The use of custom-tuned models in private instances for security and control purposes is gaining momentum in the cybersecurity field. By utilizing APIs instead of direct interaction with the models, analysts can ensure guardrails are in place to guide their queries and receive answers in a safe and convenient manner.
According to Foster, an industry expert quoted in a recent article, the future of cybersecurity analysis may involve interactions with AI models akin to the way Tony Stark communicates with Jarvis in the Iron Man movies. This level of capability could potentially lead to automated actions based on the AI’s recommendations, such as remediation of security vulnerabilities.
Netskope, a global solutions integrator, has already begun utilizing generative AI models like ChatGPT and Copilot to enhance their security monitoring and response efforts. By leveraging AI for tasks such as writing scripts, assembling background information, and creating threat summaries, analysts can increase their efficiency and focus on more complex issues.
Insight, another solutions integrator, has found success in using generative AI to review compliance policies and provide recommendations based on regulatory frameworks. By tapping into internal and external knowledge bases, AI models can offer valuable insights to help organizations align their policies with industry standards.
Looking ahead, the potential uses of generative AI in security operations centers are vast. Companies like Secureworks are exploring ways to integrate AI into their orchestration engines to automate security actions without human intervention. While there are concerns about the impact of AI on human analysts, experts believe that AI will augment rather than replace human roles, allowing analysts to focus on higher-value activities.
However, there are challenges associated with the implementation of generative AI in SOCs. Studies have shown that AI performance can degrade when pushed beyond its capabilities, underscoring the need for careful vetting and training of these tools. Companies must invest in training programs to ensure that analysts have the necessary skills to effectively leverage AI technologies in their security operations.
Overall, generative AI has the potential to revolutionize the cybersecurity landscape by enhancing the efficiency and effectiveness of security operations. While there are challenges to overcome, the benefits of AI in SOCs are undeniable, and organizations that embrace this technology stand to gain a competitive edge in an increasingly complex threat landscape.