The complex relationship between generative AI and cybersecurity has become one of the most discussed topics within the industry. Currently, the main focus is on using AI to improve cybersecurity detection. This makes sense, because the technology has proven extremely effective in this domain. “However, what gets too little attention within this debate is the use of AI for automating responses in the event of large-scale and complex attacks,” Vinod Vasudevan remarks. He is Global CTO MDR & Global Deputy CTO Cybersecurity Services for Eviden, the ATOS business leading in digital transformation, cloud, big data and cybersecurity.
As a result, today’s discussions are missing out on important opportunities. “The advent of generative AI enables a new perspective: we can deploy AI assistants to manage attacks, working together with security analysts. But this means we need to begin looking at AI more as a knowledge base for experts, who can thus learn to respond even better to complex attacks. We should tell that story more often,” Vasudevan states.
Paradigm shift on the horizon
In other words: the use of AI will change the way the cybersecurity field operates in the coming years, requiring a further expansion of its role. For instance, the further roll-out of self-healing endpoints will cause a paradigm shift in managed detection and response (MDR). "Moreover, AI will play an important role in orchestrating the most efficient recovery path for a business after a major cybersecurity incident,” Vasudevan explains.
“This will include the use of AI for determining the Recovery Time Objective (RTO), Recovery Point Objective (RPO), application interdependencies, and business operations linkages, and using this understanding to generate recovery steps for resuming different business lines,” he continues. In fact, this paradigm shift is de facto necessary, as the use of multi-cloud, hybrid infrastructure will be increasingly pushed in the coming years. Recovery paths capable of dealing with such complex reality are by definition built on AI algorithms.
“Approaching this environment through AI will also allow MDR to increasingly focus on prevention in the near future,” Vasudevan says. That preventative approach, even on a day-to-day level, will have a major impact on MDR operations. “A practical example of prevention is the use of policy management in MDR. Because cloud has thousands of configurations that keep changing, a small alteration can potentially lead to costly breaches. It could be as simple as an S3 bucket permission becoming public; this bucket could be storing critical customer information, which the organisation might not even realise. It is therefore important to continuously push configuration policies across all cloud workloads, detect critical configuration changes, and alter the configuration to secure state.”
Countering fragmentation
For this shift to come to fruition, however, the organisation of the cybersecurity sector also requires work. It remains too fragmented, according to Vinod Vasudevan: “Cloud and digital transformation have made the IT landscape dynamic, leading to exploitable opportunities for cybercrime syndicates. Consequently, numerous specialised areas of attack have emerged. Therefore, the market is characterised by a continuous need for innovation, which is met by a large ecosystem of innovative start-ups. This in turn leads to fragmentation.”
So while this fragmentation is a logical consequence of the relative youth of the sector, it must decrease in the near future. “The implementation of innovative architectures such as Cybersecurity Mesh Architecture (CSMA) will contribute to increased maturity,” Vasudevan adds. “In this way, the sector will also be progressively able to meet security and recovery challenges - which will only increase exponentially with the upcoming AI revolution.”
2023: ACTIVITY REPORT OF THE CYBER SECURITY COALITION
