BlackBerry LIVE Podcast: Cybersecurity’s Great Equalizer Is Predictive AI

ARTIFICIAL INTELLIGENCE / 07.19.22 / Steve Kovsky, John McClurg

What if there was something that could give your security team a fighting chance against highly sophisticated and well-funded cyber adversaries, regardless of your organization’s size?

It may sound like a David vs. Goliath scenario, where the odds are impossibly stacked against you. But BlackBerry SVP and Chief Information Security Officer John McClurg believes some organizations have already uncovered a great equalizer in this fight against cyber threats: predictive artificial intelligence (AI).

In particular, even smaller organizations can even the odds against an advanced persistent threat (APT) or state-sponsored threat actor if they arm themselves with a predictive power that is mature and will defend against threats that haven't even risen in the minds of their creators yet.

During Part 2 of my BlackBerry LIVE discussion with McClurg, he declares this moment in time for AI "refreshing." That’s quite a statement from someone who has been defending the security of some of the world’s leading organizations — working tirelessly in the public and private sectors — for more than 30 years.

Watch this episode for John’s insights on the Great AI Equalizer, more effective cybersecurity directions for SMBs, and even a surprising supply chain security lesson he learned on the roads of Romania.

Also, see Part 1 of my interview with John McClurg, as we discuss kinetic conflicts that impact how we defend ourselves against cyberthreats.

Click below to watch/listen to the latest podcast.

Video Transcript

Steve Kovsky:
I'm Steve Kovsky, Editorial Director for BlackBerry, and recently, I sat down with our Senior Vice President and Chief Information Security Officer, John McClurg.

Here's part of that conversation.

I'm taking a moment to talk about the David and Goliath battle that, especially the small and medium enterprises you're talking about, are facing against a committed nation-state affiliated actor with unlimited resources. Talk a little bit about these adversaries that are very, very different from maybe organized crime or something like that.

John McClurg:
Those capabilities, and you mentioned the David and Goliath conundrum, one of the great benefits that had come as a result of this shift from reactive detection to proactive prevention and the engagement of the strength of an AI-supported math model is the predictive power that math model has. One of the things that makes Goliath, Goliath many times is the resources they command in an ability to morph or alter the virus signature just seconds before they decide to launch or go after you. We see this particularly in the ransomwares of service (RaaS) world, where when they go out to Satan down in the dark web, and they leverage tools like Satan to tweak or modify the way they're going to attack you and at the last minute – in a way that's specifically designed to ensure you don't have a signature that would match the ransomware that they're going to throw at you – they launch that at you.

That's an aspect of the Goliath piece, and of course, we in our David position, don't have the resources to accommodate that, unless we've leveraged that AI math model basis and are capitalizing on the fact that it was SE Labs back in 2015, measured the strength and prowess of that math model. This is very interesting to me. One of the most exciting things in terms of the strength of the AI-supported math models is that she has a predictive power that is mature and will defend against threats that haven't even risen in the minds or conception of its creator yet.

We saw in terms of the recent SE Labs evaluation, where threats and attacks that were now occurring in 2022 were taken and ran back against her, and I call her, her. I don't know why I started attaching a feminine gender to her, other than she's very smart, and my wife's smart. I don't know, I'm sensitive that there's a bias there, but I call her, her. SE Labs took these recent attack vectors or attack signatures and threw them at her, as she existed back in 2015. And even at the strength she had back then, she was able to kill these most recent manifestations of the threat coming at us.

That kind of strength and predictive power is what takes the Davids out there and says, “Hey, don't worry, you will stand up to the Goliath,” and notwithstanding the resources they have to draw on because of the strength and predictive power that allows you – even in your small little group – to stop pre-execution, anything that Goliath may think he can throw at her because she can stop it.

That's one of the great levelers. Now, of course, Goliath is not going to just sit here and say, “Well, wait a minute. I'm not going to let AI-supported math models like that BlackBerry has, through their science acquisitions is now offering the world, to defeat me.” They're going to look for innovative ways to try and counter, and undoubtedly, leverage AI to whatever extent they can. But it's a breath of fresh air for me, who's been in the business for over 30 years now, to finally see this equalizer. I would always say, “I hope that David could pull it off.” But knowing now that he has more than just a slingshot there to leverage, to throw at the Goliaths coming at us, we have the full strength of this portfolio of services that have at their core, the strength of our AI math model. This is what we're trying to do across the entire offering. We offer the community at BlackBerry by porting that strength, not just on the endpoint, but in the mobility space and the identity space, and here shortly, in the data loss prevention space – making sure that same strength we experience on the endpoint gets carried out across the environment. I'm waning on again, Steve.

Steve Kovsky:
No, it's really important. I think the technology you're describing is a force multiplier. If you catch these threats very early in the kill chain, then you don't have incident response, you don't have remediation. You can accomplish much more with a smaller team. Would you agree with that?

