As a cybersecurity technology provider, virtually every customer asks us if our products use artificial intelligence (AI).
Naturally, potential customers ask this question to find out if our company is innovating. Unfortunately, it’s extremely easy to mislead consumers with a simple “yes” answer, even when AI doesn’t actually contribute to cybersecurity processes or drive unsupervised automation.
Most of the latest detection and response products rely on AI technologies. We’re talking about all of the “DRs,” including endpoint detection and response (EDR), network detection and response (NDR), extended detection and response (XDR), and managed detection and response (MDR). These products can use machine learning (ML) and deep learning to spot anomalous behaviors that indicate a potential threat or attack within an environment.
GenAI needs more time to mature
From Generative AI (GenAI) in the form of tools such as ChatGPT GenAI has only been around for a little under two years, so the technology hasn’t had the same amount of time to develop and evolve as ML and deep learning. While other AI technologies have largely focused on learning from large datasets, GenAI is more strictly relevant to creating written, visual, and auditory content using prompts or data. Without the benefit of time to sort out uniquely valid and invalid use cases, and given the broad public exposure, this technology is in a hype phase. We can anticipate an accelerated path to the “trough of disillusionment” followed by proven use cases in the near term, but we’ll have to see what happens next.
As for the use of GenAI in cybersecurity, it is still early days and the industry is exploring ways to improve threat detection and remediation. Here are some natural security avenues that IT teams can explore with GenAI:
- E-mail: There may be a solution to the age-old problem of stopping a phishing attempt before it reaches the recipient’s inbox. Today’s products rely heavily on employees to find and flag phishing messages. GenAI-powered products, trained to spot anomalies in written language and email addresses, could significantly reduce the impact of spam and phishing messages. Unfortunately, hackers are also using GenAI to improve the quality of their messages, which will also cause us to lose some simple ways to identify phishing.
- Identify: Cybercriminals now have tools that allow them to impersonate other people, including by mimicking their voice, image, and writing style. GenAI tools often fail to do exactly what they are looking for, leading to hallucinations. So it can be useful to use GenAI in security products to highlight artifacts that don’t match the real person. This can allow security platforms to separate and block GenAI-based attacks, and it can provide new factors to help authenticate users.
- Reports: GenAI can now create custom reports efficiently. Imagine that with a few prompts, the user gets a draft of a custom report showing security protocol compliance and effectiveness and can respond to requests from CSOs and MSP customers in minutes. With GenAI’s current capabilities, the first draft is not yet good enough to be fully automated and requires a human to review and edit, but it can speed up this work for IT and security staff
- Reinforced Security Analyst Assistants: These are some of the early use cases, where GenAI tools help summarize a security incident or finding, convert technical language into more accessible descriptions, and recommend actions. Teams can also adapt these assistants in the other direction, where IT professionals can enter prompts asking for security policy suggestions to upgrade security platform configurations and advance the overall posture of their defenses. This can help quickly respond to an emerging threat or outbreak when it hits the headlines.
GenAI has a bright future ahead of it, and many in the security industry are exploring ways to leverage it to provide enhanced protection. Like most companies, we are testing use cases for GenAI and are seeing promising avenues and potential for future expansion. The immediate uses are more related to internal efficiencies in coding, customer support, and sales/marketing content creation than product integrations. Cybersecurity requires a high level of predictability to meet customer needs, and GenAI needs a little more time to meet those standards.
While GenAI isn’t going to reinvent cybersecurity products overnight, the substantial positive impacts of more established AI and ML technologies that are accelerating critical modern cyber defenses should not be overlooked. As threat actors use similar technologies to accelerate and strengthen their attacks, AI-based threat detection and response capabilities are a must.
Tracy Hillstrom, Vice President, Brand and Content Marketing, WatchGuard Technologies
