Morey Haber, Chief Security Advisor, BeyondTrust discusses the impact of Generative AI on cybersecurity
What role, if any, does Generative AI have when it comes to detecting and responding to cyber threats?
GenAI revolutionizes threat detection and response by leveraging machine learning, artificial intelligence, and real-time data analysis to provide meaningful results. Unlike traditional methods that rely on predefined rules, signatures, and statistics, GenAI continuously learns from new data, identifying novel threats-based facts deep rooted in data. Its capability to process vast amounts of data in short periods of time enables faster detection of anomalies and potential breaches based truly on the unknown. This speed translates into quicker notifications, allowing security professionals to mitigate threats before they cause an incident or breach. GenAI’s current models are flexible and will help ensure it remains effective against the latest attack vectors, offering a dynamic and responsive security posture for organizations.
What are some of the key threats that GenAI does a good job of identifying?
GenAI outclasses traditional cyber security solutions by identifying sophisticated and subtle threats that traditional systems might simply overlook. These include advanced persistent threats (APTs), zero-day vulnerabilities, insider threats, and anomalous behavior based on identity attack vectors. By analyzing behavioral patterns and contextual data, GenAI can detect anomalies indicative of these threats early in the attack stage. Its ability to correlate disparate data points from various sources allows for the identification of multi-stage attacks and complex threat scenarios even when they are just beginning. GenAI’s proficiency in machine learning and pattern recognition based on workflows ensures that it stays in step with threat actors and effectively identifies both known and unknown threats with a high degree of confidence. To be more specific, GenAI excels in identifying attacks when the outcome of a task deviates from the expected results and information is present deep in correlated logs that can be analyzed at machine speed.
How do you think Generative AI can help organizations build a proactive security posture?
GenAI enables organizations to potentially identify and mitigate cyber security threats before they materialize as an incident, or worse, a breach. By analyzing vast datasets in real time from dissimilar sources, GenAI identifies patterns and anomalies that indicate potential security risks based on behavior, previous patterns, and expected results. This predictive capability allows security teams to implement preventive measures, reducing the likelihood of worst-case outcomes and even simple incidents that should never have occurred in the first place. GenAI’s ability to continuously adapt based on evolving datasets ensures that its results remain relevant alongside emerging threats, all while maintaining a proactive defense posture for an organization.
In essence, GenAI transforms security from a reactive to a predictive discipline, providing another tool against evolving cyber threats.
How do you think the role of the SOC team members will be affected by adoption of GenAI-powered security solutions?
Integrating GenAI solutions into security operations remodels the roles and responsibilities for security teams. First, it shifts the focus from manual, repetitive tasks to strategic decision-making and advanced threat analysis. Second, security professionals can leverage GenAI’s insights to make informed decisions, enhancing their ability to respond to complex threats based on threat hunting techniques that previously could have taken weeks to resolve. Finally, and the most important, the integration of GenAI into cyber security teams requires designated staff to develop skills in managing and interpreting AI-driven results (it is not all plain English), fostering a more analytical and proactive approach to security.
Consider that its impact is a new tool, with high reliability in assisting the mission but will require care and feeding from a dedicated team to maintain. It is a new discipline and will integrate into security operations just like the addition of a SEIM or EDR solution requiring dedicated expertise to manage.
We have talked a lot about the potential of GenAI for building proactive security defenses. But on the flip side, what about the potential of GenAI to also enhance capabilities of bad actors?
Combating the adversarial use of GenAI is not a simple task and will require multiple touch points in order to create and implement an effective strategy. As stated in many sports analogies, a good offense always requires a strong defense. They go hand in hand.
Organizations must invest in robust defensive GenAI security counter measures to combat adversarial GenAI offenses. This includes the development of GenAI systems that can detect and respond to malicious GenAI attack behaviors with continuously updated models that are crowd source by the cyber security industry to promptly respond to any new threats. Essentially, organizations will need to adopt a ‘fight fire with fire’ approach to GenAI attacks since traditional tools will be insufficient in mitigating the risks alone.