All information provided is key highlights from:
Gartner, 4 Ways Generative AI Will Impact CISOs and Their Teams by Jeremy D’Hoinne, Avivah Litan, & Peter Firstbrook, June 29, 2023. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
With AI disrupting every major industry, combined with its rapid development, and growing applications. This article aims to highlight its primary uses in the cybersecurity sector, and where it might lead based on insight from “4 Ways Generative AI Will Impact CISOs and Their Teams by Jeremy D’Hoinne, Avivah Litan, & Peter Firstbrook, June 29, 2023.”
Use Cases of Generative AI in Corporate Sectors
4 Ways Generative AI Will Impact CISOs and Their Teams by Jeremy D’Hoinne, Avivah Litan, & Peter Firstbrook, June 29, 2023. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Gartner® 4 Ways GenAI Will Impact CISOs & Their Teams | Cyber Sainik
As the adoption of Generative AI (GenAI) continues to grow across various corporate sectors, it plays a significant role in cybersecurity by integrating multiple data streams to classify attack signatures. The introduction of Extended Detection and Response (XDR) into this landscape presents exciting opportunities. This article, based on the Gartner research, delves into the challenges and goals of implementing XDR in cybersecurity.
Now, let’s explore some specific scenarios where tools integrated with GenAI can make a difference:
- “Defend with” generative cybersecurity AI: “Receive the mandate to exploit GenAI opportunities to improve security and risk management, optimize resources, defend against emerging attack techniques, or even reduce costs.”
- “Attacked by” GenAI: “Adapt to malicious actors evolving their techniques or even exploiting new attack vectors thanks to the development of GenAI tools and techniques.”)
- “Secure enterprise initiatives to “build” GenAI applications: AI applications have an expanded attack surface and pose new potential risks that require adjustments to existing application security practices.”
- “Manage and monitor how the organization “consumes” GenAI: ChatGPT was the first example; embedded GenAI assistants in existing applications will be the next. These applications all have unique security requirements that are not fulfilled by legacy security controls.”
The report also provides additional examples of how the workflow of threat hunters could look with the use of tools integrated with GenAI:
- Alert enrichment: “Automatically add contextual information to an alert, including threat intelligence, or categorization in known frameworks.” “Figure 1: Key Impacts of Generative AI for CISOs.”)
- Alert/risk scoring explanation: “Refines existing scoring mechanisms to identify false positives, or contribute to an existing risk-scoring engine.” (“Figure 1: Key Impacts of Generative AI for CISOs.”)
- Attack surface/threat summarization: “Aggregate multiple alerts and available telemetry information to summarize the content according to the target reader use case.” (“Figure 1: Key Impacts of Generative AI for CISOs.”)
- Mitigation assistants: “Suggest changes in security controls; new or improved detection rules.”(“Figure 1: Key Impacts of Generative AI for CISOs.”)
- Security engineering automation: “Generate security automation code and playbooks on demand, leveraging the conversational prompt.” (“Figure 1: Key Impacts of Generative AI for CISOs.”)
- Documentation: “Develop, manage and maintain cohesive security policy documentation and best practices policies and procedures.” (“Figure 1: Key Impacts of Generative AI for CISOs.”)
Gartner, 4 Ways Generative AI Will Impact CISOs and Their Teams by Jeremy D’Hoinne, Avivah Litan, & Peter Firstbrook, June 29, 2023. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Assessing the Landscape: Identifying several challenges with cybersecurity tools that use GenAI
Addressing these strengths, weaknesses, opportunities, and challenges is essential as XDR and GenAI continue to evolve in the cybersecurity landscape. Organizations must carefully plan their strategies and investments to harness the potential of these technologies while mitigating their limitations and challenges.
Examples that stood out in the report assessing challenges:
- Short-term staff productivity: “Will the alert enrichment reduce diagnosis fatigue or make it much worse by adding generated content? Junior staff might only get fatigued by the amount of data because they can’t determine whether it makes sense.” (“Figure 1: Key Impacts of Generative AI for CISOs.”.)
- Privacy and third-party dependencies: “As providers rush to release features, many of them leverage a third-party LLM, using an API to interact with a GenAI provider, or use third-party libraries or models directly. This new dependency might create privacy issues and third-party risk management challenges.” (“Figure 1: Key Impacts of Generative AI for CISOs.”)
- Costs: “Many of the new generative cybersecurity AI features and products are currently in private beta or preview. There is little information on the impact these features will have on security solution prices. Commercial models are generally priced based on the volume of tokens used, and security providers are likely to make their clients pay for it. Training and developing a model is also expensive. The cost of using GenAI might be much higher than the cost of other techniques addressing the same use case.” (“Figure 1: Key Impacts of Generative AI for CISOs.”)
- Overall quality: “For most of the early implementations of generative cybersecurity AI applications, organizations will aim at “good enough” and basic skill augmentation. Still, the first evaluations of the secure code assistant output quality give mixed results. 9 Similarly, threat intelligence and alert scoring features might be biased by the model’s training set or impacted by hallucination (fabricated inaccurate outputs).” (“Figure 1: Key Impacts of Generative AI for CISOs.”)
- Regression to the mean versus state of the art: “For specialized use cases, such as incident response against advanced attacks, the quality of the outputs issued by GenAI might not be up to the standard of the most experienced teams. This is because its outputs partially come from crowdsourced training datasets issued from lower maturity practices.” (“Figure 1: Key Impacts of Generative AI for CISOs.”)
Gartner, 4 Ways Generative AI Will Impact CISOs and Their Teams by Jeremy D’Hoinne, Avivah Litan, & Peter Firstbrook, June 29, 2023. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Conclusion
In conclusion, the integration of XDR and GenAI into the cybersecurity sector presents a dynamic landscape with exciting potential and challenges. To explore these opportunities further and stay at the forefront of this evolving field, reach out to our experts and learn how your organization can benefit from the power of XDR and GenAI. Contact us for a consultation today!