Apart from scanning large amounts of data for potential threats, the technology helps sniff out anomalies. By analyzing patterns and behavior, GenAI can identify suspicious activities, a skill well recognized by Darktrace, a cybersecurity company that uses GenAI to understand common network behavior and identify deviations.
“GenAI can effectively handle many of the tasks normally performed by level-one security operations center (SOC) analysts,” said Kashifuddin. “This allows analysts to focus on the best ways to protect the Internet. GenAI can examine predefined detection rules used by SOC analysts, identify any gaps, and discover new types of attacks that analysts may have missed. Additionally, GenAI can learn to recognize spear phishing attempts and spot patterns and anomalies that signature-based identification systems ignore.”
GenAI can also play an important role in automated incident response. Barros believes that the incident investigation and response functions are so far the most advanced with GenAI. “During the investigation, analysts find and consult multiple sources of information to get a clear picture of what is happening in their area,” he said. “GenAI was able to transform the data obtained from all those sources into a coherent, readable, and understandable story, reducing the cognitive burden on the analyst and speeding up the process of understanding the attack and its implications.”
Source link