ChatGPT is about to revolutionize cybersecurity

Unless you purposely avoid social media or the internet completely, you’ve likely heard about a new AI model called ChatGPT, which is currently open to the public for testing. This allows cybersecurity professionals like me to see how it might be useful to our industry.

The widely available use of machine learning/artificial intelligence (ML/AI) for cybersecurity practitioners is relatively new. One of the most common use cases has been endpoint detection and response (EDR), where ML/AI uses behavior analytics to pinpoint anomalous activities. It can use known good behavior to discern outliers, then identify and kill processes, lock accounts, trigger alerts and more.

Whether it’s used for automating tasks or to assist in building and fine-tuning new ideas, ML/AI can certainly help amplify security efforts or reinforce a sound cybersecurity posture. Let’s look at a few of the possibilities.

AI and its potential in cybersecurity

When I started in cybersecurity as a junior analyst, I was responsible for detecting fraud and security events using Splunk, a security information and event management (SIEM) tool. Splunk has its own language, Search Processing Language (SPL), which can increase in complexity as queries get more advanced.

That context helps to understand the power of ChatGPT, which has already learned SPL and can turn a junior analyst’s prompt into a query in just seconds, significantly lowering the bar for entry. If I asked ChatGPT to write an alert for a brute force attack against Active Directory, it would create the alert and explain the logic behind the query. Since it’s closer to a standard SOC-type alert and not an advanced Splunk search, this can be a perfect guide for a rookie SOC analyst.

Another compelling use case for ChatGPT is automating daily tasks for an overextended IT team. In nearly every environment, the number of stale Active Directory accounts can range from dozens to hundreds. These accounts often have privileged permissions, and while a full privileged access management technology strategy is recommended, businesses may not be able to prioritize its implementation.

Read the Full Story Here

Source: Venture Beat