WEBINAR | A Deep-Dive into 2023 Cyber Threats
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
April 25, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
Editor’s note: This is part three of a series on generative AI in cybersecurity.
Part one: Understanding and Leveraging Generative AI in Cybersecurity
Part two: The Intersection of Generative AI and Cybersecurity
Part four: CISO’s Guide: Six Steps to Start Adopting AI
As discussed in parts 1 and 2 of this series, generative AI has the potential to supercharge security operations. The benefits of applying AI can affect the full threat detection, investigation, and response lifecycle. As your organization looks to take advantage of this emerging technology, you should consider three key questions:
In this blog, we’ll explore these questions and their implications for security operations.
There are two approaches to implementing a generative AI solution for security operations: build your own or pay for a third-party solution. Making this choice requires careful consideration. The primary factors in play here are cost, risk, and accuracy.
Cost areas fall into two buckets: expertise and operations.
Risk is primarily focused on data—both in determining whether you have the right data to train the models and in maintaining the privacy of that data. In the context of security operations, this data may include historical incidents, high-value targets, network topologies, standard operating procedures, and more. Generally, this information is stored in a variety of different formats or may not be documented very well to begin with. As with any sensitive data, you must consider the privacy implications of sharing it with an untrusted partner or sending it to an external, generic model for processing and storage. There is an additional risk to consider in regulatory pressure, but it is not something we will be delving into within this blog.
Accuracy is a critical factor in any data science project, especially when it involves generative AI. As we discussed previously in this series, generative AI models have the potential to “hallucinate,” or essentially make up answers. While these hallucinations may take several forms, ultimately, they impact the model’s accuracy and the organization’s ability to trust its output.
Unfortunately, the reality is that 50% accuracy isn’t good enough. If the model is only correct half the time, it’s essentially useless in real-world applications. There’s a very high bar that must be met for the model to provide any value, and its accuracy must be continuously validated to ensure it remains above a specified threshold.
When deciding between building your own generative AI solution or leveraging a third-party platform, you should first conduct a cost-benefit analysis. If you have the right in-house resources and expertise to create a tailored solution that meets your specific needs, then building it yourself might be the right option. However, if you lack resources or expertise, or if your cybersecurity needs are more general, choosing a third-party solution can save time, money, and effort. Ultimately, you must weigh the pros and cons based on cost, risk, accuracy, and your organization’s individual needs.
Having decided whether to build a solution in-house or purchase a third-party tool, you’ll now need to consider the underlying models being used. These can be broken into two categories: generic and customized. Generic models, such as GPT4, have been widely adopted as they are shared, publicly available resources. On the other hand, customized models are dedicated instances, hosted either locally or in your private cloud environment, and trained to increase accuracy for specific tasks.
Foundation models are the core building block to generative AI. Each model has a unique set of advantages and disadvantages. These all depend on how the model was built—the number of tokens, number of parameters, and the quantity and quality of the training data. Generally, larger foundation models provide more versatility (can be adapted to many use cases) but come at a higher operating cost and cannot be fine-tuned.
One workaround is to take a smaller, open-source model and conduct additional training to refine its output. This is what we mean by a “customized” model, as you can train it on an internal data set and for a particular use case. A significant benefit to customized models is the ability to infuse them with the institutional knowledge of your organization. Depending on the use case, it may make sense to have multiple customized models, all tuned for very specific tasks.
Let’s review several examples of when it makes sense to leverage both generic and customized models within the context of security operations.
Ultimately, models drive output and deliver the desired outcomes. With all the hype around generative AI and LLMs, not enough attention has been placed on the foundational components, including the underlying models. Both generic and customized models can provide value, but they must be used effectively. A hybrid, multi-model approach is likely best for complex use cases, though finding the right balance will be largely dependent on the task at hand.
“With great power comes great responsibility.” Generative AI may not have much in common with Spider-Man, but this saying holds true. Leveraging AI technology responsibly requires careful consideration of the following:
As generative AI becomes further ingrained within daily operations and business-critical applications, validating its output becomes ever more necessary. To validate your output, you may want to determine a grading rubric to identify what “good” looks like, including measures of both accuracy and completeness. You could also deploy a second grading model that has the sole purpose of generating these scores. To combat hallucinations, you should incorporate detection and removal of into the larger workflow. This process will essentially compare input and output pairs, checking for anomalies and responding accordingly.
One of generative AI’s greatest abilities is to ingest, synthesize, and reference massive amounts of data. While incredibly useful, this ability can also pose a significant risk.
To improve data security, avoid using free platforms like ChatGPT, particularly for sensitive information. Instead, you can use either generic or customized models, provided they are dedicated instances rather than a shared resource. This further mitigates the risk of potential data leakage.
Ultimately, the objective of any generative AI project should be to benefit the organization in a clear, measurable way. For security operations specifically, this may take the form of increased analyst efficiency, improved threat detection, and reduced MTTR. This can either be measured against historical data or achieved through A/B testing with a subset of users. User feedback is extremely valuable as it increases buy-in and overall adoption. This feedback can also be used for reinforcement learning and further fine-tuning of the models.
Generative AI can greatly improve security operations by speeding up threat detection, investigation, and response. When creating an AI strategy, consider aspects such as building your own solution or using a third-party platform, selecting between generic or customized models, and handling AI-related risks. Due to the expenses, challenges, and risks of developing a generative AI strategy and building it yourself, most organizations are likely to benefit from adopting a security operations platform infused with generative AI, such as ReliaQuest GreyMatter. This approach saves time and while ensuring you follow best practices in this evolving field.
Get a live demo of our security operations platform, GreyMatter, and learn how you can improve visibility, reduce complexity, and manage risk in your organization.