Integrating, Instead of Disrupting: How AI Will Impact Security

When powerful new technologies hit the market, a lot can change quickly. Cybersecurity professionals have seen this play out multiple times within the last decade — first, when new tools and functions leveraged machine learning and deep learning capabilities, then when zero trust was introduced as an industry-wide best practice and numerous products were rolled out to support it.

So as artificial intelligence (AI) — particularly generative AI — becomes increasingly adopted by organizations across the globe, the security operations center (SOC) will be bracing for the changes it brings, while also considering how these tools can augment and optimize threat detection, investigation, and response (TDIR).

But here’s the thing: it’s vital for security leaders to be very intentional about minding their gaps and identifying where such solutions can deliver legitimate value.

Security leaders are people leaders

A helpful question is, “How can these new AI technologies empower the SOC and the people who work in it?” After all, while machines are great at spotting anomalies in enormous data flows, it’s up to humans to use their knowledge, judgment, and critical thinking skills to understand which flags represent real risks.

Generative AI may have limited applications on the frontlines of threat detection right now — but how might they support investigations and responses?

Already, experts are exploring the potential for large language models (LLMs) and natural language processing (NLP) — two critical technologies behind generative AI — to enable analysts to ask questions and search logs in plain terms rather than highly technical queries. These tools also hold great promise for providing analysts with simple yet detailed threat summaries and explainers, as well as generating dynamic response playbooks.

Ultimately, new tools will almost certainly prove helpful for automating and expediting the routine and tedious aspects of security operations so that the team can do the work that actually demands their creativity and ingenuity.

It’s also worth remembering that new skill sets — from training models to prompting algorithms — will be relevant in a security industry impacted by generative AI. Leaders need to help their people level up, and foster the knowledge and capabilities that will allow them to grow in their careers.

Steer clear of the hype

We already mentioned how the early days of deep learning and the establishment of zero trust as a best practice brought a wave of new products. Everyone working in cybersecurity at the time will remember that many of those products were built on little more than big promises and clever marketing without actually contributing to the SOC’s mandate in any meaningful way.

History is bound to repeat as startups and incumbents seek to capitalize on the excitement surrounding generative AI and the pressure for organizations to position themselves as early adopters. Vendor expertise, internal processes, and their solutions must be vetted conscientiously to ensure those “solutions” actually solve real needs.

The toolkit of tomorrow

As discussed already, there are a lot of potential applications for new AI in the SOC — such as automated decision support, simplified queries, and summaries and explainers that can help security and non-security personnel better communicate threats and their impacts.

Beyond that, researchers have already begun to see how generative AI can support end-to-end penetration testing so that defenders can test their systems against realistic attacks without any actual risk. Through leveraging a combination of historical patterns and predictive analytics, advanced AI could also have applications in proactive threat hunting or enhancing dashboards and data visualizations to glean deeper insights.

The future is complex — but remember, the goal of a great leader is to be a great simplifier. Focus on your areas of potential improvement for your people and operations, and let that inform how you assess and adopt AI. At this point, it’s alright if you have more questions than answers, and the CISO’s Guide to the AI Opportunity in Security Operations can help provide the context you’re looking for.