This is what artificial intelligence (AI) will look like in 2023. déjà vu to me. In 2001, when I was just entering the venture industry, I remember the typical VC reaction to a startup pitch being: ? ” Today, every time a new company pitches a product that uses AI to do “X,” the VC industry asks, “Can’t ChatGPT do that?”
22 years later, Microsoft is at the table again. This time, they’re betting $13 billion by partnering with OpenAI to bring new products to market like Security Copilot, which uses the recently launched text-generating GPT-4 to understand the threat landscape. details below). But just as Microsoft didn’t prevent thousands of software startups from succeeding in his early 2000s, I don’t expect Microsoft or any vendor to own this new AI-enabled market.
But the market explosion and hype around AI in all areas of business and investment over the past few months has left people wondering, “What do we think of all this?” More specifically, how do CIOs, CSOs, and cybersecurity teams learn how to deal with technologies that can pose serious security and privacy risks?
good things, bad things, scary things
We’ll take a look at the pros, cons, and horrors of recent Microsoft announcements. The amazing thing about ChatGPT and its descendants is that they offer an accessible level of functionality to the masses. It’s versatile, easy to use, and usually delivers solid results.
Traditionally, organizations have needed highly trained analysts to classify, analyze, and process security data. This required knowledge of specific query languages and constructs related to each product such as Splunk, Elastic, Palo Alto/Demisto and QRadar. It was a tough job and the talent pool available was never enough.
That challenge with SIEM (security information and event management) and SOAR (security orchestration, automation, and response) still exists today. SIEMs help companies collect and analyze security-related data from servers, applications, and network devices. Data is analyzed to identify potential security threats, alert security teams to suspicious activity, and provide insight into enterprise security defenses. SIEM systems typically use advanced analytics to identify potential threat patterns, anomalies, and other indicators.
Based on SIM capabilities, SOAR automates security workflows to help businesses respond to security incidents faster and more efficiently. SOAR platforms can be integrated with various security products such as enterprise firewalls, intrusion detection systems, and vulnerability scanners. SIEM/SOAR is where you coordinate the actions of your incident response plan. Using these actions will help in the remediation process. Managing the processes and products involved in remediation is difficult.
Microsoft is currently focused on developing a generative AI Security Copilot tool. With Security Copilot, the technology company is enhancing its data security product’s capabilities for deeply integrated analysis and response. By integrating GPT-4 into the Security Copilot, Microsoft hopes to work with enterprises to:
- Identify malicious activity more easily.
- Summarize and understand threat intelligence.
- Collect data on various attack incidents by prioritizing incident types and levels.and
- Recommend clients how to remove and remediate various threats in real time.
And what do you think? In theory, it should be easier to use the GPT APIs and other tools to classify all your data and find ways to leverage them with your incident data. These systems should also make more automated responses and orchestration easier.
Overall, the arrival of GPT-4 could be a step towards the industry’s dream of a “cyber moneyball”, leveraging the experience and wisdom of the crowd to enable a more robust defense posture. increase. It will also enable stronger defenses for smaller organizations that currently do not have sufficient resources or expertise.
everything is trust
However, there are still major obstacles to overcome when it comes to adoption and trust. First and foremost, many organizations are still reluctant to share incident data with others, even if it is anonymized, as it can lead to information leaks, bad press, and brand damage. Sharing has been discussed for years, but for these reasons it is rarely done in a systematic or technology-enhanced way. The best sharing practice going on now is for his CISO in the industry to talk among a tight-knit group of colleagues when something important happens. So, given that we have been reluctant to share it in a meaningful way so far, the industry has taken a long time to put data on this platform or on third party platforms for fear of exposing the data in any way. I think it will take a while.
Another hurdle is overcoming privacy and security concerns. Microsoft claims privacy and security are maintained by integrating data into its own systems. Security Copilot does not train or learn from customer incident or vulnerability data. But without full transparency, markets will remain skeptical. Users fear that attackers will use the same GPT-based platform of his to launch attacks targeting perceived system vulnerabilities, regardless of what ELA makes a statement to the contrary. There is likely to be. Wouldn’t an attacker like to ask, “Write an exploit that can penetrate Company X’s defenses?”
There is also the question of how systems can learn from the latest attacks if they are not trained on data from customer organizations. The system would be even more powerful if it could actually learn from customer incident and vulnerability data.
Full transparency on security and privacy is ensured given extensive knowledge from other public and non-public sources, even if specific details are not available from specific customers Assuming this AI-based system could belong to the adversary What is your favorite exploit development tool?
Considering all this, using ChatGPT in cybersecurity comes with potential risks and benefits.
Microsoft has big ambitions for Security Copilot. This is a tough order, but I hope they do the right thing for everyone’s sake.
know the potential consequences
Microsoft-sponsored GPT-4 could be a great tool if you’re looking to figure out how to block all potentially harmful activity. If you can train your system to focus on the positives and keep your own internal data from being compromised, it will be a powerful tool for mainstream analysis of security incidents and security. So far, this has only been done using highly sophisticated, expensive manpower and complex systems at the high end of the market.
But let’s say a medium-sized company that doesn’t have the best cybersecurity resources or the best data security team chooses to expose their data to Microsoft and GPT-4. In that case, I want you to know that there may be side effects. Buyer responsible!
