5 ways generative AI will help bring greater precision to cybersecurity

Every cybersecurity vendor has a different vision of how generative AI will serve its customers, yet they all share a common direction. Generative AI brings a new focus on data accuracy, precision and real-time insights. DevOps, product engineering and product management are delivering new generative AI-based products in record time, looking to capitalize on the technology’s strengths. 

All vendors realize generative AI is a double-edged sword, and each must provide guidance for reducing risks. Several have designed safeguards into their products, including Airgap Networks, CrowdStrike, Microsoft Security Copilot and Zscaler.   

>>Don’t miss our special issue: Building the foundation for customer data quality.<<

Generative AI is dominating cybersecurity roadmaps and user events

VentureBeat regularly gets briefings from cybersecurity vendors about their roadmaps. We’ve observed five ways generative AI has become the cornerstone of existing platform refreshes and new platform and app development. Zscaler’s Zenith Live 2023 event last week reflected what’s coming this year in generative AI products, both those under development and those ready for launch.

>>Follow VentureBeat’s ongoing generative AI coverage<<

These cybersecurity vendors have announced generative AI products and services: 

“If you look at CrowdStrike’s conception in 2011, one of the things that [CEO] George [Kurtz] talked about was that we couldn’t solve the security problem unless we used AI,” Michael Sentonas told VentureBeat during a recent interview. “In the lead-up to going public as a company, he also talked about AI, and since we’ve gone public, every quarter when we talk to Wall Street, we talk about AI. We’ve been using AI as part of our efficacy and prevention models, and we leverage AI when we do threat hunting. It’s a core part of what we do.”

Google Cloud Security AI Workbench: Sec-PaLM, Google’s security large language model (LLM),   powers Google Cloud Security AI Workbench. One of its key goals is to provide an extensible platform that can flex and adapt in real time to enterprises’ rapidly changing workloads and requirements. Google announced that it is relying on partner plug-in integrations for threat intelligence, workflow, and future security features. 

Mostly AI: A synthetic data generation platform that relies on generative AI and is gaining rapid adoption across enterprises, educational institutions and government use cases, the Mostly AI platform can automatically learn new patterns, structures and variations from existing datasets. Customers also use the platform to generate realistic simulations and representative synthetic data at scale. 

Recorded Future: Recorded Future trained OpenAI’s GPT model on more than 10 years of research insights (including 40,000 analyst notes) and 100 terabytes of text, images and technical data from the open web and dark web as well as a decade of expert insight from Insikt Group, to create written threat reports on demand. Recorded Future has integrated trained models with Intelligence Graph.

Deepen Desai, Global CISO and VP of security research and operations, delivered a keynote titled “The Power of Zscaler Intelligence: Generative AI and a Holistic View of Risk” that provided an insightful look at how Zscaler plans to further capitalize on generative AI’s strengths. Desai told VentureBeat that Zscaler relies on customized large language models (LLMs) to predict breaches and ensure policies are set and executed accurately, with greater precision.

Five ways generative AI enhances cybersecurity precision

Detecting anomalies faster than currently available technologies can, parsing logs and finding anomalous patterns in real time, triaging and responding to incidents and simulating attack patterns are a few of the many ways generative AI is already starting to revolutionize cybersecurity. Based on recent interviews with over a dozen cybersecurity leaders, including Airgap Networks’ CEO Ritesh Agrawal, CrowdStrike’s president Michael Sentonas, senior vice president of Ericom’s Cybersecurity Business Unit David Canellos and several others, we identified five areas where generative AI has the most significant impact on current and future product strategies:

1. Real-time risk assessment and quantification

Boards of directors and the C-level executives reporting to them have years of expertise in managing risk. Today’s accelerated, more complex risks create new challenges, however, and open up opportunities for CIOs and CISOs to advance their careers.

The ability to quantify cyber-risk and prioritize costs, expected returns, and outcomes from competing cybersecurity projects is a valuable skill set for any CIO or CISO today. The leading cybersecurity vendors see this as an opportunity to combine generative AI with their platforms and the telemetry data they capture daily to train models. Zscaler’s launch of Risk360 is an example of the type of innovation cybersecurity vendors are pursuing with generative AI.

The greater CIOs’ and CISOs’ ability to quantify and control risk, the greater their potential to progress in their careers. CrowdStrike’s George Kurtz said during his Fal.Con keynote last year that he is “seeing more and more CISOs joining boards. I think this is a great opportunity for everyone here [at Fal.Con] to understand what impact they can have on a company. From a career perspective, being part of that boardroom and helping them on the journey is great. To keep business resilient and secure.”

Leading vendors providing AI-based real-time risk assessment and quantification include Absolute Software, CrowdStrike, Ivanti, Trend Micro with its Trend Vision One™ platform, SAFE Security which launched its Cyber Risk Quantification (CRQ) solution, and Deloitte and its cyber-risk quantification services. 

