By Gregor Stewart
The tech world has been buzzing about AI for over a year. Yet beyond creating photorealistic images that involve too many fingers, the cybersecurity community still isn’t entirely sure how this technology can be implemented to its advantage. More so, how can this help reduce the huge 5 billion cyberattacks in India in 2023, a staggering growth of 63% between the first and fourth quarters of this year.
Today’s reality is that cybersecurity practitioners, such as analysts, threat hunters, and others in the region, are looking for a hay-colored needle in a field of haystacks. Even if they looked at it carefully, there was so much going on around them that it was almost impossible to identify the needle. Not because it was not seen, but because the researcher was not informed that the shape of the needle had changed.
This is just one example of what cybersecurity teams face on a daily basis. Threats against organizations are continually evolving, endangering the security of their institutions and the confidentiality of the data they hold. This impacts the daily lives of users who rely on connected technologies to pay for groceries, manage their banking, drive their cars and much more.
Getting to Know AI Implementation “How to”
With such a shortage of qualified talent to deal with modern cybersecurity threats, businesses are asking why they need AI and are starting to think about what its implementation will look like.
The most significant difference will be the use of a common language based on large language models (LLM). In comparison, today’s skilled professionals must work across various platforms, each with its own language that now requires not only knowing what to ask but how to ask it.
While there are set directions, much of the fine-tuning comes from researching a career and having the right finesse to extract what is needed. However, by combining AI’s powerful capabilities to collect and analyze data from various platforms and sources, with its ease in understanding a common language, even the youngest members can use human language to request queries from various tools, datasets and large networks.
They don’t need to learn or master various questioning languages or know how to ask the right questions. They can simply run a query like “Can vulnerability ‘X’ be found anywhere on the network?” »
Today’s artificial intelligence is already able to identify the value of the information obtained and can even make suggestions to refine the practitioner’s request and help them extract more robust information.
The challenge is to upgrade existing employees
As many companies in the region attempt to fill the tens of thousands of open cybersecurity positions, they can also leverage AI to simultaneously improve existing employees using suggestions and recommendations for next steps.
Although I mentioned above the challenge of understanding how to properly query a platform for information, even getting to the point of knowing what to query takes time. Practitioners need to ask themselves: what is this alert I am receiving? Is there a violation at this time? If so, where did the violation come from and what are my options for repair? If not, why am I receiving this alert?
Artificial intelligence can now help by providing a greater wealth of information based on previous actions. For example, if an alert is triggered, AI can help by:
- Offering a previous overview: “This alert is rejected by 9 out of 10 people and has a low probability of impacting your system, how would you like to proceed?”
- Raising a red flag: “An event appears suspicious, click here to investigate further”
- Make Suggestions – If an Indicator of Compromise (IOC) appears, the system can make suggestions based on playbooks, such as forcing user re-authentications, quarantining, or other predetermined appropriate action.
Instead of going through all the queries, languages, and other patterns, a junior analyst can follow the prompts to keep operations running smoothly. Near real-time matching of databases with schemas, identifiers, keys and query types can empower a junior or senior level employee, all with AI through a basic language.
The need to make cybersecurity proactive
Helping teams become proactive is crucial, because a cybersecurity team that remains inactive is inherently vulnerable. It’s essential that leaders continually motivate their team to increase their security awareness, even if it means taking small, ongoing steps.
With the AI insights included with its nudges, teams can fully analyze database and network activity, and can prompt users to take immediate action through simple yes or no questions. Regardless of risk assessment criteria, adopting low-risk actions invariably leads to better security measures.
There is also a significant benefit in skills development that comes from taking proactive steps. For those new to the field, receiving suggestions and prompts for the “next step” accelerates the learning process, eliminating the need to closely observe more experienced team members. It’s critical to express these prompts in natural language that matches user intent. While this method is effective, it requires users to determine whether it fits their goals and adjust it if necessary. Over time, users learn to interpret these instructions, like a patient instructor.
Synthesizing these interactions allows for constructive feedback, suggesting alternative approaches for future tasks. This methodology not only facilitates immediate learning, but also ensures that all actions, whether taken by an employee or by AI, are documented. These records and notebooks facilitate communication between man and machine, thus standardizing processes.
It’s about implementing the future, today!
Looking to the future, the current cybersecurity talent shortage is not just a temporary challenge but a structural one. Often, those responsible for setting enterprise-wide security policies are detached from the day-to-day realities of working in cybersecurity.
The routine tasks associated with maintaining safety standards are both tedious and stressful, leading to high attrition rates among professionals. Herein lies the potential of AI to revolutionize the field by automating mundane tasks.
This change allows cybersecurity professionals to focus more on strategic security initiatives, alleviating the drudgery that currently characterizes the profession.
(About the author: Gregor Stewart is Vice President of Artificial Intelligence at SentinelOne, where he draws on more than two decades of experience in software development, engineering and product management. He brings deep expertise in the field of data science and AI, with a particular focus on natural language technologies and generative AI models.)