The business version of FOMO is real, representing a loss of competitive advantage, especially when it comes to AI. So, organizations are rushing to adopt the latest generative AI tools, but often, they’re finding that they aren’t reaping the benefits they expected. Part of the problem is that everyone wants to immediately do “fancy” things with AI, like enhanced threat detection, accelerated incident response or automated vulnerability management, but those take time. In a rush to apply AI to all manner of systems, organizations can actually waste their AI investments by not doing the proper planning, especially when it comes to preparing the data that should be fueling the AI.
3 Steps to Generative AI-Enabled Security
- Crawl: Lay the right foundation for AI through data storage and governance.
- Walk: Apply AI to the business, tying it to metrics and KPIs.
- Run: Establish the future of AI and security for things like threat mitigation and vulnerability remediation.
Sometimes, simpler is better. It’s the simpler uses of AI that will help you the most today and put your organization on the path to smart and beneficial uses of AI longer-term. To do this, you need the right data foundation. AI is a journey, not a destination, if you want to get it right.
Crawl: Laying the Right Foundation for AI
Everyone wants to jump on the AI bandwagon, but the reality is that you have to crawl before you can run. There are three simple things you can start out with that will help set you up for success with future, more complex endeavors.
Getting the right data is paramount for organizations today. You need to avoid the “garbage in/garbage out” (GIGO) trap. Before implementing AI anywhere in your organization, it’s critical that you gather, correlate and cleanse all the security data that ultimately fuels and trains your AI.
Consequently, you’ll need to store this cleansed data in the right place. Essentially, you need a centralized location to put your downstream data so your organization can access it as needed. Examples of this could be Iceberg, Snowflake or Databricks, to name a few. Data comes from many sources and takes many forms. An enterprise might have more than one data lake or repository, yet step one of regaining control involves centralizing data and providing as much access to it as possible, in alignment with your company’s governance policies. This way, the data can be “raw material” for operational and security needs.
Disconnected data is harder to use, since it’s time-consuming to gather the needed statistics and metrics. Enterprises can use data fabrics to build an updated data architecture, which will simplify the analytics processes but still give everyone access to the data they need and strategic insight from it.
Data fabrics do several important things. For one, they help improve your tools’ current capabilities. They also promote cost control and integrity by simplifying data management early on. They help improve the integration of data and tools and the process of normalizing, enriching, governing and accessing data for authorized users, who must be able to trust the data. It enables you to integrate data to help deliver business intelligence.
The second starting point is using AI to analyze patterns for threat detection. With good data as its foundation, an early and effective use case for generative AI is for threat detection — especially vulnerability validation, prioritization and remediation. In most organizations today, when someone detects unusual data access patterns, it still takes a long time from detection to action, but using generative AI in this way, the time from detection to remediation can be dramatically reduced.
Creating standard response or remediation playbooks is the third example of how to start simply. You can use predefined playbooks for specific types of ransomware attacks or other scenarios to effectively teach AI, and then you can continually redefine your playbooks as the organization grows.
Walk: Applying AI to the Business
You’ve normalized and centralized your data, and now it’s time to apply it to the business. There are three things in this stage to focus on. Number one is to create data sets that are used across the business and considered by all users to adhere to the organization’s standard for “gold-level” data.
Number two is tying metrics and KPIs from the board level all the way down to the engineering level so you don’t have disparate requirements or objectives between each level. Everyone is aligned. You are tying your AI efforts to your executive board requirements and other KPIs. What does the board want to see? How do these numbers tie back to the business?
Number three is taking action on those metrics and KPIs. Depending on what the metric is, you can have people take action manually, and maybe in some automated fashion, but not necessarily using AI. For instance, your dashboard shows you the top 100 critical vulnerabilities in your organization, and you tell your team to address them.
Run: The Future of AI and Data Security
Once you’ve hit the run phase, you have a lot of opportunities.
Autonomous threat mitigation is one possibility to look forward to from a mature AI program. You can implement AI such that as soon as an unusual data access pattern is detected, the system disables it and then triggers an alert. That can help you stay on top of infections and malicious traffic, more so than with the processes in place today.
Using generative AI for vulnerability remediation or for at least parsing through the flood of vulnerabilities in your systems and then letting AI prioritize them is another great use of this technology. But it doesn’t stop there. Now’s the time to get creative.
The AI-Enabled Security Journey Starts Slowly
There’s no longer a distinction between security data and other data. Organizations must adapt quickly so they can make the most of all their data. This entails converting raw, often unmanageable data into cohesive, actionable business intelligence. There’s a lot of hype around AI today, a common phenomenon that accompanies the new and exciting. But the reality when it comes to AI is that the most efficient use of AI typically starts with basic, unglamorous tasks.
Ultimately, generative AI has the potential to help with tasks like vulnerability remediation and prioritization, but before you go big, you should start with more modest goals. Taking the crawl, walk, run approach provides your AI systems with the good data foundation to enable optimized security and business outcomes.
