Corelight, a pioneer in open network detection and response (NDR), published a new research paper highlighting the strong divide among European IT pioneers over the suitability of generative AI (GenAI) for use by their cybersecurity teams.
The latest study has found that, although 46% of respondents state that they are proactively looking at how to incorporate the technology in their cybersecurity approaches, 44% also believe that the sensitive nature of the data involved – along with engrained enterprise silos – will in fact make it difficult to use GenAI. Of the approximately one-third of responding organisations not currently using GenAI technology for threat detection and response, 37% cite C-suite concerns as the reason.
AI-powered products
“Our research highlights a fair degree of market scepticism and a clear need for further education, particularly amongst C-level executive teams,” says Matt Ellison, Technical Director of EMEA, Corelight. “However, we know that GenAI will give SOC teams a major boost in delivering the insights analysts need to enhance productivity and bridge skills gaps.”
He continued: “Security vendors must work hard to build sufficient guardrails into their AI-powered products, so more organisations can enhance threat detection and response with this transformative technology.”
Perception of GenAI
Corelight found European ITDMs were split down the hub in their perception of GenAI
Corelight found European ITDMs (IT Decision Makers) were split down the middle in their perception of GenAI use for cybersecurity and exactly half (50%) of the responding ITDMs believed GenAI would have the biggest impact on providing alert context and analysis. They also cite the following potential use cases:
- Maintaining compliance policies (41%)
- Recommending best practices on domain-specific languages like identity and access management policy (36%)
- Unstructured vulnerability information (35%)
- Providing remediation guidance (35%)
- Unstructured network connection and process information (32%)
Implementation of GenAI
A further 28% plan to incorporate these abilities into more use cases in the future
Alongside some clear concerns and question marks about the practical use and implementation of GenAI in a security environment, 68% of respondents with dedicated threat hunters say it’s already helping their threat detection and protection efforts. A further 28% plan to incorporate these capabilities into more use cases in the future.
Despite the legitimate concerns of many European ITDMs, many have a positive view of the future. More than 40% of respondents claim AI and automation are central to creating “the perfect security formula”.
Interact with the GenAI model
“Generative AI has been successfully applied for alert enrichment and contextualisation, providing SOC analysts with enhanced incident response capabilities,” added Ignacio Arnoldo, Director of Data Science, Corelight. He continued: “GenAI's adoption is hindered by concerns over data confidentiality and model accuracy. As models improve in overall reasoning capacity and cybersecurity knowledge, and as more LLM deployments include structural privacy protections, GenAI is set to become integral to security operations.”
Corelight helps customers mitigate data protection concerns by establishing a functional firewall so that customer-specific data cannot interact with the GenAI model. Pre-vetted GenAI prompts are used to contextualise alerts and provide analysts with investigative recommendations.