Will AI Help or Hurt Cybersecurity? Definitely!

00:00

What are two of the hottest topics not only in  IT, but in society these days? Well, if you said  

00:07

artificial intelligence and cybersecurity, I'd  agree with you. Both are really hot. In fact,  

00:15

even your non-technical friends have heard of  these and may be talking about them and asking you  

00:20

questions. And I'm going to suggest to you this  intersection between the two. Even hotter still.  

00:26

So what are we going to talk about in this video?  I'm going to talk about what from a cybersecurity  

00:31

standpoint, AI can do to you and what it can do for  you. So let's take a look at that. We're going  

00:37

to start with some of the downsides first, and  then we'll conclude with some positive things.  

00:42

On the downside, what could AI do to us from a  cybersecurity standpoint? Well, it turns out that  

00:49

a lot of times we're able to tell about a phishing  attack because the English language of the writer  

00:54

is not so good. It's not their first language.  However, you could now go into a chatbot and use  

01:00

it to generate very natural sounding language,  even though you might say "But Jeff, there are  

01:07

protections in some of these chatbots" that if  you tell it to write you a phishing email, it  

01:12

won't do it. There are also ways of re-engineering  your prompt so that you can get past that. So this  

01:18

is one area where phishing attacks are going to  get better. And the ways that we've been able to  

01:23

detect them in the past are not going to be so  effective anymore. What's another thing? Well,  

01:27

on the positive side, this generative AI and  chatbots and things like that are able to write  

01:33

code for us. So if I want to, I can have it write  code and do it really quickly and effectively. It  

01:40

also means it can write malware as well. It also  means it could insert malware into the code that  

01:46

I have. It also means it could insert backdoors  into the code that I have. So we have got to also  

01:53

verify when we ask it to write code for us that  in fact, the code that it's giving us is pure  

02:00

and is doing what we intend for it to do. Another  thing it could do to us, misinformation. How does  

02:07

this happen? Well, these are generative AIs. So  one of the things that they suffer from is this  

02:13

issue we call hallucination, where it may make up  information or conflate two things that are not  

02:19

really related to each other and give a false  impression. Also, we could have a determined  

02:24

attacker who is doing what's known as a prompt  injection where they're inserting bad information  

02:29

into the system. Or they're attacking the corpus,  that is, the body of knowledge that the system is  

02:35

based on. And if they were able to do that, then  what comes out would be wrong information. So we  

02:41

have to be careful to guard against overreliance  and make sure that we're verifying and testing  

02:47

our sources so that we can make sure that they're  trustworthy. One other example I'll give you here,  

02:52

and there are actually many, but I think this  one's particularly interesting is this idea of  

02:57

a deepfake. A deepfake is where we basically  have an AI system that is able to copy your  

03:04

image and likeness, your mannerisms, your voice,  your appearance, all of these things to the point  

03:11

where someone is looking at a video of you and  they can't tell if it really was an actual video  

03:17

of you or a deepfake where we could have you  saying things that weren't true. And therefore,  

03:22

if we're going to trust this kind of system, we  need a way to verify these things. But right now,  

03:27

the deepfake technology has gone so far ahead in  a very short period of time that it's going to  

03:33

be hard to verify those kinds of things. Okay,  we've just talked about what AI can do to us.  

03:40

Now let's look at some positives. What can AI do  for us in the cybersecurity space? It turns out  

03:45

a lot. In fact, we do a survey each year that we  call the "Cost of a Data Breach" survey, and the  

03:52

report that came back this year indicated that  the number one thing you can do to save on the  

03:58

cost of a data breach and improve your response  time is the extensive use of AI and automation.  

04:05

And here's what it can do. On the one hand, it can  save on average $176 million per data breach. With  

04:14

the average data breach costing four and a half  million. That's a significant savings. It can also  

04:20

cut down the mean time to identify and contain a  breach by 108 days. That makes a big difference.  

