In the rapidly evolving landscape of cybersecurity, staying ahead of emerging threats requires innovative approaches and cutting-edge technologies. Generative AI stands at the forefront of this transformation, offering unparalleled capabilities to enhance security operations and fortify digital defenses. In a candid interview with F5 experts Mudit Tyagi, Director of Security & Modern Applications, and Ken Arora, Distinguished Engineer, Security Products & Strategy, we delve into the profound impact of Generative AI on shaping the future of security operations. From its role in accelerating AIOps to fostering resilience through AI SecOps integration, this conversation unveils the pivotal role of Generative AI in navigating the complexities of today's threat landscape. Join us as we explore how AI-driven innovations are revolutionizing security paradigms and empowering organizations to stay ahead in an era of relentless cyber threats.
How do you see AI and generative models playing a pivotal role in shaping future innovation within the realm of security operations?
As we enter the year 2024, we find ourselves on the verge of a technological period marked by astounding achievements. One of the emerging technologies that has changed the way we work today is Generative AI. It has transformed the way we create content and gives new approaches to problem-solving. According to a KPMG survey, 65% of CIOs believe generative AI will have a high or extremely high impact on their organization in the next three to five years. Beyond accelerating and assisting employees in analyzing the current situation and recommending specific changes to the security policies, Generative AI also enhances threat detection and response by generating realistic attack scenarios for proactive defense. Its ability to simulate and analyze diverse situations empowers cybersecurity, marking a significant leap in bolstering digital defenses and safeguarding against evolving threats.
One of the ways we see that Generative AI can change the security landscape is by improving the efficiency of AIOps. At F5, we are leveraging it to enhance the user experience, not just in security, but also in app delivery. Previously, user interface started with the Command Line Interface (CLI) and then moved to APIs with declarative configurations. Now, Generative AI offers a more user-friendly approach, using natural language interfaces. By understanding prompts, it generates configurations and automation scripts swiftly. This transformative capability, demonstrated with F5's BIG-IP access, extends beyond basic generation to automation, envisioning dynamic responses to evolving needs. Generative AI promises to reshape AIOps, addressing tomorrow's challenges and amplifying productivity by leveraging AI's capacity for rapid, efficient learning and adaptation.
In today's dynamic business landscape, what drives the need for businesses to adopt and incorporate AI into their products, services, and workflows?
Business have come to understand the potential AI has to improve the efficiency and efficacy of their internal processes, in all areas of business processes, from sales to finance to support, by assisting their employees in their day-to-day tasks. For example, AI can be used to analyse sales by product and geography, to recommend which products to advertise in which markets. Generative AI can be used to create a first draft of marketing collateral that could be used in an ad campaign. In addition, Generative AI can be used to improve customers’ experience with the business, such as via a more capable and friendly cha interface. Businesses realize that they must embrace AI going forward or be at a competitive disadvantage. In the vast field of machine learning, generative AI has recently taken on a substantial and cutting-edge role. ChatGPT, Bard, and Microsoft Bing have quickly emerged to assist content creators, system architects, and software engineers on technical details. A report by McKinsey states that by 2024, more than 50 percent of user touches will be augmented by AI-driven speech, written word, or computer-vision algorithms, while global data creation is projected to grow to more than 180 zettabytes by 2025, up from 64.2 zettabytes in 2020. This is nothing but the result of digitizing the end-to-end subtasks such as responding to a customer support request (summarization, email response, follow-up). And Generative AI plays a key role in digitization by understanding the unstructured data in these subtasks (e.g., summarization of the issue, in the above example) and producing natural language responses (such as a draft email reply).
Generative AI is emerging as a formidable force in this ever-changing field of technology. It is transforming businesses with its ability to give rise to unique outputs and drive innovations. As we progress deeper into the present AI era, it is important to watch out for possible dangers, proactively identify them and develop a resilient system.
Could you elaborate on the importance of integrating AI in the convergence of Security and Observability (AI SecOps)? How does this integration contribute to overall business resilience?
