In the cybersecurity industry, we’ve been talking about AI for many years already. Most SOC teams already have security tools that use machine learning or predictive AI. But after generative AI tools like ChatGPT and Midjourney hit widespread use in 2023, it felt like we collectively hit the “peak of inflated expectations.”
It’s 2024, so are we finally getting past the AI hype?
Table of contents
Getting Past the Hype about AI in Security Operations
Many of us in the security space have experienced the “trough of disillusionment” before. We’ve already been disappointed by past generations of solutions making big promises about AI.
But now, we’re starting to get really excited about new AI-powered tools for a few reasons.
The security industry is facing a serious resource shortage, AI models are proving they are much more mature, and everyone else is adopting new AI tech. When I say everyone, I mean the threat actors are rushing to take advantage of AI. Businesses are pushing to integrate new Large Language Models (LLMs) and AI-driven automation
2023 was truly a turning point for AI-powered tools and we’ve been excited to see more companies discover the Autonomous SOC platform
many more companies are looking at how they can take advantage of new AI tools. For everyone who fell into the “trough of disillusionment”,
However, with the current economic climate, the need for efficient AI solutions in cybersecurity is more urgent than ever. Large language models and generative AI, such as OpenAI’s ChatGPT, have the potential to revolutionize threat detection and response. But we need to learn how to harness these advancements effectively.
In this blog, I’ll keep the focus on practical use cases for AI in cybersecurity. Our team share key takeaways and insights that we hope will be helpful.
Joining me in this discussion are Itai Tevet, CEO and co-founder of Intezer, and Shaul Holtzman, our director of sales engineering. Itai emphasized the role of AI in automating and refining security processes, while Shaul highlighted how security teams can customize AI tools to suit their needs.
Can We Trust AI Models to Handle Cybersecurity Tasks?
Can we trust AI? The short answer is yes, but with caveats.
For example, Generative AI is good at analyzing text-based evidence, translating languages, and generating reports from unstructured data. However, it has limited critical thinking capabilities and tends to align with the bias of the input it receives. New AI models are not a one-size-fits-all solution, but a powerful tool when used correctly.
Challenges and Concerns in Adopting AI
Adopting AI has its challenges. Privacy is a major concern, especially when dealing with sensitive security data. Customization is key, as there is no ‘magic prompt’ that works for every scenario. Cost management is also crucial, as API usage for automation can quickly escalate expenses.
Best Practices for Using AI in Security Operations
When integrating AI into your security operations, focus on privacy-oriented models. Share effective prompts within your team and consider training AI with your organizational data. It’s also advisable to proceed gradually, starting with manual experimentation before moving to API-driven automation.
The Future of Jobs in AI-Enhanced Cybersecurity
A common concern is whether AI will make certain cybersecurity jobs obsolete. Our conclusion is that AI, combined with automation, might soon render basic alert triage tasks unnecessary. However, this shift opens up opportunities for security professionals to focus on more complex and strategic aspects of cybersecurity. Learning to leverage AI is becoming an increasingly valuable skill.
Intezer’s Autonomous SOC Solution
Intezer’s Autonomous SOC solution integrates seamlessly with existing detection systems, automatically investigates alerts using AI and other techniques, and escalates only serious incidents. This approach enhances accuracy and efficiency without adding complexity.
Conclusion
Our discussion emphasizes the importance of embracing AI in cybersecurity. While AI is not a silver bullet, it is a potent tool that, when used judiciously, can significantly enhance our security operations. The key is to understand its strengths and limitations and to integrate it thoughtfully into our processes.
