Why patchwork security solutions won’t combat AI cyber threats

Security teams face increasingly fast-acting, and dangerous, threats. And AI is increasing the pace of cyber attacks to the point where conventional responses are no longer enough.

According to researchers at Palo Alto Networks, the median time it takes an attacker to penetrate a network and access confidential data has fallen from an average of nine days in 2022, to under 24 hours in almost 45% of cases in 2024.^[1]

In some cases, “successful” hacks are carried out in just minutes.

“We see tens of billions of attacks every day,” says Etienne Bonhomme, a Vice President of France at Palo Alto Networks.

“We’ve seen an increase in the number of new attacks, and even zero-day attacks that we’ve never seen before. Currently we see around 2 million new unique attacks every single day.”

Bonhomme says this is being driven by threat actors’ use of AI. “Due to AI, there are new tools everybody can access, with the ability to create new threats.”

Modernisation, and fighting AI with AI

It is not all one-way traffic, however.

Defenders, too, are using AI to counter cyber threats. Automation allows security teams to respond far more quickly than they can by relying on human analysis alone.

“It allows us to be incredibly effective,” Alistair Wildman, VP for Northern Europe at Palo Alto Networks, says. “It drives the meantime to detect, and mean time to respond, down to minutes… by cutting out the noise.”

Human analysts can then respond to the alerts that need action.

But, as Wildman cautions, CIOs and CSOs need to be prepared to invest in modern technology, to counter today’s threats.

“You need to stay current with technology. The latest releases will have the best features and the best AI. If you’re using technology that is 10 years old, it will be out of date by now,” he warns.

Tool sprawl undermines security

Investment is clearly needed to stay ahead of cybersecurity threats. And then there is the complexity of today’s security systems, with the enterprises often fielding over 30 “point” solutions.

“There are way too many technologies, tools, and platforms,” says Wildman. “A lot of companies have spent the last 10 years buying the best of breed.”

This has led to security tools that are poorly integrated, and hard to manage. They often run their own AI engines which causes further fragmentation.

A newer approach is “platformisation”. Instead of buying dozens of point solutions, CSOs can use a single security platform to manage threats.

These platforms do need to be open, extensible, and able to share data.

But used well they will improve security, reduce complexity and control costs. Running on a platform closes the gaps between security tools, gaps that attackers are adept at exploiting.

“A great example is Vinci, the global construction, concessions and energy company,” says Bonhomme. “They have consolidated 10s of sources into just two to monitor and detect threats. Previously, if an endpoint was threatened, it could take weeks to check – and even then they may have only reached 80% of the threat scope. Now, using Cortex, they can remediate the entire incident in just a few hours.”

“We help our customers simplify and be more agile,” says Palo Alto Networks’ Bonhomme. “You need to be agile to avoid attacks while securely enabling the business to grow.”

[1] Palo Alto Networks Unit 42 Incident Response Report, https://www.paloaltonetworks.co.uk/cyberpedia/what-is-a-cyber-attack