Next week's RSA conference will feature a lot of GenAI rhetoric, and cybersecurity professionals are already experimenting with it in areas such as security hygiene and posture management, incident response, and threat intelligence analysis.
At the mecca of security gatherings taking place May 6-9 in San Francisco, today's hype topic is generative AI, specifically governance, threats, and how generative AI can provide advantages for defenders. It will be.
Trade shows like RSA are always filled with product and industry decorations. So the first question worth asking is: Are security professionals even interested in generative AI?
According to research from Enterprise Strategy Group, the answer is a resounding yes. When asked if their organization uses open GenAI applications such as ChatGPT for cybersecurity, 75% of security professionals say they do so regularly, and the remaining 19% use open GenAI occasionally. I answered that I am.
Although much of it is pure experimentation, GenAI is nevertheless becoming the go-to tool for threat analysts, malware analysts, red teamers, and more.
To dig deeper, we asked security experts to identify use cases that are currently using GenAI in some form. This is what we found.
GenAI for security hygiene and posture management
Almost one-third (31%) of survey respondents said they use GenAI to analyze and prioritize security hygiene and posture management.
Hey, does this make any sense to me? The attack surface is constantly expanding and changing, exposing you to a large number of vulnerabilities and significant risks. Bad actors know this and are experts at exploiting these security gaps.
Applying GenAI here can help security teams identify high-risk vulnerabilities along the attack vector and prioritize appropriate actions to reduce cyber risk.
Analyzing security data sources
24% said they use GenAI to analyze security data sources to determine which data sources should be optimized or removed.
I've been saying this for years, but it's worth repeating here. Cybersecurity is an application of big data. Unfortunately, many organizations interpret this to mean that everything needs to be collected, processed, and analyzed, while others focus their security on old standbys like logs, EDR data, and network telemetry. , and completely miss out on other valuable data sources.
AI has the potential to analyze data sources based on targeted industry threats, known TTPs, MITER ATT&CK framework, past security breaches, etc. and recommend ways to optimize security data management. Does less data improve effectiveness? I think any CISO would be eager to pursue these benefits.
Incident response and investigation
22% of survey respondents said they use GenAI for incident response and forensic investigations.
This is one of the mainstream use cases often heard for RSA. GenAI can automate response actions or at least point analysts in the right direction. GenAI can also serve as a helper app for forensic investigators, facilitating the process of determining what happened and when. It's all about improving security team efficiency.
GenAI for threat intelligence
22% said they use GenAI for threat intelligence analysis. This should be your primary use case. Threat intelligence analysis is an advanced skill that many organizations cannot afford or are unable to hire security professionals with the appropriate skillset.
Previously, many companies tried to avoid this shortcoming by focusing on blocking IoCs and known malware, but now attackers are using social engineering tactics and on-the-ground techniques to make their attacks less obvious. This strategy is no longer effective.
The primary purpose of threat intelligence today is to “break the boom” (response to attacks before they occur) and to understand the strategic business risks associated with IT in general. CISOs are using GenAI to close the threat intelligence analysis gap with tools that filter large amounts of threat intelligence data and generate customized analysis based on an organization's size, location, industry, and existing defenses. will be utilized. A service provider in the threat intelligence analysis field uses her GenAI tools on behalf of its customers.
Risk scoring with GenAI
21% said they use GenAI for risk scoring. Companies typically have thousands of open software vulnerabilities at any given time. Even using methods like CVSS scores to prioritize patching, IT operations are left with hundreds, if not thousands, of remediation tasks.
GenAI helps correlate software vulnerabilities with factors such as known threats, adversary “chat,” and asset values to create high-volume reports that highlight patching for security and IT teams. . These reports can also turn into automatic remediation actions over time.
One thing we consistently hear from security professionals is their interest in GenAI's features such as natural language queries, reporting, and recommendations. These are already helping security professionals manage their time. This is a critical need in an era of continuous security skills shortages and huge workloads.
In summary, the 2024 RSA Security Conference will be abuzz with GenAI hype and vendor noise, and for good reason. My esteemed colleague Dave Gruber will be presenting more of his ESG research data on generative AI in a session at the conference on May 9th.
Jon Oltsik is an Analyst Emeritus and Founder of TechTarget's Enterprise Strategy Group Cybersecurity Services. With over 30 years of experience in the technology industry, Oltsik is widely recognized as an expert in all aspects of cybersecurity.
Enterprise Strategy Group has business relationships with vendors.
