AI Can Be a Force Multiplier to Automate Threat Hunting
SentinelOne's Evan Davidson on Using AI and Automation for Cyber Defense
The evolving geopolitics in the Asia Pacific and Japan region, and the banding together of nations to form alliances such as the Quad, has attracted the world's attention to this region. Cyberattacks on critical infrastructure have become another means for nations to wage warfare against each other.
See Also: Accelerate Your SD-WAN Journey
Countries that are adept with AI skills are leveraging them for cyber offense strategies. Adversaries now employ hackers with AI skills to conduct attacks on critical infrastructure.
With the advent of ChatGPT and similar technologies, it is no longer necessary for hackers to have deep technical skills to conduct these attacks, making attacks more sophisticated and frequent. Organizations must leverage AI and automation to combat such emerging threats.
ISMG spoke with Evan Davidson, vice president of Asia Pacific Japan at SentinelOne, to discuss how the company is investing in AI and related technologies to help fortify its defenses against sophisticated attacks.
Edited excerpts follow:
It's always been a cat-and-mouse game between defenders and attackers. Where is this heading today?
Cyber is always going to be an arms race. You create a defensive capability, the offensive improves, and the defense has to improve. Then the defensive capability improves, and this cycle repeats. What has changed is the entry barrier.
In the past, the barrier to entry [for hacking] was high. Hackers needed toolsets and they needed to be incredibly technically minded. They needed to invest a lot of time, energy and money.
And then you saw things like ransomware-as-a-service come out, which democratized access to some of these tools. So you don't need to create them; you could just buy them. And AI tools such as ChatGPT have further democratized [the use of] these tools. So the sophistication is increasing, but the barrier to entry is decreasing.
You'll see defenders leveraging that technology even harder to be able to bridge the gap. But attackers are moving in that direction as well. So the arms race has gone to the next level.
Why are we behind the attackers in this game? How can AI help?
We are lacking in cyber skills, and there's a known global deficiency in terms of the people and resources we need to be able to do this type of work. And we're not moving at the same pace as attackers.
So AI has to be a force multiplier to help us automate and to provide the insight capability response to make humans even more efficient and effective than they are today.
AI has to be looked at in different ways within the context of a cyber position. So we will continue to leverage AI significantly and advance our models on the detection and prevention, but also on correlation. How do we identify an attack as it gets more sophisticated? How do we ensure that we can provide even more insight that that particular process or activity that's occurring can be linked to a threat actor?
Because what's important is you don't want to generate noise; you need to generate meaningful information that you can act upon.
How is SentinelOne investing in AI and related technologies for cyber defense?
One of the areas that we are looking at with our natural language models is the use of complex query languages. Analysts typically need to be able to write and simplify that using more natural language.
I think that significantly enhances the skill sets of individuals because we can allow those people to not have to invest so much time in crafting this skill. They can use a more natural human exchange with defense strategies like threat hunting.
For instance, doing a particular query for PowerShell [using natural language] used to be more complex. But now it can save 10 or 15 minutes, and when you multiply that by hundreds of alerts, that's hours saved. When you have an individual [for this task], that's incredibly important.
So we're looking [at areas] where AI can play in within different parts of cyber - the cyber community, prevention, detection and threat hunting. And respond to automation when things happen. How do we use AI to drive that kind of automated process?
Davidson has more than 25 years of experience in IT and security domains. Prior to SentinelOne, he worked in senior leadership roles at Cylance and FireEye, where he established a go-to-market strategy for the region’s enterprise segment.