2. Generative AI will revolutionize extended detection and response (XDR)

Extended detection and response (XDR) platforms use APIs and an open architecture to aggregate and analyze telemetry data in real time. Vendors are also designing their XDR platforms to reduce application sprawl and remove cyberattack roadblocks, relying on generative AI to eliminate the data silos that have previously limited XDR’s latency and accuracy. Generative AI will also contextualize the massive amount of telemetry data available from endpoints, email repositories, networks and web-based apps. XDR platforms are an ideal use case for generative AI, as many rely on a single data lake. Leading XDR providers include CrowdStrike, Microsoft, Palo Alto Networks, Tehtris and Trend Micro.

3. Improving endpoint resilience, self-healing capability and contextual intelligence

Generative AI shows the potential to increase endpoints’ resiliency and self-healing capabilities. Analyzing the data that endpoints generate will yield greater contextual intelligence and insight that LLMs will use to learn and respond to attack patterns. By definition, a self-healing endpoint can turn itself off, recheck OS and application versioning, and reset to an optimized, secure configuration autonomously.

Each of these providers takes a different approach to managing self-healing and resilience. Absolute’s approach is based on being embedded in the firmware of over 500 million endpoint devices that provide their customers’ security teams with real-time telemetry data on the health and behavior of critical security applications using proprietary application persistence technology. This creates a hardened, undeletable digital tether to every PC-based endpoint. Absolute Software’s Resilience, the industry’s first self-healing zero-trust platform, is noteworthy for its asset management, device and application control, endpoint intelligence, incident reporting and compliance features, according to G2 Crowds’ crowdsourced ratings.

4. Improving existing AI-based automated patch management techniques

CISOs tell VentureBeat that an intrusion, a mission-critical system breach, or a theft of access credentials usually prompts patching. Ivanti’s State of Security Preparedness 2023 Report found that 61% of external events, intrusion attempts or breaches restart patch management.

“Patching is not nearly as simple as it sounds,” said Dr. Srinivas Mukkamala, chief product officer at Ivanti, during a recent interview with VentureBeat. “Even well-staffed, well-funded IT and security teams experience prioritization challenges amidst other pressing demands. To reduce risk without increasing workload, organizations must implement a risk-based patch management solution and leverage automation to identify, prioritize and even address vulnerabilities without excess manual intervention.”

What’s needed is a more generative AI-based approach that strengthens existing risk-based vulnerability management (RBVM) technologies. AI-based patch management systems can prioritize vulnerabilities by patch type, system and endpoint. Improving risk-based scoring accuracy is why vendors are fast-tracking generative AI improvements. Leading AI-based patch management systems interpret vulnerability assessment telemetry and prioritize risks by patch type, system and endpoint.

The GigaOm Radar for Patch Management Solutions Report analyzes the patch management landscape and provides insights into every provider’s strengths and weaknesses. Vendors included in the report are Atera, Automox, BMC Client Management Patch powered by Ivanti, Canonical, ConnectWise, Flexera, GFI, ITarian, Ivanti, Jamf, Kaseya, ManageEngine, N-able, NinjaOne, SecPod, SysWard, Syxsense and Tanium. 

Ivanti’s Mukkamala also told VentureBeat that he envisions patch management becoming more automated, with AI copilots providing greater contextual intelligence and prediction accuracy. “With more than 160,000 vulnerabilities currently identified, it is no wonder that IT and security professionals overwhelmingly find patching overly complex and time-consuming. This is why organizations must utilize AI solutions … to assist teams in prioritizing, validating and applying patches.

“The future of security is offloading mundane and repetitive tasks suited for a machine to AI copilots so that IT and security teams can focus on strategic initiatives for the business.”

5. Managing the use of generative AI tools, including AI-based chatbot services

High on the priority list of CIOs and CISOs who regularly brief their boards on generative AI is the need for tools to manage and monitor models and chatbot services. Airgap Networks, CrowdStrike, Cyberhaven, Microsoft Security Copilot, SentinelOne and Zscaler have announced they have tools available. Look for more cybersecurity vendors to create and fine-tune private LLMs that will need tools for fine-tuning and improving the accuracy and precision of model results. An example is how Zscaler focuses on prompt engineering today, as it previewed at its recent Zenith Live 2023 event.  

The double-edged sword of generative AI in cybersecurity

Interviews VentureBeat conducted with Zscaler’s senior management team and with customers including CIOs and CISOs at Zenith Live 2023 all point to a paradox they are facing: How can generative AI deliver exceptional productivity while risking the release of intellectual property and confidential company information into public models like OpenAI’s? The Zscaler team went after this issue early in their keynotes, with Syam Nair, chief technology officer, taking the lead on the topic.

Nair reassured the customers in the audience that bolstering its ZTX platform and relying on its LLMs, combined with the core of zero trust designed into the platform, was how the company plans on securing customers’ data and privacy. Nair explained to the audience how they could better ensure their data’s security: “This is where zero trust and the need for zero trust for AI applications comes into being.” 

Designing in zero trust, starting with identity, was a common theme at Zscaler Live 360. Zscaler is focused on capitalizing on its own LLMs’ real-time insights and versatility to strengthen zero trust across its platform.