AI Detections Across the Attack Chain

Organizations face a constant barrage of cyberthreats. To combat these sophisticated attacks, Zscaler delivers layered security protections to deliver more effective security postures across the four key stages of an attack - attack surface discovery, compromise, lateral movement, and data exfiltration.

Heading into 2024, with all the buzz surrounding artificial intelligence (AI) over the past year, we are asked daily by prospects and customers, "Zscaler, how do you use AI to keep us safer?"  For more on where we see AI and security headed in 2024, please see the blog from our founder, Jay Chaudhry.

In this blog, we will explore a handful of examples of Zscaler AI use across key stages of an attack—demonstrating how it can detect and stop threats, protect data, and make teams more efficient. Truth be told, we began to add AI detections into our portfolio some years ago to further bolster other detection methods, and it has paid off.

Stage 1: Attack surface discovery

While we will spend the better part of this blog discussing AI in other areas, the first stage of an attack involves attackers probing attack surfaces to identify potential weaknesses be exploited. These are often things like VPN/firewall misconfigurations or vulnerabilities, or unpatched servers. We wholeheartedly suggest considering ways to cloak your currently discoverable applications behind Zscaler to immediately reduce your attack surface and reduce your risk of successful attacks

Stage 2: Risk of compromise

During the compromise stage, attackers exploit vulnerabilities to gain unauthorized access to employee systems or applications. Zscaler's AI-powered products help reduce risk of compromise while prioritizing productivity.

• AI-powered phishing/C2 prevention: We better detect and stop credential theft and browser exploitation from phishing pages with real-time analytics on threat intelligence from 300 trillion daily signals, ThreatLabz research, and dynamic browser isolation. This means our AI makes us even more efficient in detecting new phishing or C2 domains.

• File-based attacks: We use AI in our cloud sandbox to ensure there is no tradeoff between security and productivity. Historically, in the case of the sandbox, a new file arrives and users must wait as it is analyzed, interrupting productivity. Our AI Instant Verdict in the sandbox prevents patient zero infections by instantly blocking high-confidence malicious files using AI, eliminated the need to wait for analysis on file we feel are very likely malicious. Our model fidelity is a result of years of ongoing training, analysis, and tuning interactions based on over 550 million file samples.

• AI to block web threats: Additionally, Zscaler's AI-powered browser isolation blocks zero day threats while ensuring employees can access the right sites to get their jobs done. URL filtering is effective in keeping users safe, but given that sites are either allowed or blocked, sometimes sites that are blocked are safe and needed for work. This is a productivity drain as users cannot access legitimate sites for work, resulting in unnecessary helpdesk tickets. AI Smart Isolation determines when a site might be risky and open it in isolation. This means organizations don't have to overblock sites to support productivity and can also maintain a strong web security posture. 

Stage 3: Lateral movement

Once inside an organization, attackers attempt to move laterally to gain access to sensitive data. Zscaler's AI innovation reduces potential blast radius by employing automated app segmentation based on analysis of user access patterns to limit lateral movement risk. For instance, if we see only 250 of 4,500 employees accessing a finance application, we will use this data to automatically create an app segment that limits access to only those 250 employees, thus reducing potential blast radius and lateral movement opportunity by ~94 percent.

Stage 4: Data exfiltration

The final stage of an attack involves the unauthorized exfiltration of sensitive data from a company. Zscaler uses AI to allow companies to deploy data protections faster to protect sensitive data. With AI-driven data discovery, organizations no longer struggle with the time-consuming task of data fingerprinting and classification that delays deployment. Innovative data discovery automatically finds and classifies all data out of the box. This means data is classified as sensitive information immediately, so it can be protected right away from potential exfiltration and data breaches

Zscaler's AI-driven security products provide organizations with robust protection across the four key stages of an attack. We also rely on AI to deliver cybersecurity maturity assessments as part of our Risk360 cyber risk management product. Rest assured, we are busy thinking, building, and adding new AI capabilities every day, so there is more to come, as AI-powered security is becoming indispensable in safeguarding organizations against cyberthreats.