Last Updated on May 12, 2023
One of the main reasons I attended the recent RSA Conference (RSAC) 2023 in San Francisco was to check out up-and-coming AI-based solutions for proactive cybersecurity. Pivot Point Security has been pushing this envelope in several ways and I wanted to compare notes with the experts.
Hoping the good guys will win
My takeaway from many interesting conversations is that all the energy behind AI and machine learning (ML) puts earlier and more precise detection of security incidents on the near horizon.
Because of the increasing benefits this technology will bring as it continuously improves, I tend towards optimism that the white hats will ultimately get more overall advantage from AI than the cyber criminals. But plenty of people disagree with me on that.
Intriguing new use cases
Several interesting ML use cases for large language models (LLMs) were being demo’d and discussed at the conference. One cool and potentially very helpful approach seeks to automatically group potentially related events from across the environment into a “portrait” of an incident.
Another interesting LLM idea attempts to do natural language processing of cybersecurity queries. Say you’re worried about a one-time password (OTP) bot attack. With existing tools, you might search for indicators for compromise, which requires knowing the query syntax and what field that data might be stored in. Or you might look at ports a bot is known to communicate on. Or whether it was communicating with its command-and-control via an FQDN or IP address… In short, a time-consuming effort requiring significant expertise.
With natural language processing your query could be “Is there evidence of an OTP bot in my environment?” From there, the AI would hopefully be “smart” enough to run appropriate searches against your huge pool of data and bring back the most relevant patterns. Solutions in this realm are very promising for security teams and already emerging in leading products.
For more insights on this topic, tune in to Episode 117 of The Virtual CISO Podcast, featuring Pivot Point Security CISO and Managing Partner, John Verry.