In addition to analyzing massive amounts of data for potential threats, this technology is also very useful for detecting anomalies. By analyzing patterns and behaviors, generative AI can identify suspicious activity, a capability well mastered by Darktrace, a cybersecurity company that uses generative AI to understand normal network behavior and identify deviations.
“GenAI can efficiently handle many tasks typically performed by Tier 1 security operations center (SOC) analysts,” Kashifuddin said. “This allows analysts to focus on more strategic approaches to cyber defense. GenAI can examine the predefined detection rules used by SOC analysts, identify gaps, and even discover new types of attacks that analysts may have missed. Additionally, generative AI can learn to recognize sophisticated spear-phishing attempts and detect patterns and anomalies that traditional signature-based detection systems might overlook.”
Generative AI can also play a crucial role in automating incident response. Barros believes that investigation and incident response activities have so far made the most progress thanks to generative AI. “During investigations, analysts receive and interrogate multiple sources of information to get a clear picture of what is happening in their environment,” he said. “GenAI has been able to transform the data obtained from all these sources into a coherent, easy-to-read and understandable story, reducing the cognitive load on the analyst and accelerating the process of understanding the attack and its implications.”