes. I don't have, like, a solution to this. Whether they would and whether they should use this or not, they should pay fees on that. But to a certain degree, this is the same problem as the search engines that have been with the media and remembered, like the mediaev companies, they complain that if you go to one of the search engines and research about the news, you may end up with a news that nobody was paying, and they're complaining that that's reducing that revenue. So to a certain degree, it's the same problem that has been going on with the search engines business. I think Australia, they were discussing that. [00:21:11] Speaker A: A few, they turned it off. They turned it off through, I think a year ago. They turned it off through social media, and then people complained. So then they turned it back on again pretty, pretty quickly. [00:21:20] Speaker B: But it's the same problem, okay. It's the access information. And to tell you the truth, I think we have to somehow give credit to the person, especially because in the case of large language models, they can leak out of the training data. By leaking out training data, depending on how you ask a question to a large language model, it can start spitting out the training data that it was trained upon. [00:21:42] Speaker A: But what if I was, to your terms, hallucinating in my thoughts and created a media site that tried to convince everyone that the sky was purple? And then I, then large language models are trained off of that which is in fact fabricated. [00:21:57] Speaker B: Tell the larger language model, depending on how you write the prompt, by saying, I want you to explain to me why the sky is purple. It's going to tell you, and it's going to give you reasons why the sky is purple. [00:22:06] Speaker A: But I'm saying that it's got to train off the content that's out there. So if I created another media outlet that was complete garbage and made no sense at all, are you saying that some of these large language models could be trained off that? [00:22:19] Speaker B: So if you look about how people train large language models, there are two ways you can train them. You can train on the web scale data or text that is available in the world, and they usually do very little content classification there in the hopes if you basically have garbage, as you said, like badly written text, and you have good text. You have much more good text than you have, like bad text, but it's still going to be trained on that text on both of them and then fine tuning. You fine tune the large language model later on only on good and high quality text. There's another type of large language models that are training right now, Pythree from Microsoft being one of them, that they train the models from the start with only high quality text. [00:23:04] Speaker A: How do you define high quality text, though? [00:23:06] Speaker B: You need a lot of people to actually, to evaluate and to basically see this, to tag the text as being, this is high quality. This is not high quality. [00:23:14] Speaker A: Who, what type of people? [00:23:16] Speaker B: They usually hire people to do the analysis, like contractors, for example. At some point, OpenAI was even basically hiring people in different countries to basically tag the text for them as good quality or bad quality. [00:23:30] Speaker A: Is there like a framework that they follow to determine quality versus not high quality? [00:23:35] Speaker B: That's a very good question. I don't have the details on that, but I'm assuming that they have some guidelines, internal guidelines to detect for people to say this is good quality or bad quality. Of course, if you can do that using a large language model, they can do. Maybe they have a two stage process where the large language model first give you an assessment, and then you just say, yes, it's true, or no, it's not true. [00:23:57] Speaker A: Because then going back to my example before, around the sky was purple, it would then say, this is low quality content. [00:24:05] Speaker B: Someone would basically tag as, this is not truthful, and then they would discard the piece of text. [00:24:10] Speaker A: Are those frameworks or those sort of parameters? Are theydehethere publicly available? [00:24:14] Speaker B: Probably not. Okay. Sometimes what they do that they disclose that the training set, so they don't tell you how they got to the training set, but they disclose the training set or the algorithms to search for the training set, but not how to qualify as high pilot or med pilot. [00:24:32] Speaker A: Joining me now in person is deepen Desai, CSO and head of security research from Zscaler. So, deepen, thanks for joining and welcome. [00:24:39] Speaker C: Thank you for having me. [00:24:40] Speaker A: So, I know last few days you've had a couple of sessions, so maybe run over, like what you've discussed. [00:24:45] Speaker C: One of the sessions that I delivered was a mainstage keynote where the talk was focused around AI and cyber. It covered both innovations on the bad guys side, how they're leveraging AI to target enterprises, and then also how vendors, including us, Zscaler, zero trust exchange, is embracing AI across the platform. To counter that, I did go through a few interesting innovations, something that we announced late last year called breach predictor. This is a product where we're trying to combine generative AI with multidimensional predictive models to flat potential breach like scenarios before they progress further. And the goal over here is, again, to harness the power of generative AI to prevent breach before it progresses further. So that was one of the innovation that I talked about. I actually demoed a generative AI driven tag where the threat actor just provides a single prompt. Everything else is fully automated and dynamic in nature at the rogue GPT variant that was being leveraged by the redactor. [00:25:55] Speaker A: So we talk about the predictive side of it. How does that sort of work? Because, I mean, there's lots of vendors coming out now and saying that we can do this with that, and we're integrating Genai. What does that really mean for people though? [00:26:04] Speaker C: AI ML has been around for several years, what has changed in the last couple of years is the generative AI. Advent of generative AI definitely increases your ability to process vast majority of the data, and there is also this thinking element where you are able to predict. So the way to think of what we're doing is we're combining generative element with the existing predictive element. And the goal over there is to make sure, based on the intelligence that the team has compiled over last ten years, we have about 10,000 plus potential breach like scenarios. Use that to train this AI breach prediction recommendation engine. Now, when all the real time traffic that we're seeing in the organizations take those transactions, feed it into this engine, able to point out, okay, this is where there is a high probability of threat actor or an attack campaign moving from stage a to stage b of previously steam attack as well. So this is not one is to one match, but these are variations of things that we have seen in the past. [00:27:11] Speaker A: So from a research perspective, what are some of the, are you working any sort of research pieces at the moment? Anything you can share in terms of insights? [00:27:17] Speaker C: I lead a team of global security experts called threat labs, and on an annual basis there are five reports. I would encourage you all to take a look at it. It's on our research dot zscaler.com website. The most recent one that will be coming out next month will be on ransomware. So ransomware is an area that team tracks in a lot of detail. There are a lot of ransomware threat families where we know how they're operating. The ransomware is a service model. For instance, a couple things that we have seen over the last few years is ransomware. Started with encrypting the files, demanding ransom. Then they added exfiltration piece. Now, over the past couple of years, we're seeing them not even encrypting files, they're just exfiltrating files from your environment. The volume is very, very high in many of the cases. And the amount of ransom that we're seeing, these folks able to get out of the victim is significantly higher than what we used to see before because of the type of victims that they're going after, because of the type of data that they're able to steal. So I think last year the amount was, the highest amount that we saw was around 40,000,035 to 40 million this year. And this is probably not out there. This will come out with a report. It's 75 million in a single attack that was collected by a ransomware operator. And again, this is purely because of the type of information that they're able to get from victims. Based on that, they're able to get these type of ransom amounts paid out. [00:28:49] Speaker A: What's the type of information that people are sort of taking? [00:28:51] Speaker C: Without going to too much detail on the specific case, but think about defense related information or a drug information from a large pharmaceutical company, which is the next level thing that the company is embedding on, you're seeing a lot of the healthcare or is getting. That's where there is patient information. Again, there is a lot of IP information involved. That's what these guys go after and then try to get large ransom payments get out of. [00:29:20] Speaker A: So you're saying your plan or your current plan is to predict these breaches. How do you do that though, right? [00:29:27] Speaker C: So look, ransomware is just one threat category. There are many other threat categories. What we have done is we have documented, like I was describing earlier, 10,000 plus multistage attack chains that are known breach like scenarios. We're then leveraging that in the product to train an LLM that we're calling AI breach predictor. The goal over there then is to flag what stage of a breach like scenario is an organization is at. And then we take a look at how the organization's security controls are configured based on that, based on the amount of activity we have seen in the environment. Till then, we're using compute to figure out what's the next stage probability like in that environment. A simple example, like if you know a threat actor is using TL's to do certain activity, organization is not doing TL's inspection. The probability of that next stage happening in that environment and them not catching or blocking it is close to 100% right now. That increases the overall probability of the entire breach scenario as well, by a certain percentage. [00:30:39] Speaker A: So are you saying that companies are going to be reliant then, on this predictive breach capability? [00:30:46] Speaker C: The goal over here is a lot of the modules that you see out there were always reacting. And when things happen, yeah, you sure would want to block known bad stuff, but there is always going to be those unknown unknowns. We need to go in the direction of having this proactive, preemptive, predictive approach where you're trying to get ahead of the unknown unknowns that we will see with AI driven attack. [00:31:11] Speaker A: But haven't we been trying to get ahead of the unknown unknowns for years? We haven't quite got there. [00:31:16] Speaker C: Absolutely. That unknown unknowns, by definition, you're not going to get ahead of it. That's where having these preemptive modules