This year’s mWISE Conference focused on how top security practitioners deal with today’s biggest cyber threats. The urgency for doing so couldn’t have been better communicated than through the ransomware attack that recently crippled services at MGM Resorts International Inc.

The need to respond, especially to social engineering attacks, was a key focus for Kevin Mandia (pictured), chief executive officer of Mandiant, a Google LLC company, during a keynote session at the mWISE Conference. Companies need to assume that employees are going to fall for these social engineering attacks, according to Mandia.

Insights into cybersecurity didn’t stop there, though, and theCUBE, SiliconANGLE Media’s livestreaming studio, was watching for all of the developments from Sept. 18 to 20 during the mWISE Conference. During the event, theCUBE analysts John Furrier, Rebecca Knight and Rob Strechay talked with industry professionals and provided analyst-driven commentary. They discussed lessons from various keynotes and dove into the various partnerships on display during the conference. (* Disclosure below.) 

Here are three key insights you may have missed:

1. There’s optimism that AI could help fight back against attacks.

Regarding the ransomware attack tied to MGM Resorts properties, reports suggest attackers used social engineering techniques on a company helpline to gain entry to casino systems. During the mWISE Conference, it was suggested that there needs to be board and executive modeling, as well as tabletop exercises so organizations can grasp what a worst-case scenario looks like.

“You’ve got to. It’s a gut check. It’s a leadership check. It’s a systems check. It’s a process check,” Furrier said.

Brian Dye, chief executive officer of Corelight Inc. told theCUBE “that if you don’t have AI built in by the end of the year, you’re going to be drunk at the wheel,” Furrier added.

Though there was much concern over recent hacks, the conference saw individuals, such as Mandia, express optimism that the rapid adoption of advanced AI tools could help security analysts combat threats. It was a message that impressed Strechay.

“Out of the security conferences I’ve been to, this was probably the most positive set of keynotes that I’ve seen,” he said. “Everybody knows it’s a tough job and it’s very hard. AI is going to go and help that. [Mandia] was showing that we’re going to make good analysts great analysts.”

But how might AI be best integrated into an organization? For many at the conference, it was all about ensuring that security must be made more accessible for those working in the field.

“I think there’s a really good thread here that they get that this is hard,” Strechay said. “I think you are even reaching into some of the toil and what that means for how people work. I think that was really one of the key things about this is how do you make things simpler so you avoid burnout and don’t lose the security professionals?”

For cybersecurity professionals grappling with this new reality, the conference was an opportunity to present a more encouraging future. That might include AI freeing up professionals by automating routine tasks and allowing them to focus on getting creative and opening up the workforce to more diverse perspectives, according to Strechay.

“I think also the diversity for the creativity aspect of it is key,” he said. “I think we have to think differently, and getting more people, more diverse voices there really does help you be more creative. I think that’s been talked about by a lot of the different folks that we’ve had on, as well as some of the talks and in the hallways.”

Here’s theCUBE’s complete video Day 1 keynote analysis:

2. There’s a growing focus on collaboration paired with AI.

With such an evolving and challenging landscape when it comes to cyber threats, there’s a growing recognition that it’s going to take a combination of AI, collaboration and cyber defense to push back. But there is an evolution taking place here, and organizations will need to learn how to evolve, according to Mandia.

“You have to have national response or international response, and it does need to be collaborative and coordinated. Otherwise, it’s just not as potent, quite frankly,” Mandia said. “We need a process that over time gets even more formal, where we have a national response to the cyber threats we’re aware of.”

As mentioned, when it comes to supporting cybersecurity professionals and automating threat detection, AI has come into sharp focus. For Google LLC, AI has been a focus when it comes to the company’s products, including Gmail’s malware and spam filtering, according to Phil Venables, chief information security officer for Google Cloud and vice president of Google.

“What we’ve already demonstrated with the ability to take virus total data, Mandiant threat data, Google threat data and use that to analyze threats to support the cybersecurity workforce,” he said. “We’re just at the beginning, and already it’s proving a significant boon to defenders.”

The layered defense strategy raised by Mandia in his keynote is also of key focus here. That means using both proactive and reactive measures as AI plays a crucial part when it comes to rapid threat detection and response, according to Ric Smith, chief product and technology officer at SentinelOne Inc.

“What we’re seeing is that we’ve always looked at data in silos and that the new opportunity that we see with applying generative AI …  is that for the first time, we can actually synthesize and see patterns across massive amounts of data,” he said.

In today’s world of high-stakes digital heists, it’s important to recognize that enterprise software supply chains are a key area of concentration for threat actors. The conference also suggested that transparency and knowledge sharing are vital tools for collective defense, and organizations must learn to improve cybersecurity practices by studying what has taken place elsewhere.

“A lot of times, people are afraid to do this, because there’s a stigma against data security events,” said Charles Carmakal, chief technology officer of Mandiant. “But we all learn when we openly share learnings from the variety of security attacks that we all deal with on a day-to-day basis.”

Here’s theCUBE’s complete video interview with Kevin Mandia:

3. Partnerships are something to keep an eye on.

With partnerships in mind, the mWISE Conference allowed companies to share collective knowledge about the evolving cybersecurity landscape. That included Cloudflare Inc., which is seeking to transform zero-trust security with rapid innovation and community engagement. Musarubra US LLC., meanwhile, is seeking to use endpoint and extended detection response systems to change the game.

In today’s tech landscape, collaboration is key. Mandiant’s partnership with Corelight Inc., for instance, allows it to leverage Corelight technology for its response initiatives and managed defense services, while Corelight integrated its technology across components of the Google platform.

“What we really see organizations doing is kind of doubling down on four big areas. They need an endpoint, they need identity, they need cloud and they need a threat network,” said Brian Dye, chief executive officer of Corelight.

Meanwhile, as the world changes, so too must the cybersecurity industry. The mWISE Conference was also a chance to learn more about how the Elevate initiative is accelerating diversity in cybersecurity and how Accenture PLC is helping companies react to new rules from the Security and Exchange Commission. These were just a few of the key insights revealed during the event.

Here’s theCUBE’s complete video interview with Brian Dye:

To watch more of theCUBE’s coverage of the mWISE Conference event, here’s our complete event video playlist:

(* Disclosure: TheCUBE is a paid media partner for the mWISE Conference. Neither Google LLC, the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE