What We Do
How we do it
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
View Threat Intelligence Resources →
Jan 19, 2023
Increased Activity in Google Ads Distributing Information Stealers
THE THREAT On January 18th, 2023, eSentire Threat Intelligence identified multiple reports, both externally and internally, containing information on an ongoing increase in Google advertisements…
Read More
View all Advisories →
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1500+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
Dec 13, 2022
eSentire Named First Managed Detection and Response Partner by Global Insurance Provider Coalition
Waterloo, ON – December 13, 2022 – eSentire, Inc., the Authority in Managed Detection and Response (MDR), today announced it has been named the first global MDR partner by Coalition, the world’s first Active Insurance provider designed to prevent digital risk before it strikes. Like Coalition, eSentire is committed to putting their customers’ businesses ahead of disruption by improving their…
Read More
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Blog — Jun 20, 2019

Incorporating cloud security strategies into the AI and IoT era

5 minutes read
Speak With A Security Expert Now

As seen in Risk Management on June 19, 2019

Artificial intelligence (AI) and the internet of things (IoT) offer tremendous business value, transforming companies as we know them and creating altogether new ones. Adoption of both technologies are quickly on the rise: according to eSentire’s FutureWatch report, 44% of businesses are actively adopting AI technology and 49% are adopting IoT/IIoT (industrial internet of things). But the adoption of AI and IoT put enterprises at big risk, as IT resources are being stretched thin to keep up with security requirements while scaling these technologies.

This same challenge existed at the start of the cloud computing revolution. The FutureWatch report found that while even today cloud services top the technology adoption chart, the overall risk posed to businesses by cloud over the next three years will drop by nearly 20%. With the cloud now in its second decade, companies are adopting more mature and proven methodologies to secure it. Seventy-two percent of companies are currently using or plan to deploy cloud services. AI and IoT, on the other hand, will overtake cloud as the biggest emerging technology risk: The risks posed by the adoption of AI will double over the next three years and IoT risks will also rise nearly 30%.

Risk associated with emerging technologies like AI and IoT becomes more concerning as adoption rates accelerate, compressing the time in which organizations and vendors can adapt, develop appropriate security controls and deploy protective solutions. AI and IoT illustrate this growing problem. While cloud adoption is in its second decade, AI and IoT adoption will likely catch up in three years. This diffusion of innovation leaves a small margin in which to mitigate the potential risk resulting from these new technologies.

For better or worse, there is a direct correlation between businesses’ susceptibility to risk and appetite to adopt emerging technologies like AI and IoT. Fortunately, security leaders can apply several lessons from the cloud era:

Embrace Giving Up (Some) Control Where There Is Business Value
The rise of cloud marked a major paradigm shift in enterprise technology: IT was no longer running on premises, and with that came a sense that security matters were no longer in their control. The fear of giving up complete control created a major barrier for organizations accustomed to having all activity directly in their line of site.

However, that fear and skepticism had to be balanced with the return. That is, there was tremendous business value in moving to the cloud—speed and cost savings among them. This same counterbalance between business risk and benefit must exist as IT helps the organization weigh and deploy emerging technologies.

Just because a business can deploy emerging technology does and should not mean it should. Even as cloud adoption is now ubiquitous, the fact remains that not everything should reside there. In both instances, IT benefits from an ability to test these environments—porting over certain activities, data and operations without having to fully commit to, say, a public cloud environment or an IoT-enabled network of devices. Consider starting with areas of low risk as a testing ground.

Know That You Don’t (Yet) Know Your Blind Spots
Remember the days when transmitting data to and from the cloud seemed a no-man’s-land of security? In the early days of cloud, security teams were still figuring out where in that process data could be compromised and how to solve for that risk. As a result, encryption became a critical tool and best practices emerged to protect both data in motion and at rest. With newer technologies, there are similar challenges with not yet knowing all of the blind spots. And while it is certainly important to identify what those are, an important first step to getting there is first recognizing that you don’t know what you don’t know.

For example, in the era of AI, it is often machines—not humans—calculating and analyzing data. And a potential risk there is that the data could be manipulated in a way that would go unnoticed. While that may seem like a minor issue, you can imagine the major repercussions of a bad actor altering information in a legal investigation or changing MRI results data that impact life-and-death diagnoses. For this reason, AI should be leveraged to gain scale and accuracy advantages but checked by human expertise to keep an eye on algorithmic approaches that lack intuition and common sense.

When risks such as these are still uncertain and emerging at the same pace as the technologies themselves, it is critical for IT to think proactively and comprehensively.

Apply the Technology to Security Itself
Just like the cloud became a platform in which security could be built, AI can also be leveraged to bolster, not just poke holes in, security postures. By combining AI and machine learning with a team of human threat hunters, all new signals in an organization’s environment are presumed to be potentially malicious. Security teams can use AI at the tactical level to gain a deep contextual understanding of the network and detect anomalies based on known and previously seen modes of behavior between hosts and between users within the network. With AI, security professionals can see what a “normal” network looks like and make sure the network model is constantly updated. When AI is coupled with human intelligence, security teams can make the best decisions to protect their businesses.

Pivot to Proactive Practices
Regardless of the era or technology du jour, two constants remain: Embracing new technology is critical for businesses to remain competitive, but cybersecurity threats often move faster than the technology on which they occur. Whether in the cloud in the early 2000s or via AI and IoT today, traditional managed software service providers (MSSPs) cannot keep up with providing the full protections that modern cybersecurity threats require. Organizations should seek the mature end of the evolutionary path to include proactive threat hunting and predictive technologies like machine learning.

It is more important than ever for enterprises to take a proactive approach to secure their AI and IoT networks, like they did for the cloud. In the Wild West of technology today, this proactive approach allows IT to put protection first, without sacrificing the business benefits.

View Most Recent Blogs

eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1500+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.