How Can Businesses Leverage Artificial Intelligence for Their Own Cyberdefense?

The cybersecurity world has reached an inflection point. As soon as generative artificial intelligence models such as ChatGPT broke into the public eye, the technology’s promise to help defend networks from criminals was matched only by its potential to help the criminals. And while technology companies have recently unveiled an impressive lineup of advanced cybersecurity tools, the number and sophistication of threat actors continues to grow.

Who better to discuss it all with than Jeetu Patel, executive vice president and general manager of security and collaboration for Cisco? A member of Cisco’s senior leadership since 2020, Patel leads the team that builds the company’s security suite and has been vocal about its ambitions for embedding AI in virtually every solution it delivers. He spoke with BizTech Managing Editor Bob Keaveney about the state of security and the future of defense.

BIZTECH:  What’s the state of data security right now?

PATEL: The obvious thing is that attackers are getting more sophisticated, and the attack surface is getting larger. So, especially as more people are working in hybrid environments — sometimes at home, sometimes in the office, sometimes on a secure network, sometimes on a nonsecure network, sometimes on a managed device, sometimes on an unmanaged device — it gets hard for organizations. Adversaries have the advantage.

Click the banner to find out how to prevent phishing attacks.

BIZTECH:  We’ve entered the era of generative AI. What’s the impact on security? 

PATEL: We know that most breaches are initiated on email. Today, it’s relatively easy to discern what’s a phishing attack. You don’t have to be super sophisticated; you just have to be aware and then you start to get it. It’s going to get a lot harder in the future as you have attacks that get much more bespoke and far more personalized. Instead of an email from a fake prince offering you $10 million, it’s going to say, “Hey Bob, nice to see you last night at the game. Here’s a link to some pictures you might want to download.”

Because of generative AI, it’s going to get harder and harder to tell the difference between legitimate activity and a malicious attack. Attackers will get more sophisticated as a result of generative AI, and that’s a bad thing.

On the other hand, generative AI will be used to help simplify the management of security systems. It will play a really big role in detecting breaches and responding, remediating and recovering from breaches.

FIND OUT: Learn what areas of business CISOs should prioritize now.

BIZTECH:  How are you using generative AI in the solutions you’re deploying?

PATEL: I’ll give you an example. We have a Security Operations Center Assistant, which will be available by about the end of the year, which will be able to say, “This pattern of behavior that’s happening right now on your network seems like it could be a breach. We don’t know for a fact that it is a breach, but it could be.” You can then tell the system to take a snapshot of your database. If it is a breach, you could instantly revert back to when the breach was detected. If it’s not a breach, you can just move forward.

Those are the kinds of things I think you’ll be able to use generative AI for: setting policy, creating automation, simplifying things for security analysts.

BIZTECH:  How will companies use AI to make and enforce policies?

PATEL: We’re launching the Policy Assistant, where you can use natural language to say something like, “Hey, Bob’s a new employee. He’s joined the publishing department. Give Bob the rights of an editor.” It will then give you a set of parameters to pick from, allowing Bob to access these resources but not those resources. You pick, you modify, then you say, “Go ahead and verify,” and then it will implement that policy.

Another question is, how do you protect your organization from intellectual property compromise in the era of generative AI? For example, a developer wants to upload a piece of code to a generative AI engine to have it check and debug the code. But your employer may not want you to do that. So, we can detect if something is a piece of code and do data loss prevention on the egress, saying, “This is something you cannot upload to ChatGPT, because that’s against company policy.”

The other side is that the developer might go to a generative AI engine and say, “Write me a piece of code for XYZ.” Your company might have a policy against that too, because of intellectual property rights, attribution, etc. We can now tell you, “This piece of code that you checked in has a 95 percent chance of having been written by AI.”

BIZTECH:  Overall, will AI be a positive thing for security, negative, or a wash?

PATEL: It’ll be a net positive. I’ve thought about this for quite a while because there are people who are quite negative about AI, and I agree that there is a real risk to humanity. Because security is critical infrastructure that protects other critical infrastructure. You have a breach in a hospital, and suddenly someone can’t get a kidney transplant. You have a breach at a power plant and people can’t get power.

So, there is a massive downside risk. And because of that, there will be some degree of exploration of regulation. You can’t wait until the train has left the station on AI. What that regulation will look is something we’re still figuring out.

But even so, I think there will be a bigger positive effect than negative. The productivity gains for humans will be massive. The scientific progress will compound probably at the rate of 500 to 1,000 times. That’s going to have profound implications on quality of life.

BIZTECH:  What should organizations be most concerned with over the next three to five years in terms of security?

PATEL: It’s going to be virtually impossible to handle security attacks at human scale. You’ll have to do it on a machine scale. The volume and sophistication of attacks and the surface area are just too much to deal with. So, on a machine scale, what are the things to be concerned about?

Number one, you have to be able to distinguish between legitimate activity and malicious attacks, and that’s going to get harder to do. The things in AI that create that level of familiarity, and that make it sound like us, you can use that same engine to detect something that was built by generative AI. Still, a lot of people are going to get duped because it feels like a real person talking to you.

Second, as you go into artificial general intelligence — in which the machine is supposed to be able to do anything that a human can do, including understanding human emotion, ambition and desire — that’s going to be even more tricky. We’re still several years away from that, but when that happens, it will get even more complicated.

You then tie in what happens with quantum computing: Every encryption algorithm that you have today could be broken because you can process much faster with quantum computing. And while quantum computing might be a few years away, if adversaries are collecting encrypted data and keeping it until quantum computing becomes real and then decrypting it at that time, you could have a lot of things get into the wrong hands. And that’s already starting to happen.

BIZTECH:  What will the security solution marketplace look like in a few years?

PATEL: The era of point solutions in security is coming to an end. Innovation in security has always been based on patchwork solutions to threats that come up, so before you knew it, there were 3,500 vendors in the market. The average midsize customer has between 50 and 70 vendors, and enterprises probably have 150 different vendors. It’s just untenable to manage that many different companies and policy engines.

The world is moving to a platform-based approach. There will be a few platforms that will share the workload of protecting organizations. You’ll still have a few point solutions, but you’ll have a platform that has a common policy engine and design language that’s easier to use.

I think there will be maybe half a dozen platforms, and those platforms — even though they may not have all the incentive — will have to interoperate with each other. Because the real enemy is not the competitor, it’s the adversary. The industry will have to mature and say, “We’re going to interoperate with each other because that’s what keeps the bad folks out.”

EXPLORE: Improve decision-making with data services.

BIZTECH:  What will drive innovation in a market with so few competitors?

PATEL: I don’t think the point solutions will go away completely, but a company will not have 70 different point solutions. It might have six or 10, and the best ones will rise to the top. I still feel like humans are creative enough that there will always be white space that needs to be solved for, and that’s not going away. But like with any market, you start with fragmentation, and that’s followed by a level of consolidation, and this is going to be no different.