Skyhawk Security Taps ChatGPT to Augment Threat Detection
Skyhawk Security today revealed it is employing ChatGPT to add generative artificial intelligence (AI) capabilities to its cloud threat detection and response (CDR) platform at no extra charge.
Skyhawk Security CEO Chen Burshan said in addition to providing textual explanations of the evolution of a security incident discovered by the company’s platform, ChatGPT also makes it possible to augment its mechanism for scoring threats that already employs machine learning algorithms.
The Skyhawk platform already surfaces a graphical storyline, known as an attack sequence, to track threats using machine learning algorithms that track malicious behavior indicators (MBIs). ChatGPT now adds additional parameters that increase the confidence cybersecurity teams can have in that scoring system, said Burshan.
According to Skyhawk’s tests on various datasets, in 78% of cases, the platform produced alerts earlier when adding ChatGPT to the scoring process.
In effect, ChatGPT is adding the capabilities of thousands of security research to help investigate a security incident, said Burshan. Given the chronic shortage of cybersecurity professionals, that capability is critical as threats continue to increase in volume and sophistication, he noted.
Many of those threats are unknown, so the time required to investigate them is also critical; the longer it takes to determine how malicious they are, the more damage is likely to be inflicted, added Burshan.
Cybersecurity teams, like it or not, now find themselves locked in an AI arms race. It’s only a matter of time before more cybercriminals take advantage of generative AI technologies to launch, for example, phishing attacks in increasing volumes that will be more difficult to detect.
It’s not clear what impact AI is likely to have on cybersecurity staffing requirements but, at the very least, the playing field should become more level. Compared to most organizations, cybercriminals have access to many more resources, so AI will likely play a crucial role in augmenting the capabilities of understaffed cybersecurity teams. It may also play a significant role in reducing burnout that results from the amount of time analysts need to spend researching threats that turn out to be false positives, noted Burshan.
In the longer term, cybersecurity teams should expect to see generative AI technologies infused into almost every cybersecurity platform they use. Taking advantage of those capabilities will, naturally, require updates to security operations platforms and processes. Skyhawk Security is betting that, in many cases, organizations will be looking to replace legacy platforms with alternatives that provide these capabilities as a core feature.
Regardless of approach, the way cybersecurity is enforced and managed is fundamentally changing. Machine learning algorithms have already had a significant impact on how threats are discovered and analyzed. Generative AI platforms that leverage data sources from across the Web have the potential to take the way AI is applied to cybersecurity to another level. That doesn’t mean cybersecurity threats will become any less lethal, but it does mean that cybersecurity teams should be able to rely more on machines to do work that there are not enough people to handle.
