Generative AI, with its ability to leverage data, has impacted almost every industry. Its impact on cybersecurity has been significant. Collecting, collating and analysing the vast quantities of data coming from end points, network devices and other sources is becoming harder and harder.
Steve Hunter, Director at Arctic Wolf, says AI can be a powerful tool for security analysts and that it won’t replace them.
“AI and large language models have the potential to transform the way the security analyst works. We can apply modern AI tools to help analysts gain rapid context from multiple sources, summarise incidents quickly and reliably, and communicate this effectively to those who need to know.”
Hunter says there is a misconception that human analysts can be replaced by modern AI. Rather, routine tasks that analysts perform will be automated get automated away, so they are free to focus on more complex tasks augmented by modern AI to improve speed, accuracy and efficiency, and deliver a better security operations outcome.
And with cybersecurity skills in short supply, AustCyber forecasts a shortage of 17,000 professionals in Australia by 2026, it can help reduce burnout and staff turnover in security operations centres.
The capabilities of extended detection response systems have been rapidly evolving,
driven by advanced AI capabilities. AI technologies enhance the Security Operations Centre, or SOC, by improving how analysts process and respond to threats.
“For many organisations, the decision to adopt cloud-based XDR platforms is influenced by the need for continual innovation, which is crucial for effective cyber defense,” says Hunter. “These platforms offer the latest AI driven tools and are generally the first to receive updates and new capabilities.”
Generative AI has indeed become a potent tool for cyber attackers, but there is a silver lining. Widespread discussion around technologies like ChatGPT and their coverage in mainstream media means user communities are becoming aware of generative AI’s capabilities, enabling them to understand and engage with the security measures which are crucial for building a cyber resilient organisation.
Cloud based XDR platforms enable security analysts to significantly improve their ability to detect and respond to threats and stop attackers before they can cause harm. This is where AI’s strength for defenders comes to the fore, allowing them to turn the tide against the attackers.
Extended detection and response depends on data to find and respond to threats and attacks. And while threat actors are using generative AI to craft more convincing attacks, organisations can leverage tools to support threat analysts so they can find the threat signal amongst the noise.