Teams from the Security Operations team are experiencing the speed at which attackers can reinvent their tactics to automate attacks on multiple devices and do everything they can to breach their targets’ cyber defenses. The attackers are never-ending. They view holidays, for example, as an excellent opportunity to breach an organization’s security defenses. In the end, SecOps teams are available 24/7, including weekends and holidays, fighting burnout, alert fatigue, burnout, and the absence of the balance they need in their work lives. It’s as brutal as it is.
According to the CISO of a renowned company in the field of financial and insurance stated to VentureBeat, “Since hackers constantly alter their methods of attack, SecOps teams are under constant pressure to defend our company from threats that are constantly evolving. I’ve observed that when teams are overworked and use siloed technologies, they have to more than double or triple the time … in order to block any attacks.”
ChatGPT has the potential to close the SecOps gap
One of the most significant challenges of managing a SecOps team is gaining the scale of older systems that generate a distinct type of alarm, alert, and live data stream. There are many holes created due to this need for integration. One of the most significant and abused is the inability to determine which identity is authorized to use the specific endpoint and, if it is, what duration. Systems that combine endpoints and identities can help establish the future of zero-trust, and ChatGPT has the potential to help identify the gaps in identity-based endpoints — as well as numerous other threat surfaces at risk.
Attackers are re-tuning their strategies to take advantage of these weaknesses. SecOps teams are aware and have taken steps to strengthen their security. They’ve put least-privileged access to work, recording and monitoring all endpoint activities and enforcing authentication. Eliminating invalid passwords to Active Directory and other identity and access management systems (IAM). In the end, hackers are chasing identities, and CISOs should be on guard to ensure IAM systems are up-to-date and secure to withstand threats.
However, SecOps teams face other issues, such as improving threat intelligence, providing real-time information on threat trends across each Security Operations Center (SOC), decreasing alarm fatigue and false positives, and combining their different tools. These are all areas where ChatGPT can help SecOps teams to improve their security.
Consolidating tools from different vendors is helping to close the gap between identity and endpoint. It gives a uniform view of all threat sources and possible attack vectors. “We’re seeing customers say, ‘I want a consolidated approach because economically or through staffing, I just can’t handle the complexity of all these different systems and tools,'” Kapil Raina, Vice President for Zero Trust identity cloud and observability at CrowdStrike spoke to VentureBeat in an interview recently.
“We’ve had a number of use cases,” Raina stated, “where customers have saved money so they’re able to consolidate their tools, which allows them to have better visibility into their attack story, and their threat graph makes it simpler to act upon and lower the risk through internal operations or overhead that would otherwise slow down the response.”
The lessons learned from piloting generative AI and ChatGPT
One thing CISOs who pilot the ChatGPT system for SecOps have learned, according to VentureBeat that they have to be meticulous in ensuring data is sanitized and governance correct even if it results in delays to internal tests or the launch.
They’ve also been able to pick the applications that are most beneficial to the company’s goals and determine how these contributions are considered in determining success.
Thirdly, they need to create repeatable workflows using tools to confirm the alerts and incidents ChatGPT reports to determine which alerts are valid and which are false positives.
Strategies SecOps teams can improve security with ChatGPT
It’s crucial to understand whether and how investing in ChatGPT-based services enhances the need for zero-trust security and, from the point of view of the board, it improves risk management.
The CISO for a major firm in financial services said to VentureBeat that it’s advisable to only look at cybersecurity companies with big languages model (LLMs). They don’t advise using ChatGPT as it does not forget any information, data, or threat analyses, making its use within the company a security threat.
Airgap Networks, for example, has launched their Zero Trust Firewall (ZTFW) along with ThreatGPT, which uses graph databases and GPT-3 models to assist SecOps teams in gaining fresh information about threats. The GPT-3 models analyze natural language queries and can identify security risks, while graph databases offer contextual information about the relationships between endpoints and traffic. Other alternatives are Cisco Security Cloud and CrowdStrike CharlotteAI, whose services will be available to each customer on Falcon. Falcon platform.
Other suppliers are Google Cloud Security AI Workbench, Microsoft Security Copilot, Mostly AI, Recorded Future, SecurityScorecard, SentinelOne, Veracode, ZeroFox, and Zscaler. Zscaler has announced three innovative AI projects that are in the process of being tested at Zenith Zenith Live 2023 event the month before in Las Vegas.
Here are ten ways ChatGPT helps SecOps teams build stronger cyber defenses against the avalanche of threats, including ransomware, which grew by 40% percent over the past year.
Detection engineering is proven to be a powerful application
Detection engineering is based on the real-time detection of security threats and responses. CISOs who are running pilots say their SecOps teams can detect and respond to threat alerts and even can respond to LLMs learning from real threat alerts that are not false positives. ChatGPT has proven effective in automating basic detection engineering tasks and freeing SecOps teams to study more intricate alert patterns.
