Re: What about SIEM / Threat-detection / Traffic-profiling tools?
Depending on what a company works with, the vast majority of users can be people who have no concept of computer threats or the subtleties of e-mail transmission headers. To these people, the computer is just a thing they use to get their job done.
I don't see how you can instil the kind of thinking that stops you from getting owned in the first place in the wetware of every user, regardless of their skills. Even if you could, there are vulnerabilities which don't need wetwear to help them over the border wall.
Excellent border and internal security systems are needed. I agree with TaabuTheCat who posted upthread about what a failure this is for the entire industry. A true "epic fail". It can't be hard to imagine the possibility that an attacker who gains a foothold might try to disguise exfiltration or C&C traffic so that it appears innocuous. Finding just this kind of traffic is what machine learning systems should be good at with quality training data. It's a shame to see that when it comes to security vendors the "AI" hype is precisely that and nothing more.
The onus is now on every player to show some really smart tools that use ML properly. The only problem with expecting this is that individually, none of them can build a sufficiently large, varied and verified data set for training to give worthwhile results. Competitors would need to cooperate for the common good. I'm not going to hold my breath waiting for one of them to offer the others an olive branch though...
One of Rupert's points from TFA struck home particularly. Poorly designed CI/CD implementations are a bad actor's pot of gold. If code is stored in "the cloud" then the build system will normally have some exposure to the Internet. The build system also has considerable rights on the machines which it deploys to. A perfect springboard, filled with code to compromise!
The rewards for a self-checking, hardened CI/CD system to increase the chances of spotting and preventing this kind of compromise could be significant. One thing is for sure: CI/CD systems need to grow up and get serious about security.
The computer/network security vendors have had their bluff called. It's time they started investing their profits in R&D instead of marketing departments that can't see the distinction between AI and ML. The first, and probably most important distinction being that one of them does not exist!
Will any of this happen? Not much, we'll just lurch along to the next crisis, just as Rupert predicts.