RSAC 2024: Real-world cybersecurity uses for GenAI
Security pros can expect a lot of buzz around GenAI at RSA 2024, where vendors and experts will share how the latest generative AI tools can enhance cybersecurity.
The RSA Conference next week will feature a lot of generative AI rhetoric, but cybersecurity professionals are already trying it out in areas including security hygiene and posture management, incident response, and threat intelligence analysis.
At the mecca of security gatherings in San Francisco from May 6 to 9, the hyperbolic topic du jour will be generative AI -- particularly governance, threats and how GenAI can provide a defender's advantage.
Trade shows like RSAC are always filled with product and industry embellishment. So, the first question worth asking is this: Are security professionals even interested in generative AI?
According to research from TechTarget's Enterprise Strategy Group, the answer is yes -- and overwhelmingly so. When asked if their organization uses open GenAI applications such as ChatGPT for cybersecurity, 75% of security professionals reported they do so regularly, while another 19% said they use open GenAI on an occasional basis.
A lot of this is pure experimentation, but regardless, GenAI is rapidly becoming a go-to tool for threat analysts, malware analysts, red teamers and others.
To dig further, we asked security professionals to identify the use cases where they are using GenAI in any capacity today. Here's what we found.
GenAI for security hygiene, posture management
Nearly one-third (31%) of survey respondents said they use GenAI for security hygiene and posture management analysis and prioritization.
Boy, does this make sense to me. The attack surface is constantly growing and changing, leading to tons of vulnerabilities and critical exposures. The "bad guys" know this and are experts at exploiting these security gaps.
When applied here, GenAI can help security teams identify high-risk vulnerabilities on the attack path, enabling them to prioritize the right actions for cyber-risk mitigation.
Analyzing security data sources
Twenty-four percent said they use GenAI to analyze security data sources and determine which ones should be optimized or eliminated.
I've been saying it for years but it's worth repeating here: Cybersecurity is a big data application. Unfortunately, many organizations interpret this to mean that they must collect, process and analyze everything, while others anchor security to the old standbys such as logs, endpoint detection and response data, and network telemetry, and miss other valuable data sources completely.
AI has the potential to analyze data sources based on things such as targeted industry threats; known tactics, techniques and procedures; the Mitre ATT&CK framework; and past security breaches, and then suggest ways to optimize security data management. Less data and better efficacy? I think any CISO would eagerly pursue these benefits.
Incident response and investigations
Twenty-two percent of our survey respondents said they use GenAI for incident response and forensic investigations.
This is one of the mainstream use cases we'll hear a lot about at RSAC. GenAI can automate response actions or at least guide analysts in the right direction. GenAI could also be a helper app for forensic investigators, easing the process of determining what happened and when. It's all about improving the security team's efficiency.
GenAI for threat intelligence
Twenty-two percent said they use GenAI for threat intelligence analysis. This is bound to be a major use case. Threat intelligence analysis is an advanced skill that many organizations can't afford, or they can't find security pros with the right skill set to hire.
In the past, many firms lived with this deficit and tried to focus on blocking indicators of compromise or known malware, but this strategy is no longer effective as adversaries use social engineering tactics and living-off-the-land techniques to push attacks under the radar.
The key objectives with threat intelligence today are getting "left of boom" -- i.e. responding to attacks before they happen, and understanding strategic business risks associated with all things IT. CISOs will lean on GenAI to bridge the threat intelligence analysis gap, with tools that filter massive amounts of threat intelligence data and produce customized analysis based on an organization's size, location, industry and existing defenses. Service providers in the threat intelligence analysis space will use GenAI tools as they take this on as a proxy for customers.
Risk scoring with GenAI
Twenty-one percent said they use GenAI for risk scoring. Enterprises typically have thousands of open software vulnerabilities at any time. Using methods such as CVSS scores to prioritize patching still leaves them with hundreds, if not thousands, of remediation tasks for IT operations.
GenAI can help correlate software vulnerabilities to factors such as known threats, adversary "chatter" and asset value, and then churn out reports highlighting patching for security and IT teams. These reports might also turn into automated remediation actions over time.
One consistent thing I hear from security professionals is their interest in the capabilities of GenAI, such as natural language query, report creation and recommendations. These are already helping security pros with time management -- a critical need in an era of continual security skills shortages and overwhelming workloads.
In summary, the 2024 RSA security conference will be all abuzz with GenAI hype and vendor gaga, but for good reason. My esteemed colleague, Dave Gruber, will present more Enterprise Strategy Group research data on generative AI in a session at the conference on May 9.
Jon Oltsik is analyst emeritus and founder of TechTarget's Enterprise Strategy Group cybersecurity service. With more than 30 years of technology industry experience, Oltsik is widely recognized as an expert in all aspects of cybersecurity.
Enterprise Strategy Group is a division of TechTarget. Its analysts have business relationships with technology vendors.