AI and genAI: Navigating a practical path to identity security insights amid all the hype

The virtues and magical properties of AI and Generative AI (genAI) are being splashed everywhere these days. They will deliver amazing results and alleviate all our security and identity security problems, right? That is, if genAI isn’t morphing to take over the world. Among all the hype and FUD, it can be very difficult to find practical and useful capabilities, but there are smaller steps you can take to embrace the useful capabilities that are available - while avoiding the grandiose and immature.

However, we do all know there are certain challenges and stresses that security teams face today, and that these teams need help:

• Security teams never have enough resources to go around – and the volume of data teams are faced with as they look for threats – trying to find the ‘needle in the needlestack’ (even harder than finding the needle in the haystack!) – is overwhelming.
• Analytics and reporting teams also tend to not have enough resources to go around, meaning they are overwhelmed as well.
• Many folks on security teams are so bogged down in the care and feeding of their on-premises security technologies that they have not been able to develop deep knowledge of identity security?or?Privileged Access Management, making it impossible to analyze identity governance models or privileged data sets, ask the right questions, or interpret information to address risk.

In a recent Delinea global survey, IT and security leaders told us they were expecting to use Artificial Intelligence (AI) to improve identity security”: 40%?of respondents said their #1 expectation as for AI to help with “monitoring and reporting”, while 33% said they were expecting AI to help when “assessing risk.”

?The good news is that among the grand promises, there are practical applications for AI that can benefit security teams now. When these capabilities are paired with easy-to-use UIs and advanced automation, the benefits really abound. Let’s take a closer look at what’s available today and how it can help.

Key AI capabilities to evaluate now: Advanced session recording, auditing, and risk scoring

In the Gartner? Hype Cycle for Digital Identity, 2024, “AI methods can help organizations achieve a manageable, sustainable solution to meet their target outcomes for access administration.”

Specific capabilities that have been and are being introduced, such as advanced session recording and automatic analysis, auditing, and risk scoring based on context, can deliver?immense?time savings and improve security?by proactively identifying anomalies in privilege sessions, reducing dwell time of cyber threats and negative impact on business performance.

Use AI to identify identity and privilege-related anomalies faster

Look for AI-powered analytics combined with privileged session recording to empower teams to investigate events for indicators of compromise and provide post-event identity forensics. Within session recordings, AI-driven auditing should automatically surface early indicators of potential cyber incidents, such as authorization and privilege?elevation failures, which can be easy to miss among the sheer volume of normal events. AI also can identify and flag sessions that experience the most common patterns associated with breach attempts and should be able to take you directly to the moment in the session recording where the issue(s) occurred. For overworked teams struggling to identify root causes of security incidents and respond effectively, these capabilities can help provide greater efficiencies and help teams get out of react mode and more proactively protect the organization.

Allow AI to help identify the most significant risks for more focused prioritization

AI-enabled risk-scoring can help customers gain a comprehensive view of identity-associated risk and better prioritize work, so that they can focus on the most impactful issues. In this scenario, an AI engine can automatically analyze the amount of privilege an individual user has and the accounts they have access to. It can review activity and uncover threats and issues to create a risk score based on the potential impact of a compromise connected to that identity. The AI engine should be able to show all these details around the risk-scoring context in an actionable report that also provides summarized recommendations to help reduce vulnerabilities and remediate incidents.

Trust but verify! Risk scoring should not be an impenetrable black box. Make sure you can see how the risk score is calculated, and that you can tune it to meet your organization’s risk management requirements.

Surface insights by asking questions in natural language, and let AI do the finding

At this stage in the evolution of genAI, it’s ok to allow it to do the heavy lifting and fancy filtering across data sets. Ask questions in plain language and get instant access to curated information: You should be able to launch queries ad-hoc directly in your workflow without switching environments.

Users should now be able to ask: “What privileged accounts are expired” or “What privileged elevation requests have MFA enabled” and have genAI surface the information in real time, along with supporting materials including the charts, events, segments, properties, filters and groupings. The returned results should also provide original sources, so you can verify the accuracy of the results.

At any point, you should be able to see the underlying query structure and refine it. You should also be able to ask follow-up questions to clarify or narrow results.

Don’t forget to take a privacy-centric approach to AI

There are a lot of concerns about AI when it comes to privacy and security. Transparency, including the ability for your team to be in control of the questions and the associated data, is a key thing to look for. You should also be able to understand how the genAI model reaches its conclusions, as well as being able to incorporate your own institutional knowledge and security policies to get the best results.

Additionally, look for a solution that does not use customer data to train third-party AI models, and avoid the risk presented by solutions that send customer query results to a third-party AI service. ?

AI really has come a long way. It’s time to move forward and start adopting practical applications of AI –avoiding hype and while being cautious around privacy and security.

Delinea has your practical AI needs covered

Delinea is excited to be recognized as a Sample Vendor for AI for the access administration category and has a lot to offer in this area today … with more coming in the near future. Delinea capabilities enable effective Identity-first security, delivered via a cloud-native, elastic and scalable platform and has baked advanced AI capabilities directly into its platform capabilities. These capabilities will support advanced session recording, auditing, and risk scoring to help teams become more efficient. Delinea has applied AI to support platform use cases to:

• Identify identity and privilege-related anomalies faster
• Deliver context-based risk scoring to help teams prioritize more efficiently
• Ensure there’s a security- and privacy-centric approach to AI

New:?Conversational AI for “how-to” support

Just last week, Delinea introduced the public preview of Delinea Expert, which delivers GPT-enabled tech support for all customers on the Delinea Platform. ?This AI capability leverages Delinea’s comprehensive help center documentation, articles, best practice guides, and training materials to deliver instant answers to technical questions.

To learn more about how Delinea is empowering customers with AI and genAI capabilities to help power Identity Security use cases in a pragmatic and secure way, join our customer-only webinar with our product management experts on October 17. Register here. ?