『The Joystick Effect: How Attackers Manipulate Your Security Data with Chris Nyhuis』のカバーアート

The Joystick Effect: How Attackers Manipulate Your Security Data with Chris Nyhuis

The Joystick Effect: How Attackers Manipulate Your Security Data with Chris Nyhuis

無料で聴く

ポッドキャストの詳細を見る

Why AI Needs a Deterministic Pass First
As security teams lean harder on AI to catch threats faster, a foundational question keeps getting skipped: is the data feeding that AI actually trustworthy? On this episode of Cyber Sentries, host John Richards sits down with Chris Nyhuis, president and CEO of Vigilant, to unpack why forensic validation — not faster algorithms — may be the missing piece in modern threat detection.

Why Your Detection Stack Might Be Blind to Its Own Blind Spots
John and Chris dig into what Chris calls the "joystick effect" — a technique where threat actors quietly manipulate logs and EDR training data so security tools learn to miss them entirely. It's a tactic that's existed for decades, but as more teams hand decisions to AI without questioning the data underneath, it's becoming far more dangerous.

Chris also walks through why packet loss on span ports and mirror ports can silently gut visibility long before AI ever gets involved, and why physical taps and chain-of-custody collection matter more than flashy detection features. The conversation moves through Vigilant's "deterministic pass, then AI" model — a method for cutting hallucinations and dramatically speeding up detection — and closes with a candid look at how marketing-driven "top vendor" lists have diluted trust across the industry.

Questions We Answer in This Episode

  • How do attackers manipulate logs and EDR data without ever being detected?
  • Why does packet loss on span ports and mirror ports undermine AI-driven security?
  • What does a "deterministic pass, then AI" detection model actually look like?
  • How can security teams tell if a vendor's claims are backed by real, verifiable value?

Key Takeaways

  • Validate data at the point of collection — forensic integrity has to come before analysis.
  • Use physical taps and chain-of-custody practices to close the packet-loss gap.
  • Pair deterministic evidence with AI pattern-matching, then bring in humans for final judgment.
  • Question vendor rankings and scorecards that aren't grounded in verifiable data.

Chris leaves listeners with a clear challenge: build detection on evidence you can verify, not on tools you simply hope are working. As AI takes on a bigger share of security decisions, that discipline is what will separate resilient organizations from the next headline breach.

Resources

  • Chris Nyhuis on LinkedIn
  • Vigilant
  • Vigilant’s Open-Source CI/CD Security Scan Findings
  • Learn more about Paladin Cloud
  • Got a question? Ask us here!
  • CyberProof
  • (00:01) - Welcome to Cyber Sentries
  • (01:15) - Meet Chris Nyhuis
  • (01:25) - Chris’ Journey
  • (05:28) - Shifts in Landscape
  • (07:52) - Changes from AI
  • (12:47) - Differentiating
  • (15:48) - How It Looks on Data Side
  • (19:08) - Getting Around It
  • (24:55) - Forensic
  • (27:48) - Integrating AI
  • (31:05) - Using Vigilant
  • (33:38) - Wrap Up
adbl_web_anon_alc_button_suppression_t1
まだレビューはありません