combined with another important thing that I covered in the keynote is zero trust. Now, that term has been heavily used and abused, but if you think about it, if the true zero trust architecture is implemented, you're able to contain the blast radius from an asset or an identity that gets compromised by these unknown, unknown attack. When I say unknown unknown, these are vectors that we don't know of. AI doesn't think like human. If it's an AI driven attack, it will figure out ways that we haven't thought of before. So what can you do? You either use AI to fight that AI, but you can't wait for that perfect AI solution, which is what I'm describing on the breach predictor side, in addition to using these preemptive modules, you should invest in zero trust architecture. You're basically shutting down a lot of these vectors for bad guys. Whether it's a human driven attack, AI driven attack, your goal is to contain that blast radius to as small asset volume as possible. [00:32:21] Speaker A: AI side of things. So you're right. But cyber criminals could equally use AI to attack us. So how does that. How do we sort of get an equilibrium here? Because, again, it's a double edged sword. [00:32:33] Speaker C: It is a double edged sword. You are going to see. In fact, we're already seeing them use AI to attack enterprises. Whether it's on the phishing side, deep fake side, you're seeing a lot of those news, what we're going to see in near future. And that was actually one of the demonstration I did as part of my keynote. I actually showcased how a futuristic attack would look like where aih all it needs is a prompt. The prompt that I gave to the AI module, we call it rogue GPT, is target, a company named unlocked AI that recently invested $2 billion in AI ML initiatives. And the goal is to exfiltrate data from their dev and production AI ML environment. That's the only problem that was given. Everything else after that was automated by the GPT module, and it's able to think and reason. So first, identity that it was able to compromise belong to a finance person. Now, you can't have finance person having access to AI ML environment. So GPT dynamically then uses that to target the AI ML employee, because an email coming from a finance person internally to the AIML employee would make more sense. So the point I'm trying to make is we are already seeing them use it to a certain extent, but these end to end attacks is what we're going to see in near future. And that's where, when I say you need to use AI to fight AI, yes, that's very, very important to level the playing field. But then, if you use true zero trust architecture, you're able to also contain a lot of these new attack vectors that you're going to see as these automated end dynamic AI attacks come to see. [00:34:17] Speaker A: What do you mean by true zero trust? Now you're right. Zero trust is a term that's thrown around a lot different vendors saying zero trust this and that versions of it, I think I spoke to your colleague yesterday around the definition of zero trust. According to Zscaler, what is true zero trust mean? You said that a lot. [00:34:36] Speaker C: Yeah. So the way the product got built on ZScalar side, it actually perfectly aligned with NSA's zero trust architecture definition that came out ten years later. As per NSA's zero trust security definition, you should never trust and always verify. You should explicitly verify with least privilege access, and you should assume breach scenarios. What would happen if this device that you're using were to get breached? What's that? Blast radius. You heard me repeat that term multiple times as well. So with those three fundamental principles in mind, when we devise the product, the platform, we look at four important stages of the attack. What are you doing to eliminate your external surface? What are you doing to prevent compromise by applying consistent security to all your devices, no matter where they are, whether they're an office, whether you're traveling, whether you're at conference like Zenith live, should be same. The third stage is pretty big in terms of how, whether it's a true zero trust solution or not, this is where you prevent lateral propagation. The part that comes in over here is user to app segmentation. And the way we have done it is we don't bring users on the same network as application. So think about this device as an application that's sitting in an application environment. This is your user. The way we have it done is your application is making an inside out connection to zscaler cloud. User connects to zscaler cloud. Once we authorize and authenticate the user based on the policy that the organization has set, we'll stitch these two connections using mutual TL's tunnel. Now that's what I call zero trust, because you're not bringing user on the same network as application, which is what the legacy architecture does, whether it's VPN firewall to bring the user on the same network as the application. No matter what type of acls you are deploying, the attackers will find an indirect path to the application. Right. And you don't have it. This user has it. I have access to the user. Let me target that and then get around that. So user to app segmentation, very, very critical. So that's the third stage, prevent lateral propagation. And then finally the fourth stage is every attack is after your data. So what are you doing to prevent the data loss from your environment? Every data that's egressing your devices, it should go to full TL's inspection. Applying your edms, idms, custom dictionaries, AI driven data classification. Your goal over there is to make sure your data is not leaving your environment, which is extremely important when it comes to the modern ransomware