Selling To The CISO: Risks, Bots, and AI

Who should be responsible for third-party risk assessments, the buyer or supplier?

When it comes to it, some go with an approach that uses a combination of both buyer and supplier.

The buyers, or contract managers, are responsible for the initial security assessments. The third party responds to those, then their responses are looked at by a separate, dedicated team.

Does AI pose a risk to security, or could it add value?

Inherently, no. AI doesn’t pose a risk, but how it is used could. Risks are also not apparent until there’s an understanding of how it’s being used.

AI is an opportunity to automate things and make certain processes happen quicker, however, there’s also the risk of AI automating the wrong things, but that is yet to be seen.

For user safety online and on any application, one could look to Netskope’s services to utilise security on any network and device without making any trade-offs like others would.

How does one better utilise PAM and service accounts?

An issue that often occurs with service accounts is that they are prone to becoming static and are then at risk for brute-force attacks.

One way of mitigating this is by having the passwords to those accounts changed directly.

Another option is to utilise OneIdentity, which can help deal with PAM, as well as several other aspects like IGA, AM and ADMS.

How has bot management changed, and what options are available?

The most important aspect of bot management has always been to distinguish between human and bot activity.

Cloudflare, which does distinguish between organic and bot web traffic. It can also be utilised at a network scale to check out different IPs.

It also is more advanced than using Captcha to identify any interactions with the website.

F5 has evolved its offering from an on-premises Hardware Networking heritage to a majority Software, Application Delivery & Security play.

Securing, Delivering & Optimising any application, anywhere through the Application Delivery Network platform, allows customers to ensure consistency across environments. This means that the complexity of migrating into multiple cloud providers and data centres, is a far less daunting process.