By Byron V. Acohido

The art of detecting subtle anomalies, predicting emergent vulnerabilities and remediating novel cyber-attacks is becoming more refined, day by day.

It turns out that the vast datasets churned out by cybersecurity toolsets happen to be tailor-made for ingestion by Generative AI (GenAI) engines and Large Language Models (LLMs.) Leading cybersecurity vendors have recognized this development; and they are innovating clever ways to bring GenAI and LLM to bear.

A prime example comes from Resecurity, a Los Angeles-based cybersecurity vendor that has been helping organizations identify, analyze, and respond to cyber threats since its launch in 2016. Resecurity most recently unveiled Context AI, a new service that enriches threat intelligence, enhances analyst workflows and speeds up decision-making across security operations.

Last Watchdog engaged Shawn Loveland, Chief Operations Officer at Resecurity, to discuss where things stand with respect to GenAI and LLM making an impact in cybersecurity.  Here’s that exchange, edited for clarity and length.

LW: We’re at a very early phase of GenAI and LLM getting integrated into cybersecurity; what’s taking shape?

Loveland: The technology itself is still evolving, and while it shows great potential, it has yet to fully mature in terms of reliability, scalability and security. Additionally, the cybersecurity community needs a more comprehensive understanding and trust regarding how these AI tools can be effectively and safely deployed in real-world environments.

Integrating GenAI and LLMs into cybersecurity frameworks requires overcoming complex challenges, such as ensuring the models can handle the nuances of cyber threats, addressing data privacy concerns, adapting to the dynamic nature of the threat landscape, and dealing with inaccuracies and incomplete data sets that may lead to misleading outputs.

LW: How much potential does GenAI and LLL to be a difference maker in cybersecurity?

Loveland

Loveland: They can potentially revolutionize cybersecurity. Their advanced capabilities in processing vast amounts of data, identifying patterns, and automating responses to threats make them game changers. These AI models can analyze and understand complex data from various sources much faster and more accurately than traditional methods, enabling them to detect anomalies, predict potential threats, and respond to real-time incidents.

This significantly enhances the speed and efficiency of cybersecurity defenses, spanning individual companies and locations. Additionally, GenAI can assist in developing more sophisticated threat simulations and improving incident response strategies by learning from past incidents and continuously adapting to new threat landscapes. As these models evolve, they promise to reduce human error and security operations and provide a more proactive approach to cybersecurity.

LW: Tell us a bit about Resecurity’s implementation.

Loveland: We’ve integrated GenAI and LLM into our services platform. These technologies enable our platform to process and analyze large amounts of structured and unstructured data, empowering our advanced threat intelligence and cybersecurity solutions. Using AI-driven analytics, we’ve automated many routine security tasks and enhanced our threat detection accuracy.

This integration empowers more proactive defense mechanisms, such as real-time monitoring and detecting sophisticated cyber threats that may bypass traditional security measures. Additionally, we have recently introduced Context AI, which allows analysts to interact with our data through an LLM interface to gain further insights into threats targeting their company.

LW: How did the idea for Context AI come about?

Loveland: Traditional security measures continuously fail to identify and respond to new, novel, and sophisticated cyber threats, which are compounded by incomplete dark web data sets, leading to incomplete and inaccurate output by AI.

Context AI created a platform that automatically gathers, analyzes, and correlates vast amounts of data from multiple sources, including the deep dark web, to provide real-time and predictive insights. This enables security teams to make more informed decisions, anticipate potential threats, and proactively defend against them. The goal was to move beyond reactive security measures and empower organizations with the intelligence needed to stay ahead of emerging threats.

LW: Can you share any anecdotes that validate your approach?

Loveland: One organization in the financial sector used Context AI to identify and prevent a sophisticated phishing campaign that targeted their employees. By leveraging the platform’s real-time threat intelligence and contextual analysis, they were able to thwart the attack before it compromised any sensitive data

Another benefit accrued by a healthcare provider was the early detection of potential insider threats, which allowed them to address vulnerabilities and prevent data breaches that could have jeopardized patient privacy.

LW: How do you expect the adoption curve of Context AI to play out, moving forward?

Loveland: As Context AI gains traction, future benefits will include more robust threat prediction capabilities, integration with broader security ecosystems, and the ability to provide tailored industry-specific intelligence. As more organizations experience these advantages and share their success stories, the adoption rate of Context AI will likely accelerate, leading to widespread recognition of its value in cybersecurity.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

August 20th, 2024 | Q & A | Top Stories