attacks that we're seeing. [00:37:23] Speaker A: So on the policy side of things, I think, again, I spoke to your colleague about this. Like, working at enterprise myself, historically, it's like, yeah, we've got all these policy riders, but who's adhering to it, who's implementing it, who's following it, who's governing it, who even knows about it? So what happens with what you're saying? People are not doing that at all? Isn't there sort of a. There's a defect there? [00:37:43] Speaker C: You make an excellent point. In fact, in some of my sessions, I've been sharing, literally a playbook that we have vetted against a lot of these ransomware attacks that are seen out there. And in many of the customer scenarios, we see this playbook being successful in booting out guys like scattered Spider, Black Cat, which is now disbanded. But the ttps that we see over and over again in many of these attacks, follow that segmentation playbook. You will be able to defend against this. Now in order to help organizations, what we have done is we're again integrating a high into the product. So the way to think of it is you purchased Zscaler platform, you're using Zscaler private access to perform segmentation in your environment, but you don't know what application, what users need access to what. We're leveraging AI to study three months of your data and then that AI module will recommend this group of users should be allowed access to this group of application. Based on the historical data that we saw, we take into account those weekend updates or software updates and we'll take all of those factored into the model. It will also tell you that based on the type of the assets that this group of users are accessing, they belong to engineering group. So not only is it tagging who should access what, but it is also tagging. This looks like a development application. This look like a development grouping. So we're further simplifying the process of implementing zero trust segmentation using AI. [00:39:16] Speaker A: Okay, that's, okay, that's interesting. So what do you think now moving forward in order for people to start implementing this approach? Because again it's like easy for us to sit up here and say that again when you've got like legacy systems, hundreds of years old of data and things are everywhere, it's not as easy to do that. So what, what do you sort of see people doing, you know, moving forward for what you're saying? Cause it makes sense, but not as easy to implement. [00:39:43] Speaker C: It's definitely not easy. So look, I always call out zero trust transformation as a journey. It's not a flip off a switch that you did this and now you're zero trust. So the four stages that I described, you need to go through that journey. Like the number one piece of the playbook that I share is it's high time that you should just eliminate your inbound VPN's for remote access. VPN's are being exploited over and over again by bad guys to gain entry into your environment. So get rid of external VPN's. At the bare minimum, make sure you should not be able to get to your crown jail applications using those VPN's. So number one is that number two is prioritize user to app segmentation. Make sure you're not using wildcard policies allowing all users access to all application because then you're basically providing the attackers a free rein in your environment. Number three, you should prioritize proactive security layers that are part of a zero trust platform. And what do I mean by that? I mean things like cloud browser isolation, inline sandboxing, where the goal is to protect against unknown net new payloads, net new malware attacks. Because if you think about it, when you use things like browser isolation, no active content ever lands up on the user system. It's a stream of pixels that they're seeing if they're going through a browser isolation chamber. So it's a journey. Start with reducing your external attack surface. Make sure you prioritize user to app segmentation and then make sure you're applying consistent security policy with TL's inspection with proactive security layers like inline sandboxing and browser isolation. [00:41:32] Speaker A: So can I just ask on the VPN side of things, why are organizations still using them? I mean they're pretty prevalent from large enterprises as well. [00:41:39] Speaker C: No? So look, we're all used to doing certain things a certain way. It's been what, four decades now? We've been doing networking a certain way, and VPN was built for that older time. It's hard to move from something that you're so used to doing, whether it's VPN firewall. So it requires that culture shift, mindset shift in order to move away from it. Now, what is making it more and more obvious? Over the last six to nine months, I think there have been so many zero days that are coming out there. The most recent one was what I think was last week where 40 gate. And again, I'm not, I'm not trying to name vendors here. It's not the vendors. I mean even Zscaler products will have issues, there will be vulnerabilities, but it's the architecture. If an architecture is flawed, redactor will enjoy huge ROI on a successful vulnerability expert. So VPN sitting out there, I'm here, come connect to me. If there is a vulnerability that threat actor is able to exploit, they're able to get inside the corporate environment and do a lot of damage. So the ROI for a threat actor is pretty high. So coming back to your question, it's a mindset shift. But with what's happening over the last six to nine months, that transformation, that shift is increasing. The number of people moving away from VPN is definitely increasing. [00:43:05] Speaker A: And there you have it. This is KB on the go. Stay tuned for more.

Other Episodes