By Gregor Stewart
AI has been a hot topic in the technology world for over a year now. But other than creating a photo-like image with too many fingers, it's unclear to the cybersecurity community how this technology will be implemented to their benefit. Additionally, how this technology can help reduce huge costs. India is expected to experience 5 billion cyber attacks in 2023, with a staggering 63% increase from the first quarter to the fourth quarter of the year.
The reality today is that cybersecurity professionals, including analysts and threat hunters across the region, are searching for a hay-colored needle in a haystack. Even if they looked right, it would be nearly impossible to identify the needle because there is so much going on around them. It's not because they couldn't see it, but because the investigators were not informed that the needle had changed shape.
This is just one example of what cybersecurity teams have to deal with every day. Threats to organizations are constantly changing, putting the security of organizations and the privacy of the data they hold at risk. This impacts the daily lives of everyday users who rely on connected technology to pay for groceries, manage banking, drive their cars, and more.
Learn how to implement AI
With such a shortage of skilled talent to address modern cybersecurity threats, companies are stopping to think about why they need AI and starting to consider what implementation would look like.
The most significant difference is the use of a common language based on Large Language Models (LLMs). By comparison, today's skilled professionals must work across many different platforms, each with their own language, so they need to know not only what to ask, but how to ask it.
Instructions are outlined, but much of the fine-tuning is done through your career by developing the right skills for running queries and extracting what you need. However, by combining AI's powerful ability to collect and analyze data from a variety of platforms and sources with the ease of understanding a common language, even novice members can use human language to understand various tools, You can request queries from a wide network of datasets.
You don't need to learn or master different query languages, and you don't need the wisdom to know how to ask the right questions. Simply run a query such as “Is vulnerability 'X' found anywhere on my network?”
Artificial intelligence today is already able to identify the value of retrieved information and can also make suggestions to clarify physician requests and help extract more robust information.
The challenge is to improve the level of existing employees.
As many companies in the region look to fill tens of thousands of open cybersecurity roles, they can also leverage AI to simultaneously level up their existing workforce with suggestions and next step recommendations.
Above I mentioned the challenge of understanding how to properly query the platform to get information, but just getting to the stage of knowing what to query can take time. Practitioners need to ask, what is this alert I'm receiving? Am I currently experiencing a breach? If so, where is the breach coming from? What are my options for remediation? If not, why am I receiving this alert?
Today's artificial intelligence can help by providing richer information based on past behavior. For example, when an alert is triggered, AI can help:
- Provide previous insight – “9/10 people ignore this alert and it is unlikely to impact the system. How do I proceed?”
- Raising a red flag – “The event appears suspicious. Click here to investigate further.”
- Make recommendations – When an indicator of compromise (IOC) appears, the system makes recommendations based on the playbook, similar to forcing the user to re-authenticate, quarantine, or take other pre-determined appropriate actions. You can make suggestions.
Instead of running all queries, languages, and other schemas, junior analysts can follow prompts to smoothly navigate. Near real-time matching of databases with queries for schemas, ids, keys, and types empowers junior or senior level employees with Ai, all through basic languages.
The need to be proactive about cybersecurity
Helping your team to be proactive is crucial because an inactive cybersecurity team is inherently vulnerable. It is essential that leaders continually push their teams to improve their security awareness, even if it means taking small, ongoing steps.
Informed by AI along with nudges, teams can fully analyze database and network activity and prompt users to take immediate action through simple yes or no questions. Regardless of the risk assessment criteria, adopting lower risk actions will always lead to improved security posture.
Taking proactive steps can also greatly benefit your skill development. For beginners in the field, receiving suggestions and prompts on “next steps” accelerates the learning process and eliminates the need for extensive shadowing of more experienced members of the team. It's important to express these prompts in natural language that matches the user's intent. Although this method is effective, users must determine whether it suits their purposes and adjust it as necessary. Over time, users learn how to interpret these instructions. This is similar to learning from a patient instructor.
Summarizing these interactions provides constructive feedback and suggests alternative approaches to future tasks. This methodology not only facilitates instant learning, but also ensures that every action taken by an employee or AI is documented. Such records and notebooks facilitate communication between humans and machines and standardize processes.
It's about putting the future into practice today.
Looking to the future, the current talent shortage in cybersecurity is not just a temporary challenge, it's a structural issue: Those responsible for setting security policy across the enterprise are often disconnected from the day-to-day realities of cybersecurity work.
The day-to-day tasks associated with maintaining security standards are tedious and stressful, resulting in high professional turnover. This is where AI has the potential to automate mundane tasks and revolutionize this field.
This change will enable cybersecurity professionals to focus more on strategic security initiatives and reduce the drudgery that currently characterizes the profession.
(About the author: Gregor Stewart is VP of Artificial Intelligence at SentinelOne, where he leverages over 20 years of experience in software development, engineering, and product management. He offers deep expertise in data science and AI, with a special focus on natural language technologies and generative AI models.)
