CDSA

Generative AI (GenAI) “turbocharges” security operations (SecOps) performance and streamlines responses to cybersecurity attacks, according to Fortinet.

Citing International Information System Security Certification Consortium (ICS2) data, Fortinet notes that 75% of security practitioners say the current threat landscape is the most challenging it’s been in the last five years.

The challenge facing security analysts is keeping up with the increasing complexity and volume of threats.

On Feb. 20, during the webinar “GenAI: The Next ‘Must Have’ Tool for Every SecOps Team,” Kevin Faulkner, director of product marketing, Security Orchestration, Automation, and Response (SOAR), at Fortinet, said using GenAI enables SecOps teams to make better decisions, rapidly respond to threats, and simplify daily tasks.

Embedding GenAI in SOAR, as well as Security Information and Event Management (SIEM), can: inform and guide investigations, recommend remediation actions, execute natural language commands, and automate tasks such as playbook creation, according to Fortinet.

Taking viewers on a trip down memory lane, Faulkner pointed to the introduction of the search engine Ask Jeeves, in the 1990s, noting that it allowed users to make natural language queries and get answers to their questions.

But Ask Jeeves used “simple technology compared to today,” and had a limited database that could be tricked easily to provide “bizarre” answers, he said.

“Today, of course, we’re in a very, very different world, where ChatGPT, [Google’s] Bard and others allow us to do natural language queries again,” he said. “But by using large language models and massive data and training and deep learning AI, they’re able to give us some really astounding answers.”

GenAI can, among its other positives, provide analysts with immediate cybersecurity intel and best practices, he said.

But he conceded: “You might be looking at it and say, ‘well, I don’t trust it.’ Maybe it’s too risky. Maybe it’s not secure enough and I’ve got data privacy concerns.”

One goal of the webinar, he said, was to “alleviate those kind of concerns from you today as we go through what the real value can be and the different ways that it’s being delivered to you by security vendors.”

Vendors can take steps to “improve the accuracy, dependability, and the security of the outputs of ChatGPT, Bart and others,” he pointed out.

And “there’s a really good reason” to turn to GenAI for SecOps today, he said, noting the state of GenAI, with its “natural language abilities and the abilities that we would like to at least use today within GenAI are largely around working with humans, informing humans, and helping humans get something done. And that’s exactly what” is needed in SecOps today.

He explained: “There may be a lack of expert staffing. You’ve got overburdened analysts. You’ve got so many alerts coming in that you don’t have time to investigate all of these threats. Efficiency is really important. So is expertise. So is retaining the talent. But all these things are coming together to really mean that you’ve got an elevated risk of serious breach that you’d like to be able to do something about.”

GenAI, he said, is “going to be able to help that, in very significant ways, by giving analysts immediate cybersecurity intel [and] access to best practices.”