By Glen Pendley, CTO, Tenable
Ongoing debates globally about generative AI are not restricted to the risks the technology poses but also about how it can be harnessed for good. Just like generative AI’s powerful capabilities can be used for nefarious purposes, the technology can also be a useful tool for cybersecurity pros to protect their organisations from attacks.
According to research by Grammarly and Forrester, organisations are not keeping up with their employees in terms of generative AI adoption. Merely 45% have a comprehensive strategy spanning the entire enterprise to ensure secure and well-coordinated integration of this technology. Consequently, this exposes them to security vulnerabilities and technical integration hurdles stemming from disjointed and unregulated usage of generative AI. This situation hinders organisations’ ability to fully reap the benefits of using generative AI to combat threats effectively.
Prevention has long been a challenge for security teams. Conducting analysis, interpreting the findings and identifying what steps to take to proactively remediate and reduce risk has traditionally been a time-consuming process. Generative AI-driven cybersecurity solutions can boost proactive security to combat threats effectively.
Addressing the “people” challenge to preventative security
As per the Future of Jobs 2023 report by the World Economic Forum, cybersecurity stands out as one of the foremost skills of strategic importance in today’s highly digitised world. Yet, there’s a shortage of 3.4 million cybersecurity experts globally.
This chasm in finding the right people to tackle cybersecurity is hindering preventive security efforts. According to a Forrester study commissioned by Tenable, nearly six in 10 (58%) cybersecurity and IT professionals say that security teams are too busy fighting critical incidents to take a preventive approach to reduce their organisation’s exposure and 73% believe their organisation would be more successful at defending against cyberattacks if they could devote more resources to preventive cybersecurity.
Generative AI can act as a force multiplier to enable organisations to tackle the cyber skills deficit and take a preventive approach to cybersecurity. This is achieved through its ability to integrate with vulnerability management tools to quickly detect vulnerabilities and automate corresponding responses. The utilisation of generative AI empowers security teams by enhancing their efficiency and redirecting additional resources toward thwarting successful cyberattacks.
The future of preventive cybersecurity hinges on generative AI-powered tools assuming the role of cyber assistants, and guiding users through specialised solutions. The technology’s capabilities to identify patterns and automate critical actions make preventive cybersecurity a scalable proposition, helping defenders stay a step ahead of their adversaries.
However, individuals tasked with implementing generative AI functionality have the responsibility of doing so thoughtfully. Merely introducing it without careful consideration not only curtails its potential by disseminating inaccurate data but also opens the door to unintended and possibly undesirable applications.
Choosing the right Generative AI solution for cyber defense
Organizations are still in the early stages of understanding the full spectrum of what generative AI has to offer as they start to align the technology with their corporate strategy. Among the most pressing concerns is the accuracy of the solution, cited by 50% of global leaders polled by McKinsey.
AI and data are two sides of the same coin, making generative AI solutions only as good as the data they’re built on. Effective AI integration requires breaking down silos and bringing all preventive security data into a single data lake to leverage the power of generative AI. When built on an extensive repository of data concerning threats, vulnerabilities, assets, and identities — on-premises, in the cloud, and in OT environments — generative AI can make preventive security possible by quickly assisting cybersecurity teams. It can help cyber defenders in three distinctive ways:
#1 Search: Security practitioners are often challenged with finding asset data, which is sometimes akin to finding a needle in a haystack. It often requires figuring out what filters are available, getting a grasp of which assets are supported by those filters, and running through mountains of data until you discover exactly what is needed. Generative AI makes this smoother and easier. Security teams need only ask the right questions using natural language search queries to analyse assets and exposures across their environments, understand the context of where risks lie, and prioritise remediation efforts.
#2 Context: Comprehending risk exposures within the right context poses a significant challenge, demanding substantial time. Security teams must analyse multiple factors, including exposure specifics, asset characteristics, user privileges, external accessibility, and attack paths. For instance, conventional attack path analysis software offers threat actor perspectives on entry points, asset targets, and threats. Although the data is visually presented, analysts must laboriously decipher step-by-step attack path details and their implications. Here, generative AI offers security teams a concise written summary of attack path analyses. This narrative encompasses attacker tactics, techniques, and procedures from initial entry to asset targeting. This empowers security generalists, even those with limited path analysis experience, to grasp attacker-centered insights into diverse exposures and proactively mitigate risks.
#3 Preventive action: A perennial challenge for cyber defenders is determining the priority of risks. Organisations grapple with thousands of vulnerabilities and misconfigurations, so it’s always a major challenge to identify the most critical risks that must be addressed immediately. Given today’s highly dynamic threat landscape, this is a Herculean task. Generative AI boosts security teams’ ability to prioritize risks and the actions needed to address and mitigate them. Generative AI-powered cybersecurity tools can be a powerful resource delivering actionable insights based on the impact the most critical cyber risks pose to the business. This helps security teams to proactively address risks, thereby curtailing their organisation’s overall risk exposure.
Generative AI holds tremendous potential for both cyber attackers and defenders. While it can help cybercriminals increase the scale of existing attacks, it also equips cyber defenders to match their adversaries.
Defenders must expedite processes and develop novel tools to outpace adversaries. Whether it’s for analysing malicious code, creating playbooks for incident response, or adopting a preventative security approach, generative AI offers an avenue to enhance safety. Organisations must find ways to leverage this powerful technology to boost their cyber defenses.