In cybersecurity, you’ll get questions like:
Do we have Microsoft Outlook vulnerabilities?
Which credentials in my company have been compromised?
Who the heck is Lapsus$?
Many software firms—including SentinelOne, Cybersixgill, eSentire, and CrowdStrike—are offering AI-powered assistants, based on language-learning models, to provide the answers. Firms releasing the promptable features believe that their standout quality will be the unique, often company-specific data used to train the predictive tools.
“The technology for these models is available to everyone, right? And so the differentiator is really going to become, what data do you have?” said Dustin Hillard, CTO at eSentire.
The data being fed to the language-learning models is embedded expertise, including threat reports and findings from a given vendor.
“Your ability to take that and return it back to your customers in a way that they can use for real-time answers is the exciting capability,” Hillard told IT Brew.
Meet the new AI paper clips. CrowdStrike’s “Charlotte,” SentinelOne’s “Purple AI,” eSentire’s “Investigator,” and Cybersixgill’s “IQ”—all announced in the spring of 2023—use their own brand of threat-response alerts and details as their training input. Charlotte pulls from thousands of messages from CrowdStrike’s “OverWatch” threat team; Purple AI can contextualize seemingly unrelated events to provide a more comprehensive analysis; Investigator uses the company’s telemetry from its hundreds of inputs; IQ has knowledge of dark-web data sets.
As many CEOs rush to say “AI” faster and more frequently than their competitors, cybersecurity vendors are rushing to have a super-Clippy of sorts—an assistant that fields natural-language questions. The approach is one that is only as strong as the data being fed into it—and fed into it consistently enough to incorporate new threats.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
A language-based approach gives non-technical users the potential to be a security analyst, without requiring manual expertise like SQL, a language that pulls important information from databases.
“In the past, you might have had to have written a tool or written a bunch of detailed queries and join data together. And this allows you just, via quick, natural language to draft all those complex queries and return the data back in a way that’s summarized and actionable,” Hillard told IT Brew.
Roger! Morgan Wright is the chief security advisor at SentinelOne, but as a former state trooper, he used to say a lot of “10 codes” over the radio—communication protocols meant to indicate a variety of situations efficiently. A 10-4 is “copy that.” A 10-32 could mean“man with a gun” or “defective traffic light,” depending on the area of the country.
Cybersecurity has its own hard-to-decipher language and codes. A patch might be referred to as “CVE-2021-44832.” One strange, scary ransomware group’s name like LockBit or BlackCat may blend into the other. Something like “Log4Shell” might make little sense to someone who just knows that it’s the center of a supply-chain attack.
“When the stuff hits the fan. And I’ve been in those situations, you know what everybody reverts to? Natural language: ‘I need help. I need help now,’” said Wright.
And a growing number of cybersecurity firms want to be ready to respond.