Transforming Threat Hunting with Generative AI
Вставка
- Опубліковано 1 тра 2024
- In this Think Tank event, hosted by The Hive, a panel of experts in threat intelligence and hunting discuss the transformative impact of generative AI in threat hunting. Threat hunting has emerged as a critical piece of enterprise cybersecurity for actively discovering new unknown threats, as a decade-long proliferation of rules-based detection tools has failed to dent the average 277 days time needed to detect breaches. Traditional detection tool vendors are struggling to keep pace with the explosive growth in the number and vertical-specialization of new threats. This is further exacerbated by a steep drop in the time taken by threat actors to breach, which came down to minutes in 2023 necessitating near real-time threat hunting. In addition, globally organized attack-as-a-service providers regularly subvert hardwired indicators of compromise (IOCs) by constantly shifting their attack behaviors. Dystopian applications of AI to generate new attacks will only make this far worse in the near future. Enterprise SOCs find themselves thoroughly understaffed to deal with this dire situation.
The cybersecurity industry is responding to this challenge with near real-time threat hunting services which give enterprises access to highly specialized security researchers and threat hunters. Threat intelligence aggregators give enterprise SOCs access to near real-time security research and analysis that track shifts in the threat landscape. The recent advent of generative AI is giving a much needed fillip to threat hunting by enabling threat hunters to reason over unlimited amount of security research using pre-trained language models. Innovative startups are delivering generative AI powered threat hunting products that can detect, identify and contain new threats within minutes with minimal human intervention. Traditional detection engineering is going through transformation as near real-time AI-generated rules displace hardwired cybersecurity tools and generative AI powered lightning-speed response times counter threat actors’ accelerated time-to-breach.
