AI, Identity and New Attack Speed: What Experts Discussed at the Executive Dinner for Cybersecurity Leaders

Sergiy Prynov, Regional Sales Manager of CrowdStrike in Ukraine presented the key findings of the analytical research CrowdStrike 2026 Global Threat Report. The global landscape of cyber threats continues to complicate rapidly. Today, CrowdStrike is tracking 281 active adversaries and over 150 clusters of malicious activity, including both organized cybercriminal groups and state actors.

One of the key trends highlighted by Sergiy was the significant acceleration of attacks. The average time from initial penetration to the active phase of the attack has been reduced to approximately 29 minutes, and in some cases — to 27 seconds, significantly reducing the response opportunities for security services.

Sergiy also noted the impact of artificial intelligence. Cybercriminals are actively using AI to scale social engineering, create convincing phishing campaigns, and automate attacks. At the same time, the proliferation of AI tools in the corporate environment expands the potential attack surface for organizations.

Continuing the theme of cybersecurity challenges was a report by Oleksii Markuts, BDM of CrowdStrike from iIT Distribution. The speaker focused on the issue of credential protection and the role of user identification in security architecture.

Compromised accounts increasingly become the starting point for the development of complex attacks. According to statistics, about 74% of cyber incidents are related to the use of valid credentials. Meanwhile, up to 82% of modern attacks are fileless, making them significantly harder to detect with traditional antivirus software.

Key sources of initial access to corporate systems include: stolen accounts, which become available on the Dark Web, phishing attacks, and the exploitation of software vulnerabilities.

Oleksii also emphasized that the modern attack surface is formed at the intersection of several key infrastructure components – identity, endpoint, cloud, and network. In such conditions, traditional security tools, such as EDR, IAM, or SIEM, do not always provide full visibility of attacks because a so-called “security blind spot” often arises between user access processes and their behavior within the system.

This is why the approach of viewing identity as the new perimeter of cyber defense is becoming increasingly relevant. Monitoring user behavior, privilege control, and early detection of suspicious activity can significantly reduce the risk of successful infrastructure compromise.

Catalina Iosub, Regional Sales Engineer @ Crowdstrike, presented an approach to protecting modern cloud environments and AI systems, highlighting that the rapid growth in the use of cloud services and AI tools significantly expands the attack surface and creates new risks for organizations. In this context, the capabilities of AI Detection & Response (AIDR) and Cloud Detection & Response (CDR) approaches were considered, which provide visibility into the use of AI tools, help detect threats in cloud environments, and prevent the leakage of confidential data. Special attention was paid to the capabilities of automatic detection of anomalous activity, control of AI applications usage, and data protection during interactions with generative models.

Practical experience in building cyber defense was shared by Oleh Polihenko, CISO of Nova Group. He talked about the specifics of ensuring security in a large logistics infrastructure, which includes thousands of endpoint devices, an extensive network of remote branches, and continuous 24/7 operations.

According to Oleh, the nature of attacks has significantly changed in recent years: increasingly, phishing and stolen credentials, subsequent lateral movement within the infrastructure, and attacks without using malware are being used.

He also shared the experience of implementing CrowdStrike and how using analytics and AI helped improve the SOC’s efficiency, ensure better infrastructure visibility, and detect complex attacks faster. Oleh paid special attention to practical cases and recommendations for CISOs on building a modern cyber defense system.

Andrii Levchenko, BDM Vectra AI at iIT Distribution, spoke about the key updates of the Vectra AI platform and its role in building an effective Network Detection and Response (NDR) system for modern hybrid infrastructures.

The focus of the presentation was the evolution of threat detection approaches in environments where organizational infrastructure encompasses on-premise networks, cloud services, and identity systems simultaneously. In such conditions, classic monitoring tools do not always provide sufficient visibility of attacks, especially when attackers use legitimate accounts or operate within normal network activity.

Andrii also discussed the use of artificial intelligence in the processes of analyzing and prioritizing security incidents. In particular, the platform’s capabilities allow for automatically distinguishing real threats from false positives, unifying events from different sources into a single attack picture, and identifying the most critical incidents for prompt response.

Special attention was paid to the platform’s architecture, which ensures complete coverage of environments – from network infrastructure and data centers to cloud services and identity management systems.

According to Andrii, the integration of AI tools into SOC workflows can significantly enhance the effectiveness of security teams, reduce the number of false positives, and focus analysts’ attention on the most critical threats.

The final session featured a dialogue between Maksym Yashchenko, CISO of Ukrsibbank, and Serhii Kulyk, Country Manager at iIT Distribution. During the discussion, the speakers shared their experience using the Vectra AI platform to detect network threats within banking infrastructure.

Maksym explained that prior to implementing the solution, the bank faced challenges typical for large financial institutions: a complex hybrid infrastructure, a high volume of network traffic, strict regulatory compliance requirements, and limited SOC team resources. According to him, major issues included “blind spots” in network visibility, lengthy incident investigations, and a high number of false positives, which complicated the work of security analysts.

During the dialogue, he also explained why the bank chose a Network Detection and Response (NDR) solution. According to Maksym, such platforms enable organizations to more effectively detect sophisticated attacks, including lateral movement, insider activity, and APT operations, which often remain outside the visibility of traditional security tools.

Particular attention was given to the practical outcomes of the implementation. Leveraging the platform’s AI capabilities significantly reduced the time required to detect and investigate incidents, while also lowering the workload on the SOC team. Maksym also emphasized the importance of integrating different classes of security solutions — particularly combining network analytics with endpoint protection to provide a more comprehensive view of attacks.

In conclusion, Maksym Yashchenko noted that the use of behavioral analytics and AI-driven tools is becoming an important part of cybersecurity strategies in the banking sector, especially as cyber threats continue to grow in complexity.

The meeting served as a platform for open discussion on current cybersecurity challenges and the exchange of practical experience among industry experts. The presented cases and analytical data once again confirmed that the modern cyber threat landscape continues to rapidly evolve: attacks are becoming more complex, automated, and increasingly using legitimate tools and credentials.

In such conditions, effective cybersecurity requires a comprehensive approach that combines modern threat detection technologies, behavioral analytics, automated response, and continuous sharing of experience within the professional community. It is the collaboration between businesses, technology partners, and industry experts that enables organizations to more quickly adapt to new challenges and increase resilience to cyber threats.

The iIT Distribution and CS Consulting team plans to continue supporting professional dialogue within the cybersecurity community and creating platforms for exchanging experience, expertise, and best practices for protecting digital infrastructure.