04:29

So we know this is effective. Now, what are  we doing to make these kinds of results? Well,  

04:34

it turns out a lot of what we do in this space  is to do better analysis. We're going to analyze  

04:43

large data sets, lots of information that we  have out there. It's very hard to find patterns  

04:48

if I give you a whole large dataset, but if  I use a technology called machine learning,  

04:55

I can do a lot better job of spotting outliers and  anomalies, which is what we want to do in security  

05:01

a lot. Now, I mentioned machine learning. What is  that? Well, if you think about AI in particular as  

05:07

this large sort of umbrella term with a number of  technologies involved, well, machine learning is  

05:13

a subset of that that specifically deals with some  of these kind of analyzes that I've just referred  

05:20

to. Machine learning is what is often used in the  security space. We do it a lot because, again,  

05:26

it's very good at spotting anomalies and outliers  and patterns, and that's what we need a lot of  

05:31

in the security space. So we're doing a lot of  this today, and a lot of these results come from  

05:37

leveraging machine learning, which is a subfield  of AI. What else I mentioned? Automation. Well,  

05:44

I can help us in the automation task as well,  and I'll give you a few examples coming up. But  

05:50

some of the things it can do is anticipate what we  need to do next. And some of those kind of things  

05:56

really start coming in from the area of deep  learning, which is a subfield of machine learning.  

06:02

And then now this really new area that everyone  is talking about these days, foundation models,  

06:07

or you may hear them called large language models,  generative AI chatbots. They all exist in this  

06:14

space down here. What can we start doing? As  I said, security has mostly leveraged this  

06:20

in the past. What can we start doing to leverage  some of this stuff going forward? Well, it turns  

06:26

out a lot of things. Because one of the things  that foundation models are really good at is  

06:31

summarizing. They can be fed a lot of information  and then it can give you a very quick summary of  

06:38

that. Why would that be useful? Well, if you've  got tons of documents you're trying to review, it  

06:43

could give you the net, the cliff notes of that.  Another good use case for this would be incident  

06:49

summarization and case summarization. If I'm  seeing lots and lots of cases in my environment,  

06:54

this kind of technology could be used to tell me  what are the trends among those cases. Are these  

07:01

things all related or are they all very different?  And my guess is there are probably at least a few  

07:05

things that are similar about these. So that's  another nice use case that we'll see coming in  

07:12

the future from generative AI, foundation models  into cybersecurity. Some other things we can do.  

07:19

We know these kind of chatbots are good at  interacting, so you can respond to them in  

07:28

natural language. You don't have to format your  queries using a particular query language or using  

07:33

a particular syntax. You use the natural language  that you're used to. So for me, I would state in  

07:40

English, "What--are we being affected by this  particular kind of malware?" And maybe what it  

07:46

could do is build a query for me that I can then  run into my environment and it comes back and  

07:51

tells me, am I affected or not? And I can then ask  more questions. "Tell me more about this kind of  

07:56

malware. What kind of indicators of compromise are  there that are associated with this?" All of that  

08:02

stuff gives me a very easy, intuitive way to get  information that is highly technical out of the  

08:09

system and do this much faster. Another thing we  might want to do is generate playbooks. Playbooks  

08:18

are the things that we use in incident response  when we're trying to figure out what do we need to  

08:22

do once we've had an incident. So generating these  on the fly, generative AI, generating playbooks,  

08:30

you can see where there might be some type of  crossover. This is a good use case also for this  

08:35

technology. So expect to see more of that. And in  fact, there could be other types of things where  

08:40

we're using generative, creative technology  because these things really are creating. For  

08:45

instance, with threat hunting. A threat hunter is  basically coming up with a hypothesis and saying,  

08:52

I wonder if someone were to attack us, maybe  they would do the following things. And we  

08:58

have a limitation in terms of our imagination.  Sometimes the bad guys may dream up scenarios  

09:03

that we don't. So it might be useful to have  a system that can dream up scenarios we didn't  

09:08

think of using a generative AI to generate  hypothetical cases that we then go out and  

09:15

automate and do a threat hunt in our environment.  This is all really super exciting stuff, I think,  

09:21

and it shows exactly what we'll be able to do in  this space because what we want to be able to do  

09:26

is move away from being purely reactive to a more  proactive way of doing cybersecurity. And that's  

09:35

the good news in this story. We've got AI and  cybersecurity, and if they're working together,  

09:41

as you see here, we can end up with a more  proactive solution that's more cost effective  

09:46

and keeps us all much safer. Thanks for watching.  If you found this video interesting and would like  

09:52

to learn more about cybersecurity, please remember  to hit like and subscribe to this channel.