Google this week announced it is adding security data to the generative artificial intelligence platform it has developed to automate a wide range of IT tasks.
Announced at the Google Cloud Next conference, the security capabilities being added to Duet AI for Google Cloud can, for example, provide summaries of the prevalent tactics, techniques and procedures (TTPs) discovered using Mandian Threat Intelligence that can be surfaced via a natural language interface. Through the Mandiant Security Command Center, Duet AI also enables near-instant analysis of security findings and possible attack paths to make it simpler for IT teams to implement the most effective controls.
At the same time, Google also previewed Mandiant Hunt for Chronicle, a managed threat hunting service delivered by Google cybersecurity experts. Mandiant Hunt for Chronicle uses a suite of analytics applications that access data collected by both Google and individual organizations. Chronicle allows customers to ingest their security data and store it for 12 months by default.
Kevin Mandia, CEO for Google Mandiant, told conference attendees that Mandiant Hunt for Chronicle is the equivalent of adding thousands of security experts to an organization overnight.
Like most managed security services providers (MSSPs), Google Mandiant is looking to fill the void left by the chronic shortage of cybersecurity expertise. The Google Mandiant approach differs in that, in addition to hiring cybersecurity professionals, it augments staff with AI technologies and data science techniques that the average cybersecurity team today is not able to access.
The issue that many organizations will eventually confront in the age of AI is whether to rely on internal versus external expertise. There is no doubt that AI will soon be pervasively embedded across a wide range of cybersecurity platforms mainly hosted in the cloud. Less clear is how much those platforms will be able to automate cybersecurity tasks so that an internal IT team can combat the threats as they increase in both volume and sophistication.
In the immediate future, most organizations will likely rely on a mix of internal and external cybersecurity expertise, but which types of tasks will be assigned to which party may vary from one organization to another.
In the meantime, cybersecurity professionals need to assume their rivals are also investing in AI. The challenge is that the amount of time cybersecurity teams will have to put an effective defense in place to minimize the scope of a breach is now falling from hours and days to minutes and seconds. The level of automation required to achieve that goal is generally well beyond the capabilities of most legacy cybersecurity platforms, so the cost of an AI arms race will be significant. Many organizations may decide to absorb that cost as an operational expense via a service rather than a capital expense.
One way or another, cybersecurity is about to be utterly transformed by AI. The only issue that remains to be seen now is the extent.
Recent Articles By Author
Click Here For The Original Source.
