Is platformization key for Generative AI in Cybersecurity?

Organizations need to have the right foundation needed to ensure the best possible implementation and deployment for generative AI in cybersecurity.

As generative AI continues to dominate headlines globally, there are increasing concerns on how cybercriminals are also using the technology to launch more sophisticated attacks on businesses around the world. In Southeast Asia, cybercrime remains a huge problem with businesses continuing to spend a significant amount of their funds on cybersecurity.

However, with cyberthreats now evolving with generative AI, preventing and detecting these threats are becoming a hurdle for most businesses in the region. Given this concern, tech companies are working with governments and businesses to ensure they are well prepared.

For example, during the Singapore International Cyber Week 2024, Cisco signed a Memorandum of Collaboration with the Cyber Security Agency of Singapore to bolster the country’s national security and digital resilience.

For businesses, there is a strong feeling that generative AI in cybersecurity would help them with better threat detection and prevention. While this is a possibility, the reality is, businesses need to understand that using generative AI in cybersecurity requires them to have the right foundation needed to ensure the best possible implementation and deployment.

This basically means getting rid of data silos from existing cybersecurity solutions and finding the right solution that can offer a unified approach to cybersecurity with generative AI at its core.

Removing silos in cybersecurity

According to Anand Raghavan, Cisco’s Vice President of Engineering for AI, organizations want to overcome data silos. He believes that if businesses are collecting data from multiple sources, making sure that the identity of the entity key they are tracking is common and also make sure that the data lineage of the data is common.

“If you are an organization that is building a native AI application, a lot of time and thought needs to be invested in your data strategy first i building a common data platform. If you look at Cisco, that's what we have been doing as well internally in security over the last three years, to come up with that common data platform strategy on which we can build all these AI solutions,” said Raghavan.

In fact, Cisco’s AI Readiness Index report revealed that 80% of all respondents claim some degree of siloed or fragmented data in their organization. This poses a critical challenge as the complexity of integrating data that resides in various sources and making it available for AI implications can impact the ability to leverage the full potential of these applications.

At the same time, 65% of organizations report not having comprehensive policies in place, an area that must be addressed as companies consider and govern all the factors that present a risk in eroding confidence and trust. These factors include data privacy and data sovereignty, and the understanding of and compliance with global regulations. Additionally, close attention must be paid to the concepts of bias, fairness, and transparency in both data and algorithms.

Taking the right approach to generative AI journey in cybersecurity

Referring to the report, Raghavan also mentioned that while a lot of organizations want to empower their employees to start using generative AI, their maturity in terms of preparedness tells another story.

“One of the challenges that our customers face in the security operations center (SOC) today Is the shortage of experienced analysts. Not only are they expensive, but they are also hard to find as there are not enough of them in the market,” said Raghavan.

To deal with this, Raghavan pointed out that a lot of organizations are hiring fresh out of college and bringing them in as tier 1 analysts. However, it's not a simple process.

“The challenge with the tier 1 analysts in the SOC is they are inundated with all these alerts and are finding it difficult to know what to do. Hence, they typically end up going back to the tier 3 analyst all the time for feedback. If that’s not the case, organizations need to build custom training programs to make sure they are trained,” he explained.

Interestingly, Raghavan highlighted that this is a classic scenario where generative AI can help. For example, Cisco’s XDR AI assistant is capable of summarizing incident alerts as soon as it happens for a cybersecurity professional.

“If you are a tier 1 analyst, you can read that and understand about a particular incident that happened at this time and if it was associated with this user. Apart from that, it also tells you what the next best action is, and you can take this to your tier 3 analyst if it needs to get it approved,” he explained.

Is cybersecurity getting platformized?

Raghavan also stated that one of the challenges for organizations today in using generative AI in cybersecurity is making sure that the data they are using to build their conclusions out of is reliable with provenance verified and used in a responsible manner.

“In a world where cybersecurity is getting platformized, companies are thinking about generative AI more globally across multiple products as one platform versus multiple different entities. It is imperative that they understand that AI is in each of the building blocks and how they come together. Many companies are still trying to understand how they should use generative AI in cybersecurity,” explained Raghavan.

Raghavan believes that platformization is increasingly trending because cybersecurity teams are having fatigue to manage so many different products. The siloed environment means these solutions don’t learn from each other.

“The more common data pool in an organization, the better the AI algorithms you can build. The platformization trend is going to continue,” he said.

With that said, Raghavan mentioned that businesses need to look at the kind of guardrails they have in place, which usually falls into a few categories such as safety, security, privacy and relevance.

“It’s the most important and also probably the most difficult thing for organizations. They need to make sure their teams evaluating all these solutions understand the nuances in AI. In almost every organization that I am talking to today, the CISOs are on that learning curve. They’re excited about this and are experimenting with it. It’s the number one step because you need to be aware of everything that is there and be able to ask the right questions,” said Raghavan.

With generative AI only expected to see stronger implementation in organizations, Raghavan believes that organizations need to make sure they are building strategies across security and networking. These joint strategies in AI will help businesses get the most from their generative AI solutions in cybersecurity.

This is also where Raghavan believes Cisco is making its presence in generative AI for cybersecurity strongest.

“In the last 12 to 18 months, Cisco made ten cybersecurity acquisitions. We announced a billion-dollar AI fund earlier this year. Over the next five years, we want to put in a billion dollars into companies that are building AI-focused solutions,” concluded Raghavan.