As organizations build for a digital-first future, an expanding attack surface and complexity of threats continue to increase business risks. For most CIOs and CISOs, two topics continue to dominate discussions with the board: artificial intelligence (AI) and cyber resilience. AI has the potential to disrupt businesses in a positive (or negative) manner, but applied with cybersecurity, it can be a formidable ingredient to achieve levels of cyber resilience unseen before.
Traditionally, cyber resilience was achieved by visualizing business risks, managing the efficacy of our security program, and using a threat-informed approach in responding to incidents. The latter has proven very challenging as attackers use AI to accelerate their mean-time-to-compromise and mean-time-to-exfiltrate, moving from weeks to days to more recently, hours. Additionally, attackers are leveraging new vectors of AI-based attacks, such as malware development, weaponizing recon data, and impersonation attacks using deepfake methods. More specifically, generative AI has helped attackers scale at levels not seen before, with the ability to create well-crafted spear-phishing emails for thousands of victims in minutes versus days.
However, it’s not all bad news.
At Palo Alto Networks, we have been focused on leveraging machine learning (ML) in our cybersecurity technology for several years to build deterministic models focused on targeted, well-defined tasks, with the goal of producing highly accurate and precise actions against threats. We classify our approach as precision AI.
Furthermore, recent developments in using general-purpose models, which generate creative and non-deterministic content using human language prompts (generative AI), can potentially bring about faster detection, proactive protection, and adaptive recovery.
We believe both forms of AI will play pivotal roles in redefining cyber resilience.
With precision AI, for example, embedding AI models inside our next-gen firewalls (NGFW) provides the ability to detect zero-day malware and over 95% of common file attributes. Daily, our NGFWs detect 1.5 million new attacks while blocking 8.6 Billion.
Another example comes within our Secure Access Service Edge (SASE), AI-enabled Autonomous Digital Experience Management (ADEM) service, where the AI model can detect and manage the digital experience of the users and notify IT support on potential challenges before they are even reported.
Within the security operations center (SOC), tools such as Xtended Security Incident Automation Management (XSIAM) help automate and accelerate the entire incident management lifecycle, from detection, investigation, to response. In our own internal SOC, we have seen our mean-time-to-detect average 10 seconds and our mean-time-to-response average 1 minute. By leveraging automation, machine learning, and wider AI models, we can dynamically protect, detect, and respond to the most sophisticated attacks across the network, endpoint, and cloud. Ultimately, we envision a future where AI can block even the most sophisticated of attacks without human intervention.
In parallel, generative AI can help security teams navigate vast amounts of information and use natural language prompts to utilize best practices and accelerate outcomes such as faster troubleshooting and resolution of support tickets. Generative AI can also aid in mimicking real-world cyber threats, providing cybersecurity professionals with valuable, hands-on experience and honing their skills to face evolving threats. We envision a future where this capability will supercharge security teams to be more efficient and effective.
Harnessing the full potential of AI ensures not just a defense against current threats but also prepares us for the challenges of tomorrow. As cyber threats evolve, so too will AI, constantly adapting and ensuring a safer digital ecosystem for all. Moving forward, organizations will require real-time and autonomous security to achieve cyber resilience, and the synergy between AI and cybersecurity promises this resilient digital-first future.