Harnessing AI to improve cyber resilience

Haider Pasha

26 oktober 2023

As organizations build for a digital-first future, an expanding attack surface and complexity of threats continue to increase business risks. For most CIOs and CISOs, two topics continue to dominate discussions with the board: artificial intelligence (AI) and cyber resilience. AI has the potential to disrupt businesses in a positive (or negative) manner, but applied with cybersecurity, it can be a formidable ingredient to achieve levels of cyber resilience unseen before.

Traditionally, cyber resilience was achieved by visualizing business risks, managing the efficacy of our security program, and using a threat-informed approach in responding to incidents. The latter has proven very challenging as attackers use AI to accelerate their mean-time-to-compromise and mean-time-to-exfiltrate, moving from weeks to days to more recently, hours. Additionally, attackers are leveraging new vectors of AI-based attacks, such as malware development, weaponizing recon data, and impersonation attacks using deepfake methods. More specifically, generative AI has helped attackers scale at levels not seen before, with the ability to create well-crafted spear-phishing emails for thousands of victims in minutes versus days.

However, it’s not all bad news.

At Palo Alto Networks, we have been focused on leveraging machine learning (ML) in our cybersecurity technology for several years to build deterministic models focused on targeted, well-defined tasks, with the goal of producing highly accurate and precise actions against threats. We classify our approach as precision AI.

Furthermore, recent developments in using general-purpose models, which generate creative and non-deterministic content using human language prompts (generative AI), can potentially bring about faster detection, proactive protection, and adaptive recovery.

We believe both forms of AI will play pivotal roles in redefining cyber resilience.

With precision AI, for example, embedding AI models inside our next-gen firewalls (NGFW) provides the ability to detect zero-day malware and over 95% of common file attributes. Daily, our NGFWs detect 1.5 million new attacks while blocking 8.6 Billion.

Another example comes within our Secure Access Service Edge (SASE), AI-enabled Autonomous Digital Experience Management (ADEM) service, where the AI model can detect and manage the digital experience of the users and notify IT support on potential challenges before they are even reported.

Within the security operations center (SOC), tools such as Xtended Security Incident Automation Management (XSIAM) help automate and accelerate the entire incident management lifecycle, from detection, investigation, to response. In our own internal SOC, we have seen our mean-time-to-detect average 10 seconds and our mean-time-to-response average 1 minute. By leveraging automation, machine learning, and wider AI models, we can dynamically protect, detect, and respond to the most sophisticated attacks across the network, endpoint, and cloud. Ultimately, we envision a future where AI can block even the most sophisticated of attacks without human intervention.

In parallel, generative AI can help security teams navigate vast amounts of information and use natural language prompts to utilize best practices and accelerate outcomes such as faster troubleshooting and resolution of support tickets. Generative AI can also aid in mimicking real-world cyber threats, providing cybersecurity professionals with valuable, hands-on experience and honing their skills to face evolving threats. We envision a future where this capability will supercharge security teams to be more efficient and effective.

Harnessing the full potential of AI ensures not just a defense against current threats but also prepares us for the challenges of tomorrow. As cyber threats evolve, so too will AI, constantly adapting and ensuring a safer digital ecosystem for all. Moving forward, organizations will require real-time and autonomous security to achieve cyber resilience, and the synergy between AI and cybersecurity promises this resilient digital-first future.

Gerelateerde artikelen

Supply Chain Trends 2024: de digitale revolutie

Supply Chain Trends 2024: de digitale revolutie

Geavanceerde technologieën zetten de wereld van de toeleveringsketen op zijn kop. Met snel evoluerende mogelijkheden op het gebied van generatieve AI, data-analyse, automatisering, machine learning, IoT, blockchain en meer, is de ‘slimme’ toeleveringsketen hard op weg het nieuwe normaal te worden.

De grote uitdaging van duurzaamheidsdata oplossen

De grote uitdaging van duurzaamheidsdata oplossen

Een goed besluit is gebaseerd op goede data. Bedrijven moeten zich dan ook afvragen: hebben we deze data? Hoe krijgen we er toegang toe? Wie is er verantwoordelijk voor? In deze paper delen we hoe CIO’s en datamanagers de uitdaging van duurzaamheidsdata kunnen tackelen.

Hoe moderne DCIM bijdraagt aan het succes van de CIO

Hoe moderne DCIM bijdraagt aan het succes van de CIO

CIO’s spelen steeds vaker een leidende rol bij het digitaliseren van bedrijfsactiviteiten, waardoor zijn of haar positie belangrijker en complexer is geworden. Maar de traditionele rol van de CIO, namelijk het leveren van IT-diensten, vraagt ook meer aandacht door de sterk gedistribueerde, hybride IT omgeving.