Incorporating GenAI into Cybersecurity

Originally, I intended this to be a quick article but the more I delved into the top of GENAI and how we can use it in Cybersecurity, the longer it became.?? As I looked for areas to cut, I realized that every section had important information so rather than write an article that was too high level, I decided to break this up into a multi part post.?? Look for the remaining parts in the weeks to come.?

?

It has long been known that there is just too much data in a modern organization to maintain good operational awareness without relying on various tools to conduct the analysis needed.?? Initially, we were provided some simple pattern matching abilities in our SIEMs and other log aggregation tools but honestly, those have their limitations.? Simple deviations in pattern recognition tools, can lead to gaps in our understanding of risk.? We can be led to the false belief that we are better off than we are.? This disconnect between belief and reality can be catastrophic.?

In recent years, Artificial Intelligence (AI) has emerged to take an integral role in our strategies.?? This is due to its ability to rapidly analyze and interpret the vast amounts of data that we deal with daily.?? AI, and its “child” Machine Learning (ML) can identify patterns and anomalies that may indicate problems that must be addressed, and it can do this at a level of efficiency and accuracy that far surpasses our traditional methods.?

In this series, I will dive into my views on how AI and ML can be used to assist us in:

·?????? Threat Detection

·?????? Incident Response

·?????? Risk Assessment

·?????? Compliance Monitoring and

·?????? Security Training; among others.?

Before I dive any further into this, let me provide the caveat that the use of AI is not without its challenges.?? We must be ever mindful that it is easy to become over-reliant on AI leading us to be complacent in our security postures.? We shouldn’t let AI make all the decisions for us.? It should inform our decisions but not dictate our decisions.?

AI and ML have been around for quite some time, but its recent variant has caused a renewed interest in what it can do for us.?? GenAI or Generative Pretrained Transformer AI, as its proper name is, is a cutting-edge AI model that utilizes machine learning techniques to not only understand human speech (vocally or via text) but to generate human like responses.? It’s main strength as I see it is to handle sequential data while keeping the broader context in the forefront.? ?The most common example of GenAI is ChatGPT but there are others out there on the market such as Perplexity.ai, Dall-E, and NotionAI among others.?

GenAI’s capabilities are extensive, and it is suitable for a wide range of applications.?? Let me review two of those that I feel are particularly relevant to how we can use GenAI within Cybersecurity.?

The first of these is Text Generation.?? The main feature of GenAI is that it can generate a human-like interaction and responses.? This means that you can “talk” to it like you would talk to a colleague.? GenAI can then answer you in kind.? It is also capable of performing tasks such as drafting emails, proof-reading written passages, writing code, and creating other kinds of content from articles to images and more.?

The second of these capabilities is Sentiment Analysis.? This one is a key capability.? I have always been a proponent that whatever you decide to analyze or measure, needs to be interpreted in light of the context in which it was created and in which it will be used.? GenAI can understand the sentiment (or context) behind your query, and it can modify its response accordingly.?? It also understands the sentiment of the entire conversation so that a user can build off their first query and develop a layered approach to the answer they are looking for.?

This is where I’m going to stop at the moment.?? I talked briefly about what AI is and how it can be used.?? Next time I’ll address GenAI and the role it can play in Threat Detection, Incident Response, Risk Assessment, Compliance Monitoring, and Security Training.? ?Hopefully, you will join me for those.?

Another note, please share this and present your opinions in the comment section.? I’m not writing this to hear my own voice.? I’m trying to spark a conversation and hear your perspectives.? All of you have a point of view that I may not have considered and learning what that is, helps me to evolve my own opinions.??