eWEEK's content and product recommendations are editorially independent. When you click on links to our partners, we may earn money. learn more.
Indeed, there is massive hype around AI and its potential, and this excitement is as prevalent in cybersecurity as it is in other areas of technology. The attitude among companies seems to be: Sprinkle the magic of AI on your network, and – Voila! – Your surroundings are suddenly well protected.
In contrast, SentinelOne's Gregor Stewart takes a very pragmatic view of AI in cybersecurity. When I spoke with him in his recent eSpeaks video, he detailed some key ways businesses can use AI to increase the effectiveness of their cybersecurity strategies. He further spoke at length about the challenges of AI and also mentioned the human element in AI and cybersecurity.
Founded in 2013, SentinelOne is a cybersecurity company that integrates endpoint, cloud, and identity protection with the XDR integration library. Gartner awarded SentinelOne Leader status in the Endpoint Protection Platforms category, ranking it higher than competitors CrowdStrike and Microsoft.
Jump to the video for the full interview below.
3 ways to use AI in your security infrastructure
(Below are highlights from the interview, edited for length and clarity.)
One of the challenges posed by the rise of artificial intelligence is that hackers own it and know how to use it. They often use AI to mount effective cyberattacks. Therefore, AI is no longer an option for today's businesses. They must use it or be essentially defenseless. As a result, some companies are rushing to deploy AI without fully planning or understanding its uses.
“Customers are right; they know AI is a value,” Greger says. “But it only has meaning if it's used in a certain way.”
He explained that there are three ways that using AI in a cybersecurity environment can add value.
1) Awareness of attacks
The first is by using AI to help security professionals recognize attacks and other threatening situations that they might miss even with the help of deterministic software. That's what it means. “That's why the sheer flexibility of artificial intelligence compared to traditional software, and the ability to see patterns across more channels and over different timescales than humans, makes it incredibly valuable.” It has become.”
For example, “You might see a very slow-moving attack, but it basically has a lot of different components that a human looking at the logs wouldn't be able to see.” And if you're using deterministic software, you might only be able to capture a small part of it and not be able to focus on it as a whole.”
2) Applying the policy
A second way to deploy AI is to flexibly apply policies to a set of specific situations.
For example, a company may have a policy that sensitive data should not leave certain elements of its infrastructure. However, you might be wondering, “Now that I know that a certain set of actions is a leak attempt, what can I do to stop it? Or, how can I change my configuration to prevent it?” ” Helping with this problem is a key benefit of AI.
Additionally, “the environment may be different from the more typical environment, and certain parameters may need to be identified to effectively deny the attack,” Stewart said. Previously, this was done manually. “In these SOAR-type environments, where you write these small pieces of code or no code at all, it was very difficult to keep them up to date with policy changes.” AI helps with this process. has been dramatically streamlined.
3) Speed of action
The third benefit of AI in security is essentially a combination of the first two: speed of action.
“So the ability to understand the situation and flexibly apply complex policies to deny attacks or find ways to mitigate potential attacks is the key advantage here,” Steward said. Stated. “An organization's ability to recognize a problem and quickly fix it is at the heart of safety. The sooner you can do it and the more preemptively you can do it, the better.”
And of course, AI can move much faster than humans. This rate will increase further in the coming years.
Sentinel One Cybersecurity: Purple AI
SentinelOne's Purple AI solution is at the core of the company's AI cybersecurity offerings. I spoke to Mr. Stewart about how it improves cybersecurity for clients.
Purple is focused on helping analysts perform the complex tasks they currently do more quickly and effectively, Stewart explained.
Security analysts often focus on threat hunting. In this task, you want to actively examine the data your system is collecting to see if there are any undetected threats. Perhaps there are notes about specific activity by threat actors, We want to see if there are any indicators in our environment that we wouldn't otherwise detect.'' This task requires three things: the data that will be collected, the format of the data, and the language that will be used to query the data. Must be understood.
“In summary, they often answer security-related questions in the process of threat hunting, they need to translate their natural thinking into domain-specific language, and they need to have full knowledge of the dataset and its structure. there is.”
With Purple, cybersecurity professionals no longer have to learn these things and can focus on more effective efforts. As a result, “you can stay at the level of intent. You ask a question in natural language, and it gets translated into a query in the security data lake and comes back with a response.” In essence, AI transforms intent into swift action. security professionals can act faster than hackers.
Watch the full interview:
