5 ways generative AI will help bring greater precision to cybersecurity

Generative AI is dominating cybersecurity roadmaps and user events

VentureBeat regularly gets briefings from cybersecurity vendors about their roadmaps. We’ve observed five ways generative AI has become the cornerstone of existing platform refreshes and new platform and app development. Zscaler’s Zenith Live 2023 event last week reflected what’s coming this year in generative AI products, both those under development and those ready for launch.

>>Follow VentureBeat’s ongoing generative AI coverage<<

These cybersecurity vendors have announced generative AI products and services: 

Airgap Networks: One of the top 20 startups to watch in zero trust, AirGap Networks, with its Zero Trust Firewall (ZTFW) platform with ThreatGPT, reflects how quickly and completely DevOps teams are capitalizing on generative AI’s strengths to add value for prospects and customers. ThreatGPT uses graph databases and GPT-3 models to reveal cybersecurity insights. The company set up GPT-3 models to analyze natural language queries and identify security threats, while graph databases provide contextual intelligence on endpoint traffic relationships.

Cisco Security Cloud: Cisco announced a new series of generative AI products and services at its CISCOLIVE event earlier this month. Among the manyannouncements are new generative AI features added to Cisco’s Collaboration and Security portfolios, new generative AI-powered summarization features for the Cisco Webex platform, and new AI capabilities in Cisco Security Cloud designed to simplify policy management and improve the time to a threat response. 

CrowdStrike: CrowdStrike’s deep AI and machine learning (ML) expertise is reflected in every aspect of its product and services strategy. From turning its XDR framework into a growth engine to the many new AI/ML-based products launched at its 2022 Fal.Con event, CrowdStrike’s ability to use AI/ML and now generative AI to reduce risks while delivering greater precision is noteworthy. Its latest product is Charlotte AI, a generative AI security analyst.

“If you look at CrowdStrike’s conception in 2011, one of the things that [CEO] George [Kurtz] talked about was that we couldn’t solve the security problem unless we used AI,” Michael Sentonas told VentureBeat during a recent interview. “In the lead-up to going public as a company, he also talked about AI, and since we’ve gone public, every quarter when we talk to Wall Street, we talk about AI. We’ve been using AI as part of our efficacy and prevention models, and we leverage AI when we do threat hunting. It’s a core part of what we do.”

Google Cloud Security AI Workbench: Sec-PaLM, Google’s security large language model (LLM),   powers Google Cloud Security AI Workbench. One of its key goals is to provide an extensible platform that can flex and adapt in real time to enterprises’ rapidly changing workloads and requirements. Google announced that it is relying on partner plug-in integrations for threat intelligence, workflow, and future security features. 

Microsoft Security Copilot: This is a GPT-4 implementation that adds generative AI to Microsoft’s in-house security suite. It detects breaches, connects threat signals and analyzes data using OpenAI’s GPT-4 generative AI and Microsoft’s security models.

Mostly AI: A synthetic data generation platform that relies on generative AI and is gaining rapid adoption across enterprises, educational institutions and government use cases, the Mostly AI platform can automatically learn new patterns, structures and variations from existing datasets. Customers also use the platform to generate realistic simulations and representative synthetic data at scale. 

Palo Alto Networks: Palo Alto Networks’ CEO Nikesh Arora remarked on the company’s latest earnings call that the company sees “significant opportunity as we begin to embed generative AI into our products and workflows,” adding that the company intends to deploy a proprietary Palo Alto Networks security LLM in the coming year. 

Recorded Future: Recorded Future trained OpenAI’s GPT model on more than 10 years of research insights (including 40,000 analyst notes) and 100 terabytes of text, images and technical data from the open web and dark web as well as a decade of expert insight from Insikt Group, to create written threat reports on demand. Recorded Future has integrated trained models with Intelligence Graph.

SecurityScorecard: SecurityScorecard’s AI-powered solution integrates with OpenAI’s GPT-4 to enable cybersecurity leaders to enter natural language queries and receive feedback on cyber-exposure and security gaps throughout their environment. 

SentinelOne: SentinelOne’s threat-hunting platform uses generative AI and neural networks to detect and stop cyberattacks. The platform integrates multiple layers of AI technologies that enable real-time, autonomous enterprise-wide attack detection and response. SentinelOne’s platform is also designed to provide security teams the flexibility of asking complex threat and adversary-hunting questions while running operational commands.

Veracode: Veracode has launched a generative AI-based product called Veracode Fix that uses AI to make suggestions for making the software more secure. The product uses a GPT-based machine learning model trained on Veracode’s proprietary dataset to fix insecure code and reduce the work and time needed to fix flaws.

ZeroFox: ZeroFox has developed FoxGPT, a generative AI-based addition to its External Cybersecurity Platform. FoxGPT accelerates intelligence analysis and summarization across large datasets, identifying malicious content, phishing attacks and potential account takeovers. ZeroFox has continued to develop and add new machine learning capabilities to its platform, keeping pace with the rapid developments in the field.

Zscaler: Zscaler announced three generative AI projects in preview at its Zenith Live 2023 event last week. They include Security AutoPilot with Breach Prediction, Zscaler Navigator, and Multi-Modal DLP. Zscaler also made four new product announcements at the event: Zscaler Risk360, Zero Trust Branch Connectivity, Zscaler Identity Threat Detection and Response (ITDR), and ZSLogin which includes passwordless multifactor authentication, automated administrator identity management and centralized entitlement management.

Deepen Desai, Global CISO and VP of security research and operations, delivered a keynote titled “The Power of Zscaler Intelligence: Generative AI and a Holistic View of Risk” that provided an insightful look at how Zscaler plans to further capitalize on generative AI’s strengths. Desai told VentureBeat that Zscaler relies on customized large language models (LLMs) to predict breaches and ensure policies are set and executed accurately, with greater precision.

Five ways generative AI enhances cybersecurity precision

Detecting anomalies faster than currently available technologies can, parsing logs and finding anomalous patterns in real time, triaging and responding to incidents and simulating attack patterns are a few of the many ways generative AI is already starting to revolutionize cybersecurity. Based on recent interviews with over a dozen cybersecurity leaders, including Airgap Networks’ CEO Ritesh Agrawal, CrowdStrike’s president Michael Sentonas, senior vice president of Ericom’s Cybersecurity Business Unit David Canellos and several others, we identified five areas where generative AI has the most significant impact on current and future product strategies:

1. Real-time risk assessment and quantification

Boards of directors and the C-level executives reporting to them have years of expertise in managing risk. Today’s accelerated, more complex risks create new challenges, however, and open up opportunities for CIOs and CISOs to advance their careers.

The ability to quantify cyber-risk and prioritize costs, expected returns, and outcomes from competing cybersecurity projects is a valuable skill set for any CIO or CISO today. The leading cybersecurity vendors see this as an opportunity to combine generative AI with their platforms and the telemetry data they capture daily to train models. Zscaler’s launch of Risk360 is an example of the type of innovation cybersecurity vendors are pursuing with generative AI.

The greater CIOs’ and CISOs’ ability to quantify and control risk, the greater their potential to progress in their careers. CrowdStrike’s George Kurtz said during his Fal.Con keynote last year that he is “seeing more and more CISOs joining boards. I think this is a great opportunity for everyone here [at Fal.Con] to understand what impact they can have on a company. From a career perspective, being part of that boardroom and helping them on the journey is great. To keep business resilient and secure.”

Leading vendors providing AI-based real-time risk assessment and quantification include Absolute Software, CrowdStrike, Ivanti, Trend Micro with its Trend Vision One™ platform, SAFE Security which launched its Cyber Risk Quantification (CRQ) solution, and Deloitte and its cyber-risk quantification services. 

2. Generative AI will revolutionize extended detection and response (XDR)

Extended detection and response (XDR) platforms use APIs and an open architecture to aggregate and analyze telemetry data in real time. Vendors are also designing their XDR platforms to reduce application sprawl and remove cyberattack roadblocks, relying on generative AI to eliminate the data silos that have previously limited XDR’s latency and accuracy. Generative AI will also contextualize the massive amount of telemetry data available from endpoints, email repositories, networks and web-based apps. XDR platforms are an ideal use case for generative AI, as many rely on a single data lake. Leading XDR providers include CrowdStrike, Microsoft, Palo Alto Networks, Tehtris and Trend Micro.

3. Improving endpoint resilience, self-healing capability and contextual intelligence

Generative AI shows the potential to increase endpoints’ resiliency and self-healing capabilities. Analyzing the data that endpoints generate will yield greater contextual intelligence and insight that LLMs will use to learn and respond to attack patterns. By definition, a self-healing endpoint can turn itself off, recheck OS and application versioning, and reset to an optimized, secure configuration autonomously.

Endpoint data continues to be a significant source of innovation. With generative AI being designed into the platforms of self-healing endpoint providers, the pace and scale of innovation will accelerate. Leading providers include Absolute Software, Akamai, BlackBerry, CrowdStrike, Cisco, Ivanti, Malwarebytes, McAfee and Microsoft 365. 

Each of these providers takes a different approach to managing self-healing and resilience. Absolute’s approach is based on being embedded in the firmware of over 500 million endpoint devices that provide their customers’ security teams with real-time telemetry data on the health and behavior of critical security applications using proprietary application persistence technology. This creates a hardened, undeletable digital tether to every PC-based endpoint. Absolute Software’s Resilience, the industry’s first self-healing zero-trust platform, is noteworthy for its asset management, device and application control, endpoint intelligence, incident reporting and compliance features, according to G2 Crowds’ crowdsourced ratings.

4. Improving existing AI-based automated patch management techniques

CISOs tell VentureBeat that an intrusion, a mission-critical system breach, or a theft of access credentials usually prompts patching. Ivanti’s State of Security Preparedness 2023 Report found that 61% of external events, intrusion attempts or breaches restart patch management.

“Patching is not nearly as simple as it sounds,” said Dr. Srinivas Mukkamala, chief product officer at Ivanti, during a recent interview with VentureBeat. “Even well-staffed, well-funded IT and security teams experience prioritization challenges amidst other pressing demands. To reduce risk without increasing workload, organizations must implement a risk-based patch management solution and leverage automation to identify, prioritize and even address vulnerabilities without excess manual intervention.”

What’s needed is a more generative AI-based approach that strengthens existing risk-based vulnerability management (RBVM) technologies. AI-based patch management systems can prioritize vulnerabilities by patch type, system and endpoint. Improving risk-based scoring accuracy is why vendors are fast-tracking generative AI improvements. Leading AI-based patch management systems interpret vulnerability assessment telemetry and prioritize risks by patch type, system and endpoint.

The GigaOm Radar for Patch Management Solutions Report analyzes the patch management landscape and provides insights into every provider’s strengths and weaknesses. Vendors included in the report are Atera, Automox, BMC Client Management Patch powered by Ivanti, Canonical, ConnectWise, Flexera, GFI, ITarian, Ivanti, Jamf, Kaseya, ManageEngine, N-able, NinjaOne, SecPod, SysWard, Syxsense and Tanium. 

Ivanti’s Mukkamala also told VentureBeat that he envisions patch management becoming more automated, with AI copilots providing greater contextual intelligence and prediction accuracy. “With more than 160,000 vulnerabilities currently identified, it is no wonder that IT and security professionals overwhelmingly find patching overly complex and time-consuming. This is why organizations must utilize AI solutions … to assist teams in prioritizing, validating and applying patches.

“The future of security is offloading mundane and repetitive tasks suited for a machine to AI copilots so that IT and security teams can focus on strategic initiatives for the business.”

5. Managing the use of generative AI tools, including AI-based chatbot services

High on the priority list of CIOs and CISOs who regularly brief their boards on generative AI is the need for tools to manage and monitor models and chatbot services. Airgap Networks, CrowdStrike, Cyberhaven, Microsoft Security Copilot, SentinelOne and Zscaler have announced they have tools available. Look for more cybersecurity vendors to create and fine-tune private LLMs that will need tools for fine-tuning and improving the accuracy and precision of model results. An example is how Zscaler focuses on prompt engineering today, as it previewed at its recent Zenith Live 2023 event.  

The double-edged sword of generative AI in cybersecurity

Interviews VentureBeat conducted with Zscaler’s senior management team and with customers including CIOs and CISOs at Zenith Live 2023 all point to a paradox they are facing: How can generative AI deliver exceptional productivity while risking the release of intellectual property and confidential company information into public models like OpenAI’s? The Zscaler team went after this issue early in their keynotes, with Syam Nair, chief technology officer, taking the lead on the topic.

Nair reassured the customers in the audience that bolstering its ZTX platform and relying on its LLMs, combined with the core of zero trust designed into the platform, was how the company plans on securing customers’ data and privacy. Nair explained to the audience how they could better ensure their data’s security: “This is where zero trust and the need for zero trust for AI applications comes into being.” 

Designing in zero trust, starting with identity, was a common theme at Zscaler Live 360. Zscaler is focused on capitalizing on its own LLMs’ real-time insights and versatility to strengthen zero trust across its platform.