eWEEK content and product recommendations are editorially independent. We may earn money when you click on links to our partners. Learn more.
To be sure, there is massive hype around AI and its potential, and this enthusiasm is as widespread in cybersecurity as in any technology sector. The business attitude almost seems to be: sprinkle a little AI magic on the network and… There ! – the perimeter is therefore well protected.
In contrast, SentinelOne’s Gregor Stewart takes a very pragmatic view of AI in cybersecurity. When I spoke to him in a recent eSpeaks video, he detailed some of the key ways businesses can use AI to make their cybersecurity strategy more effective. Furthermore, he spoke in depth about the challenges of AI and also highlighted the human element in AI and cybersecurity.
Founded in 2013, SentinelOne is a cybersecurity company that brings together endpoint, cloud, and identity protection with an XDR integration library. Gartner has awarded SentinelOne Leader status in the Endpoint Protection Platform category, placing the company on par with competitors CrowdStrike and Microsoft.
Access the video of the full interview below.
Three ways to use AI in your security infrastructure
(The following are a selection of highlights from the interview, edited for length and clarification.)
One of the challenges posed by the rise in power artificial intelligence is that hackers have AI and know how to use it – they often use AI to launch effective cyberattacks. So, for today’s businesses, AI is no longer an option; they must use it or be essentially defenseless. As a result, some companies have rushed to deploy AI without planning or fully understanding its uses.
“Customers are right, they know AI is valuable,” Gregor said. “But it only makes sense when used in a specific way.”
There are, he explained, three ways in which AI becomes useful when used in a cybersecurity context.
1) Awareness of attacks
The first method is that AI allows security professionals to be aware of attacks and other threatening circumstances that they might otherwise ignore, even if aided by deterministic software. “So the very flexibility of artificial intelligence compared to traditional software and its ability to see patterns across different time scales and across many channels – more than a person can – makes it incredibly valuable. »
For example, “you might see a very slow attack, which essentially has a number of different components, which would be incredibly difficult to see if you were a person looking at the logs. And if you were using deterministic software, you might only capture small parts of it, but not be able to highlight it as a whole.
2) Apply the policy
The second method of deploying AI is to apply policy flexibly to a specific set of circumstances.
For example, let’s say a company has a policy that none of our sensitive data should leave certain elements of our infrastructure. However, “we are seeing that a certain set of actions is an exfiltration attempt…so how can I stop it or change the configuration to prevent this?” » Assistance on this issue is a crucial advantage of AI.
Additionally, “your environment may be different from a more general environment and you may need to identify specific parameters so that an attack can be effectively repelled,” Stewart said. In the past, this was done manually. “You would write these little pieces of code or no code in these SOAR-like environments, but it was incredibly difficult to keep up with policy changes. » AI has streamlined this process exponentially.
3) Speed of action
The third security benefit of AI, which is essentially a composite of the first two, is speed of action.
“So the ability to see things and flexibly apply complex policy in order to repel an attack or find ways to mitigate potential attacks is the main advantage here,” Steward said. “An organization’s ability to see problems and resolve them very quickly is at the heart of security. The sooner you can do it, the more preemptively you can do it, the better.
And of course, AI can move much faster than humans – and this speed will only increase in the years to come.
Cybersecurity Sentinel One: Purple AI
SentinelOne’s Purple AI The solution is at the heart of the company’s AI cybersecurity offering. I spoke with Stewart about how this improves a client’s cybersecurity.
Purple, Stewart explained, aims to help analysts do the complex tasks they do now, but do them faster and more efficiently.
Security analysts often focus on threat hunting. For this task, “they want to proactively review the data collected by the system and see if there are any threats that have gone undetected. Perhaps there are notes on some activities of a threat actor and they want to see if there are any indications that would not have otherwise been detected in the environment. This task requires them to understand three things: what data is collected, the format of the data, and the language in which you query that data.
“To summarize, they often answer security-related questions as part of a threat hunt that requires you to translate your natural thinking into domain-specific language, and you need all that knowledge of the dataset and its structure.
Purple allows cybersecurity professionals to avoid having to learn these things, so they can focus on more effective activities. As a result, “you can stay at the intent level: you ask a question in natural language, and it turns into a query for the security data lake, and you get an answer.” Essentially, AI translates intent into rapid action, enabling security professionals to act faster than hackers.
