By Kathy Gibson – Artificial intelligence (AI) is the term on everyone’s lips in 2024. In the context of cybersecurity, AI is a greater threat than ever before, while also providing new tools for combatting attacks.
Cybersecurity companies need to shift from providing security tools to creating AI-powered cyber security platforms, says Assad Arabi, regional MD: Africa and venture markets at Trend Micro, speaking at the recent Trend World Tour in Johannesburg.
This strategy has to inform how the company is using AI for security; and providing security against AI.
When it comes to using AI to provide robust security, Arabi says Trend is constantly updating its offerings to include new technologies.
“We have been working with AI for two decades now,” he stresses. “What is new is the addition of generative AI (GenAI).”
With AI, machine learning, deep learning, natural language processing and GenAI integrated across disciplines, Trend can now use AI for email detection, computer vision, XDR detection, and cyber risk management.
“Our approach is to focus on not only the technical risk, but the business risk as well,” Arabi says. “We are helping the chief information security officer (CISO) to discuss this with the noard at a level they understand. Otherwise it is challenging for the business to understand why they need to continue investing.”
Trend also provides tools that help the CISO to calculate risk and its impact, with the AI-powered ASRM that optimises risk assessment with GenAI.
AI allows for continuous risk assessment that doesn’t rely solely on past or regular assessments. “This continuous risk assessment is powered by GenAI, which gives you a completely different response,” Arabi says.
The risk assessments are infused with the business context, he adds. “For the first time we are able to calculate the risk your environment is facing by a number – no long good or bad. This is designed to communicate with the board with confidence and clarity.”
This risk could change on the fly depending on what’s happening in the live environment. Importantly, the system also defines what actions that need to be taken to reduce the risk score, Arabi says.
More significantly, the risk score can be presented in actual dollar terms, giving an accurate assessment of the what a cyberattack could cost.
AI also allows the system to map different attack paths, so CISOs can prioritise their actions to mitigate the risks.
Because AI can look at the behaviour of various system components, CISOs can identify risks across the system and start to draw conclusions that might not previously have been obvious.
To be more proactive, AI can now be used to predict possible malware attacks. “This will help the CISO to better utilise their time, and gain a better understanding of the whole environment,” Arabi says.
Trend has also launched a smart companion, the GenAI assistant, advisor and commander that helps CISOs to create a better security stance.
“It is essentially a cybersecurity specialists that can help the team,” Arabi explains.
Through these new releases Trends aims to enrich CISO’s jobs, to let them use their time to focus on high-level tasks, while the AI takes care of routine tasks, Arabi says.
“We are getting closer to autonomous SOC,” Arabi says. “We are not there, but these are major steps towards reaching there.”
The AI Companion gathers data, understands both the context and the data, enriches the threat intelligence, and writes reports with a full analysis. “It lets you reach higher maturity levels when it comes to utilising the resources.”
The other side of AI is how bad actors are using it to launch more effective and deadly attacks than before, and how organisations need to protect against it.
There is a need for CISOs to secure their organisations and their AI journey, and protect against AI-related attacks, Arabi says.
“Employees are actively using AI services,” he points out. Indeed, a Trend survey shows that 99% of employees are already using or considering using AI services.
“When they are using GenAI services, they could sometimes let confidential data out of the environment, or get a response they shouldn’t get. So this is another attack surface where attacks can happen.”
Trend gives CISOs a view of what is happening: monitoring and filtered, with content blocked or regulated.
The other challenge is related to companies’ own AI, being used internally. “This is subject to attack – either to change the content, or to make it unavailable.”
Trend helps to counter this by offering protection for private large language model (LLM) services.
Deepfake attacks are increasingly common, and organisations need to be aware that attacks could be leveraging them. “We have even see attacks using Teams communications using deepfakes,” Arabi says.
Trend has been able to add the ability to detect and protect against deepfakes to its platform. “It is becoming more difficult for us to detect deepfakes as people, but AI can be used to detect them.
“We are among the first security companies recognising these threats, and helping users to detect them.”