John McClurg:
Well, the bad guys are always going to look for something clever to the extent that we're seeing them exploit the trusted insider. They may yet try and find ways to get around the immediate strength and prowess of the AI math models, though, I think leveraging AI math models in very well-engineered and orchestrated insider threat programs that appreciate that the early indicators of an insider possibly turning to the dark side could be distributed across many, many different silos. Classically, we haven't been able to wrap our arms around all that data. It was too distributed in too many different silos, but the strength and prowess of what a math model allows you to do is to start garnering, pulling all that data in together so you can start to even wield that same sort of success when it comes to battling what the bad guys may try to throw at us in the wave of a curve.

While I think the model does mean that the elaborate defense-in-depth structures, that included incidence response, that has given way to a lot of the models that you see like NIST, is advanced, if you look at the NIST models and the standards, and the different elements that make up their standard, you say, “Wait a minute, up high, there is a presumption in the model that you will be compromised. And the additional steps they're asking you to be audited on and evaluated on are the steps and actions you would take after having been compromised.” So, the whole model needs to be rethought a little bit, because they need to start out by saying, “Well, wait a minute, has this particular client, or this person being evaluated, actually embraced the proactive prevention model?”

If it is, then we'll give them credit for that, and then declare that they've got compensating controls already in place so what they might otherwise have needed to expand in the way of resources and funding on some of these downstream reactive principles in that kill chain, or that defense-in-depth structure, can be foregone, or they can turn their attention to putting their time, energy, and efforts on let's say, the insider threat and the different ways in which we're seeing that become a relevant element. That again keeps things as interesting as they ever were. But like you said, it changes. It doesn't do away completely with the need for an incident response forensics team, but just at the extent, size, and frequency with which that service may be invoked would be reserved for these instances, hopefully less occurring, where the bad guys have figured out a way to try and leverage some other aspect to get at us.

It's a perpetual dance, Steve. I may have told you the story of the efforts I had in Romania when I had Romanian acrobats attacking my supply chain. They would come up behind our trucks at night with their lights off, and then get out on the hood of the car, jump through space, and attach themselves to the back of the truck, break the lock, open the doors, and then toss the computers out to their partners on the vehicle behind. And the truck would arrive where it's going, and the driver would say, "I never stopped. How can my truck be empty?" And it was because of the prowess and the innovative efforts of these adversaries. I countered that by inserting GPS into the boxes, so that the next time they stole them, they would take them back to their safe house and they would beacon out. And then with law enforcement, we would swoop in and arrest the perpetrators.

But when they saw we were proceeding in that manner, especially the cartels in Mexico who had the funding and resources to come up with some alternative solutions, they actually embraced GPS suppression. It was like a tennis match – the ball’s in my court, then back into theirs. We're constantly adjusting and modifying our tactics based on what the other is doing. That was just a quick example of the perpetual dance that's characterized my career, and I suspect will continue to characterize our times, even with the arrival and strength of things like the AI-supported math model.

Steve Kovsky:
I'm going to be sending you a contract. I want to secure the movie rights to that – because I have to see that cinematically!

For more information on this and related topics, please visit our blog at blackberry.com/blog.

For BlackBerry, I'm Steve Kovsky.

About John McClurg

Sr. Vice President and CISO at BlackBerry.

John McClurg serves as Sr. Vice President and CISO at BlackBerry. McClurg engages the industry around the globe on the risk challenges today and how BlackBerry uniquely mitigates them with the application of machine learning and other AI supported solutions. He champions a move from a historically reactive security posture, to one focused on proactively predicting and mitigating future risks.

Before BlackBerry, McClurg served as the Ambassador-At-Large of Cylance and as Dell's CSO, where his responsibilities included the strategic focus and tactical operations of Dell’s internal global security service. He was also charged with the advocacy of business resilience and security prowess, the seamless integration of Dell’s security offerings, and with improving the effectiveness and efficiency of security initiatives.

Before Dell, McClurg served as the VP of Global Security at Honeywell International; Lucent/Bell Laboratories; and in the U.S. Intel Community, as a twice-decorated member of the FBI, where he held an assignment with the U.S. Dept of Energy (DOE) as a Branch Chief charged with establishing a Cyber-Counterintelligence program within the DOE’s newly created Office of Counterintelligence.

Prior to that, McClurg served as an FBI Supervisory Special Agent, assisting in the establishment of the FBI’s new Computer Investigations and Infrastructure Threat Assessment Center, or what is today known as the National Infrastructure Protection Center within the Dept of Homeland Security.

McClurg also served on assignment as a Deputy Branch Chief with the CIA, helping to establish the new Counterespionage Group, and was responsible for the management of complex counterespionage investigations. He additionally served as a Special Agent for the FBI in the Los Angeles Field Office, where he implemented plans to protect critical U.S. technologies targeted for unlawful acquisition by foreign powers and served on one of the nation’s first Joint Terrorism Task Forces.

About Steve Kovsky

Steve Kovsky is former Editorial Director at BlackBerry.

Back