preloader
Resources

Network visibility and control in a chaotic world: why defence in depth rules

RANT Roundtable April 2026

In Partnership With

How do you secure a network you can’t fully see – with insecure SaaS apps, error-prone humans and AI everywhere? Well-funded adversaries have the advantage of surprise and an expansive, porous attack surface for them to take aim at. Against this backdrop, maintaining a resilient cyber posture while enabling seamless flexible working for employees might seem like an impossible task.

Well, not quite, according to the security leaders gathered for a lively RANT roundtable, hosted by Check Point. The event surfaced some useful strategies for managing network security in a fragmented and increasingly AI-driven world.

Outside-in or inside-out?

Check Point’s Global CISO, Deryck Mitchelson, kicked things off by comparing the threat landscape of 30+ years ago with the one today. Check Point was founded in the early 90s with a mission to “protect the internet” via its security appliances.

“Today, we need to understand what we’re exposed to. AI has changed it all,” Mitchelson argued. “Real-time threats that need a real-time response is where we are now.”

The first step to managing risk is understanding where all of your assets are, attendees noted. They were also in agreement that this is almost impossible to do – especially across IT and OT environments.

One complained that their CMDB is “all over the place”, but still maintained it as vital for many activities, including rationalisation. “If you don’t have a good asset management, you’re at a low bar on where to begin,” she said.

Another shared that asset management has “always been chaotic”, especially thanks to M&A activity. “As soon as you get it together it blows up again,” he said. “But the danger is, if you sit on your hands until it’s done, you won’t get anything done.”

A useful way to start is to focus on what threat actors might be able to see from outside the network. A BISO around the table claimed this will help organisations save time and money and prioritise their defensive efforts. Another agreed. “No CISO knows what their network looks like,” he argued. “So look at what’s vulnerable first then you can start working from the inside out.”

Another option is to focus on what threat actors are actually interested in. One security leader explained that he prioritises according to threat intelligence about where and how the organisation is most likely to get hit – and “uses that as a steer”.

“It has worked to some level, but stumbles in SaaS,” he admitted. “We don’t know where they’re going to go next with SaaS.”

Levelling the playing field

The challenge, articulated by another attendee, is that threat actors are increasingly better resourced and – as always – they have the advantage of surprise. “It’s a problem as old as time,” said another. “They only need to get it right once.”

Check Point’s Mitchelson concurred, arguing that AI phishing services are available on the cybercrime underground for as little as $100. One way to level the playing field is to focus as much as possible on resilience and recovery – keeping the business running even throughout an intrusion, said another security leader.

“Deal with what you know,” he said. “We can’t spend the money the attackers are spending. We’ll always have fewer resources, so my philosophy is not to stop them, but to continue operating.”

This can actually take the pressure off teams and free up valuable resources, he said. “It means more money, time and brainpower for the other stuff.”

The (insider) risk that keeps on giving

However, these efforts will be all for naught if organisations can’t manage the threat from within, attendees agreed. One complained about employees unwittingly sharing PII and IP with public AI models. “If it’s free, you’re the product,” he fumed.

AI assistants can also expose organisations to risk if overused by DevOps teams without sufficient guardrails. One security leader at an app developer said her team is being forced to “rebuild the factory” by inserting security into critical processes. “We can’t manually triage risks anymore,” she explained. “We have to find [issues] and help fix in an automated way.”

While AI misuse could be put down to user error or negligence there are also more malicious insider threats to consider.

“We assume that they’re always a disgruntled employee, but a lot of people aren’t,” said one security leader. “It could happen at any point in their tenure. We try to understand normal behaviour to alert on anomalies. But some of the worst incidents happen with just one email.”

Another shared the ingenuity of one malicious insider who exfiltrated data outside of the organisation by copying and pasting it into LinkedIn messages to send to themselves. Check Point’s Mitchelson argued that the security industry should be doing more to support customers with behavioural security. “We need to be asking more of our security vendors: can you do more to detect these anomalies?” he said.

Turn it up to Eleven

The elephant in the room, as always during these events, was AI. “Agents are a new attack surface” which can be manipulated by both technical means and social engineering, warned CISO. AI is fuelling “accelerated risk discovery” that turns threats “up to 11”, claimed another.

The backlash appears to have begun. Several attendees said they were actively eschewing SaaS tools with AI built in. One described the level of AI governance among vendors as “shocking”. Another bemoaned: “There’s no role-based access controls, no visibility and no ability to backup and restore in the event that something goes wrong.”

The answer for many is to build layered defences. There’s value in this approach even as powerful new models like Mythos rewrite the rules for attackers and defenders.

“You need segmentation, you need identity and access management. You need to ensure your PAM is secure. All the layers need to be in place, and the effect is if one fails you can rely on the others,” she argued.

Another CISO agreed. “It’s about making things as hard as possible [for adversaries],” he said. “You can’t remove the risk, just reduce it.”

Whatever happens, “preventative, real-time and behavioural” approaches to cybersecurity will stand network defenders in good stead, Mitchelson concluded. It should be some comfort that, amid tremendous technological change, the old ways are the best.