AI is transforming cybersecurity and offering new opportunities and challenges, according to Splunk's Vice President of AI, Hao Yang.
Artificial Intelligence (AI) has become a cornerstone in the field of cybersecurity, evolving rapidly to enhance security measures and streamline operations.
Yang shared insights into this transformative journey during an exclusive interview with TechDay.
He emphasised the long-standing role of machine learning in cybersecurity, noting its progression over the years. "People have been looking at machine learning in the context of cybersecurity for years," he said.
However, Yang pointed out a significant shift in the last couple of years with the advent of large language models. "Now, we have very interesting dynamics from a defensive perspective. The larger models can provide new opportunities to gain insights in noisy environments."
From a defender's viewpoint, Yang highlighted the dual-edged nature of these advancements.
"Generative AI gives you new opportunities to streamline operations and help analysts be more productive," he explained. Yet, the same technologies can be weaponised by malicious actors, creating new threats such as deepfakes.
Yang referenced a recent incident where a person in Hong Kong lost $25 million due to a deepfake, illustrating the growing sophistication of AI-powered attacks.
Splunk's response to these challenges is its Smart AI system for security, integrated within its enterprise security platform. Yang described how this system supports security analysts throughout their investigations.
"It gives security analysts assistance in every step of their investigation," he said.
By summarising relevant data in natural language and generating SQL queries, the system enables analysts to quickly understand and respond to threats. Additionally, it can draft reports, a task often disliked by analysts for its time-consuming nature.
Efficiency and accuracy are crucial in cybersecurity, and Splunk's AI system aims to enhance both. "It's about saving time, but also making your job more efficient," Yang stated. He stressed the importance of AI in identifying subtle threats that might be missed by human analysts.
The challenges in cybersecurity are manifold, especially with the rise of AI-specific threats. Yang discussed the complexities of using AI to protect against these threats.
"Everyone is now thinking about how to use AI to improve customer experience and build new products," he said. However, these applications are data-intensive, increasing the attack surface. He noted the importance of understanding AI-specific threats to protect organisations effectively.
Splunk employs a range of AI capabilities to detect and respond to threats.
"We use models to monitor user and entity behaviour, comparing dynamic baselines to current data," Yang explained. This approach helps identify anomalies that could indicate security breaches.
The integration of AI in threat intelligence and incident response processes is another area where Splunk excels. "Intelligence researchers use AI and ML to detect patterns and summarise data," Yang said. This integration enables faster and more accurate identification of threats.
Staying ahead of emerging cyber threats is a constant endeavour. Yang acknowledged the rapid evolution of the threat landscape, driven by ongoing research and new methods. "The tech landscape is still evolving. There's almost a new publication every week," he remarked. Splunk's strategy involves staying updated with the latest research and incorporating it into their detection and investigation processes.
The collaboration between AI and human expertise is a key principle in Splunk's approach. "AI is a companion, not a replacement for humans," Yang asserted.
He explained that while automation is essential for efficiency, human judgement remains crucial, especially in complex and evolving scenarios. For example, an automated system might flag a CEO's login from an unexpected location as suspicious, but human analysis can provide context, such as travel records, to make an informed decision.
Looking to the future, Yang expressed excitement about embedding AI deeply into all of Splunk's products. "Our strategy is to have AI assist in every product, making workflows easier," he said.
He envisions a unified experience where AI aids users across all platforms.
Yang also touched on the impact of Cisco's acquisition of Splunk. "AI is a core pillar in Cisco's strategy," he noted. "The integration of Cisco's extensive data with Splunk's capabilities promises better outcomes."
"The combination of data from both companies is a true amplifier," he said, highlighting the potential for more customised and effective AI solutions.