It's been a few weeks since the major CrowdStrike outages, and as a result there are many concerns around AI within cybersecurity. Can it cause major outages? How is it really being used today? Can it be leveraged to make money?
The recent CrowdStrike outage that happened had absolutely nothing to do with AI. It had to do with legacy file updates that were leveraged to find threats and one had a conflict with the Microsoft operating systems. AI has been leveraged in cybersecurity for several years now. This is not the Large Language Model AI like ChatGPT, but more accepted uses of the technology, including:
- Supervised Machine Learning. This is where cybersecurity tools can be fed thousands of samples of malware and ransomware so they can be trained to spot new ones. This is very effective and has a high efficacy when it blocks or contains a file.
- Unsupervised Machine Learning. This where the AI baselines activity. When does the user normally log in? Where do they normally log in from? How much data do they typically transfer in a day? These are all things that can be baselined leveraging AI and when something anomalous happens they can alert on it — great for user behavior analytics.
- Graph Machine Learning. This is a newer use of machine learning where it can be trained to connect related alerts into incidents. This has been used by a few companies but we expect broader adoption of the next few years.
- Large Language Models. These are the new search bars that everyone is developing in their tools so you can ask a natural language question and get a simple answer back to your question. In the past this has been done with things like Lucene, but LLM's take this to the next level.
All of these uses of AI in the cybersecurity space significantly improve a level one analyst's time to respond to an issue, they reduce the noise they need to sift through, and they can provide updated remediation advice from threat intelligence providers and the web. In that way the efficiency that partners and customers are gaining from these use cases is driving significant reduction in cost. As the frontrunners get more mature, we expect them to also be the big winners of market share from the providers that do not.
Guest blog courtesy of Stellar Cyber. Read more Stellar Cyber guest blogs and news here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.