Artificial Intelligence and Cyber Security Transformation

In the last year, the lightning-fast introduction of artificial intelligence technologies such as ChatGPT and Bard into our lives has begun to seriously affect both our lifestyle and business processes. People have started to use these tools as personal assistants in their personal lives and professional careers. Considering its impact on individual and corporate productivity, it may be considered normal that this technology has been assimilated so quickly, but as with every new step, it also brings serious risks, especially in cyber security processes.

To summarize briefly;

The Cyber Security world is already dealing with two major problems: First, all companies, no matter what sector they operate in, are forced to build or buy technological solutions to solve their business problems. They also have to invest in different technologies, outsourcing service providers and/or human resources to manage and secure their growing environments. Therefore, the problem called “IT Sprawl” brings risks in terms of cyber security; the cyber security posture in a company is constantly changing and it becomes impossible to manage blind spots in this crowded environment.

Another big problem is human resources. Unfortunately, the technological growth trend I highlighted above does not affect the supply of qualified human resources at the same pace. This is not only in Cyber Security, but also in finding software developers/DBAs, data scientists and even infrastructure managers. Especially the economic conditions in our country and the remote working competence that the pandemic process has integrated into our lives make it even more difficult to find the right resources.

As if all these troubles were not enough, there was also the challenge of “Artificial Intelligence”. Artificial intelligence has proven in this short period that it can be a very useful tool when used for the right purposes. But it’s a weapon, and in the wrong hands it can be just as dangerous. At the moment, any individual who is a little bit tech-savvy can use these tools to become a very dangerous cyber threat, because these technologies are now accessible to everyone. In our country, we have recently become aware of the existence of groups that defraud people by producing synthetic media (deepfake). As a result, cybersecurity teams, already in serious trouble, now have an even tougher job. The worst part is that the cyber security problematic is no longer the concern of only corporate companies, it has become a topic that all small and medium-sized businesses should take precautions.

So what are the transformation steps that need to be taken?

So what are the transformation steps that need to be taken? Unfortunately, traditional methods are not agile enough to be aware of current threats (intelligence), detect vulnerabilities as quickly as possible (detection) and formulate a counter game plan (response).

  1. Unfortunately, traditional methods are not agile enough to be aware of current threats (intelligence), detect vulnerabilities as quickly as possible (detection) and formulate a counter game plan (response). We need to change from a reactive perspective to a Reactive+Proactive hybrid approach.
  2. It is not possible to be 100% proactive due to the nature of cyber security, but it should be the goal of cyber security teams to increase this rate as much as possible. Likewise, it will be the answer to the human resource shortage in the cyber security world by reducing dependence on individuals.
  3. In this crowded environment, the efficient use of independent “intelligence” sources has become more difficult. Maybe you are using the best intelligence services, but it has become even more difficult to answer questions such as what impact it can have on your environment, what actions should be prioritized. Therefore, transitioning to “actionable intelligence” services that are integrated into your cyber security environment and can make the right prioritizations should be one of the most important transformation steps.
  4. As on the “intelligence” side, it is necessary to switch to AI-supported solutions to manage and prioritize the alarms generated in your existing environments, and to prevent getting lost among these logs.
  5. Traditional cyber security solutions inherently utilize existing IT infrastructure. Here, depending on the policies implemented, these infrastructures become a cost item that needs to be managed. Companies cannot respond agilely enough to this infrastructure need due to rising costs. This again leads to blind spots in terms of cyber security. As you know, one blind spot is enough for the attacker to achieve his goal. Therefore, it has become inevitable to design your infrastructure in such a way that there is no blind spot and to benefit from the advantages of cloud computing in terms of unlimited resources, timeliness and cost.
  6. Finally, restructuring intelligent cybersecurity mechanisms to provide methods to analyze data at the edge where it is generated, rather than trying to collect all logs in a central location and analyze them there, has been a critical priority to respond faster to attacks.

Google, the company with the world’s largest attack surface with services such as Search, Android, Chrome and Gmail, has already been managing cyber security processes with the motto “Zero Trust” to protect these environments for years. In 2022, by acquiring Mandiant, one of the world’s largest cyber security consulting firms, it started to signal that it will be a player especially in the next generation cyber security world. By combining the brands such as VirusTotal, BeyondCorp, Chronicle and the consultancy competence of Mandiant, it has combined its cyber security solution set under the “Google Security” brand. So let’s look at how Google aims to respond to the 3 big problems and 6 conversion steps above with this transformation;

Artificial Intelligence will of course be Google’s most important innovation trump card in terms of security. Duet AI was one of the most important announcements that marked the Google Next 23′ event held in August. Google aims to increase productivity by integrating Duet AI into all solutions in its existing portfolio. With the announcement of SecPaLM 2 on the Cyber Security side, Google is trying to create solutions to the 3 major problems I mentioned above. First, it aims to identify vulnerabilities and threats that need to be prioritized in crowded IT infrastructures through the integration of AI-based intelligence and analytics solutions with the experience gained from Google’s vast atay surface and the data collected from solutions such as Mandiant, Chronicle and VirusTotal. Thus, even with limited resources, it is aimed to increase the speed of taking measures by spending energy in the right place.

SecPaLM Figure

With this development, Google aims to simplify the increasingly complex cyber security posture for information technology managers, prevent the dependence on competent human resources, and repel AI-based cyber attacks with the same weapon.

In parallel with these developments, Google has updated its cybersecurity portfolio and now offers a solution set where you can monitor your security posture within the SecOps cycle, manage artificial intelligence-supported intelligence, detection and response processes, and design this structure not only for your Google Cloud environments but also for On-Prem and Multi-Cloud environments.

With this structure, which has been updated as Chronicle Enterprise and Enterprise+, it will be possible to manage logs from a single point (SIEM), make artificial intelligence-based detections on these logs (Chronicle, Mandiant), manage the “Response” operation from a single point (SOAR) and regularly feed this structure with up-to-date threat intelligence (Mandiant, VirusTotal). With this update, Google has updated its pricing policy to be a solution not only for the corporate market but also for small and medium-sized businesses.

If you would like to get more detailed information about the transformation of the Google Security solution portfolio, you can contact us. As Global IT, we are happy to support you.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.