GUEST COLUMN by
Artificial intelligence is well on its way to disrupt the world of cybersecurity, but some areas of cybersecurity are more ripe for early disruption than others.
In a recent survey by Insight Partners, security operations (along with AppSec) was ranked as the No. 1 cybersecurity area where chief information security officers are looking to implement generative AI to deliver better outcomes. This comes as little surprise, as AI excels in some of the complex and resource-intensive challenges that have been plaguing security operations for decades, namely:
Though it’s still early days for AI in security, generative AI is already delivering tangible benefits to security operations teams. Here are five use cases that illustrate the practical applications of AI in security operations:
If there is one thing security teams never have enough of when responding to an alert or incident, it’s time. But understanding the lay of the land typically requires sifting through vast amounts of data.
AI can automatically generate concise summaries of security incidents, providing analysts with a quick overview of the situation. This saves valuable time and enables faster triage. In addition, analysts can ask AI assistants to summarize information on-demand. For example, AI can summarize the latest threat intelligence report, or summarize the list of actions taken to address an incident to create an incident report.
Summarization is not limited to initial orientation. For example, let’s say a specific search query returned 10,000 results — AI can quickly generate a summary of these results to help analysts see the forest through the trees.
Investigation is usually the most time-consuming aspect of security operations. Understanding what and how to investigate is far from trivial, and it also often requires generating complex search queries.
AI can assist investigations by enabling natural language search prompts. (Think of prompts that enable defenders to quickly identify anomalous behavior, such as “Show me all users from ‘x’ region who visited ‘xyz’ site last week outside of working hours.”) This eliminates the need for analysts to master complex search syntax, making even junior analysts more effective. More advanced AI assistants can even recommend next steps for an investigation, or automatically surface additional context that the AI model believes is useful for a specific case.
Threat hunting is a complex function that has historically been reserved for highly skilled and mature security operations teams. Threat hunting is complex because it requires a deep understanding of the threat landscape, coupled with an understanding of how to actually hunt for a threat.
AI can make threat hunting more accessible, as it can proactively hunt for threats by identifying patterns and anomalies that might indicate malicious activity. This is especially powerful when AI integrates with a threat intelligence tool to understand the threats, tactics, techniques and procedures, or TTPs, and indicators of compromise, or IOCs, used by threat actors and combines it with a company’s specific security telemetry. A simple prompt such as “Hunt for Makop ransomware on my network” can proactively search and uncover IOCs and TTPs in your data that are known to be associated with this attack.
Creating detection rules and writing playbooks is another SecOps task that has typically been reserved for expert security engineers. It requires mastering the scripting language used by a specific platform, as well as an understanding of what you need to actually detect.
Generative AI can create detection code or playbooks to address new threats. Simply using a prompt such as “Build a detection rule for this case” allows advanced AI assistants to understand the context of the case and create a detection rule to uncover future instances of it. Similar to code generation in other disciplines, don’t expect 100% perfect code right out of the box. But even if AI takes you 70% to 80% of the way, it can be a productivity game-changer.
If threat hunting was historically limited to advanced security operations teams, reverse engineering malware is truly the domain of a handful of elite defenders. Thanks to increased token windows and improved large language models, AI has proved to be extremely effective at malware analysis. For example, advanced AI models were able to reverse engineer complex malware in under a minute — giving security analysts instant insight on how a piece of malware operates and, in certain cases, providing clear and actionable information on the malware’s “kill switch.”
The use cases outlined above are delivering tangible results for security operations teams today, but we’re naturally in the early days of AI, and use cases will undoubtedly evolve as the technology matures. What security teams should start doing today is fostering a culture of AI, and think how they can integrate AI into detection, investigation and response workflows. Here are some easy steps to get started:
The evolution of AI promises to unlock new levels of efficiency, accuracy and proactive defense in the ongoing battle against cyberthreats. As the saying goes, the best time to start was yesterday, the second best time is now.
With more than 20 years of experience in the cybersecurity arena, Chris Corde works as a director of product management at Google, where he runs the Security Operations PM team, which includes Chronicle, Siemplify, VirusTotal and Mandiant. He wrote this article for SiliconANGLE.
THANK YOU
How AI can supercharge security operations
Meta deletes its AI-powered Facebook and Instagram profiles following criticism
US sanctions Chinese cybersecurity company over ties to Flax Typhoon hacking group
Swave raises €27M to develop displays for AR glasses
2024 was Nvidia’s year. In 2025, will it keep the AI juggernaut going?
Nick Clegg steps down as Meta’s global policy chief, replaced with Trump-friendly Joel Kaplan
How AI can supercharge security operations
SECURITY – BY . 1 MIN AGO
Meta deletes its AI-powered Facebook and Instagram profiles following criticism
AI – BY . 2 DAYS AGO
US sanctions Chinese cybersecurity company over ties to Flax Typhoon hacking group
SECURITY – BY . 2 DAYS AGO
Swave raises €27M to develop displays for AR glasses
EMERGING TECH – BY . 2 DAYS AGO
2024 was Nvidia’s year. In 2025, will it keep the AI juggernaut going?
AI – BY . 2 DAYS AGO
Nick Clegg steps down as Meta’s global policy chief, replaced with Trump-friendly Joel Kaplan
POLICY – BY . 3 DAYS AGO
Forgot Password?
Like Free Content? Subscribe to follow.
Français 
English