Over the past eighteen months, Generative AI (gen AI) has evolved from a source of jaw-dropping demonstrations to a major strategic priority in almost every sector. A majority of CEOs say feeling under pressure to invest in the AI generation. Product teams are now working to integrate AI generation into their solutions and services. THE EU And WE are beginning to put in place new regulatory frameworks to manage AI risks.
Amid all this turmoil, hackers and other cybercriminals are not standing idly by. They plan to use AI generation to do everything from improving the grammar of phishing messages to exploring ways to fake video and audio to deceive or extort money from victims. They are also looking for ways to attack the very models of AI in which companies are busy investing.
If you are a CISO or any other security professional, now is the time to start evaluating Generation AI. In a recent white paper, Sridhar Muppidi, IBM’s chief technology officer for security software, presented five key recommendations for evaluating the use of AI generation in defending against cyberattacks. Here is a quick overview of some of these recommendations.
Using AI generation in threat hunting and response
As attackers use generational AI more, Muppidi notes that their attacks will become ubiquitous, evasive and adaptive. Security teams will need to adapt by using this technology to their own advantage. AI and machine learning can already make security teams more effective.
For example, powered by AI security information and event management (SIEM) can help analysts prioritize detected risks. They help minimize analysts’ attention to false positives and allow them to focus on current critical threats. Gen AI-based solutions will do much more, including accelerating threat hunting with natural language searches, generating threat detection and response playbooks, and equipping analysts with natural language chatbots. All of these AI-based solutions can alleviate human bottlenecks and make security much more effective, responding faster and doing more with less.
Evaluate AI generation based on how much time it saves defenders
CISOs and their teams can expect to be bombarded with numerous product offerings from security vendors over the next couple of years, all touting the benefits of their particular AI-based technology. How to sort through all those product descriptions and demos to focus on what will have the biggest impact for your Security Operations Center (SOC)?
We recommend that you prioritize saving time. Time is critical in every SOC. SOCs are notoriously understaffed. Analysts feel overworked and often frustrated. Anything that saves analysts time (whether it’s time spent manually investigating incidents, identifying false positives, or writing incident reports) deserves to be at the top of your list priorities.
Challenge Generation AI Vendors on Trust
When evaluating AI generation products, one aspect that is often not sufficiently considered is trust. Do you trust the vendor selling you this cybersecurity solution? Does the supplier have a framework for securing its data, model and use of AI? Among the questions you should ask the service provider:
- What data was your model trained on?
- How representative is this data of the data my SOC works with every day?
- Can I evaluate it in my own environment to see how it performs before adopting it?
As impressive as the AI generation’s products appear today, and as presence permeates almost every topic of conversation, this technology is still in its infancy, particularly in the area of cybersecurity. New designs and techniques are announced every month. For this reason, it is essential that you ask the supplier about their own product goals. You should ask, point-blank:
- How much are you investing in the development of AI generation in your products?
- Do you have a team dedicated to evaluating and developing AI for cybersecurity?
- Who else is using your TDIR solution?
As your organization adopts Generation AI across its supply chain, customer service, marketing, human resources, product development and other operations, your attack surface will increase. So you will need to use these same-generation AI capabilities to secure your AI data, models and uses.
The essential ? When attackers use AI generation, your best strategy is to fight fire with fire.
For a more in-depth look at Muppidi’s recommendations for adopting Generation AI for cyber defense, download “5 criteria for evaluating generative AI in threat management.”