AI SecOps is the integration of artificial intelligence into security operations and observability techniques. It is critical for increasing overall business resilience in the face of changing cybersecurity threats. It allows organizations to detect and prevent possible attacks before they escalate. This integration combines advanced analytics, machine learning, and automation to handle security concerns while ensuring a proactive and adaptive cybersecurity approach. During the forecast period between 2023 and 2029, the India cloud computing market size is projected to grow at a CAGR of 18.37% reaching a value of USD 17.8 billion by 2029. Incorporating AI into cloud solutions will open a world of possibilities, from enabling personalized client experiences to improving operational efficiencies.
With its ability to analyze massive volumes of data and deliver insights quickly, AI is a valuable tool for businesses. However, the integrity and availability of data determine the usefulness of AI. AI can automate routine tasks, reducing labour costs and improving efficiency. It can also analyze operational data to identify inefficiencies and suggest improvements, opening the door to continuous optimization with huge cost-saving potential. AI also enables threat detection for instance, AI can analyse the immense amount of failed login attempts and determine the ones that were benign vs. something that looked like an attempt to compromise an account. Such benefits of AI can be leveraged to redefine the future of business intelligence by converging AI and data modernization.
The ability to analyse large volumes of data, and generate remediation actions automatically, within seconds, will be especially important as move into the era of AI-assisted adversaries. A bad actor, leveraging AI will be able to create a new attack in hours or minutes that will be able to quickly change and adapt to countermeasures. Automated AISecOps will be a must for dealing with these sorts of future attacks.
How can AI SecOps ensure a delicate balance between fostering innovation and ensuring robust security measures for businesses?
Incorporating AI into the DevSecOps lifestyle not only strengthens security, but also streamlines operations and increases developer productivity. AI can enrich Guardrails with real-time threat intelligence, allowing for more dynamic and adaptive security measures. If AI detects a new type of threat, guardrails can be updated to address specific vulnerabilities or risks. Hence, organizations that use AI-powered technologies are better able to detect and respond to threats, predict problems, and offer safe and efficient software.
What proactive steps would you recommend for businesses looking to establish a sound Security Operations (SecOps) framework to fully harness the potential of AI?
As discussed previously, the integrations of AI and SecOps is highly beneficial for business as it revolutionizes the way security professionals interact with threat data. Therefore, to leverage the most of this combination organizations can take the following simple steps to establish sound SecOps and harness the potential of AI:
· Developing a comprehensive AI integration strategy within their SecOps, aligning AI initiatives with overarching business goals.
· Invest in acquiring skilled AI professionals and provide training to existing staff to ensure a competent team capable of implementing and managing AI-driven security measures.
· Upgrade existing infrastructure to support AI implementation, ensuring compatibility and scalability to accommodate the evolving needs of SecOps with the following:
o eBPF: Lightweight Linux tool for telemetry, no kernel mods. Vital for observability and security, prevents suspicious packets, acts as a packet-level router.
o Data: Build a robust data ecosystem to fuel the AI algorithms. Ensure that AIOps teams know what data exists, where it is, and how the data is organized
o APIs: Dominant in security and observability, endpoints for logic and tasks. Pose security challenges, crucial for automating tasks, extend beyond customer apps.
o GraphQL: API query language, reduces data over/under-fetching. Linked to increased API usage, introduces governance challenges, elevates data in app architectures.
o DPUs: Specialized hardware offloads data tasks from CPUs, optimizes for movement and transformation. Enhances performance, reduces bottlenecks, used in data centers, edge computing, and AI/ML.
· Establish robust data governance policies, ensuring compliance with privacy regulations and fostering a secure environment for AI-driven security initiatives.
· Implement a continuous evaluation process to assess the effectiveness of AI in SecOps, fostering a culture of adaptability and refinement to stay ahead of emerging cyber threats.
F5 is actively involved in projects like OPI (Open Programmable Infrastructure) to accelerate the adoption of DPUs. How does this initiative contribute to advancing AI adoption, and what impact do you foresee in the broader tech ecosystem?
We at F5 not only plan to leverage AI, and in particular, generative AI, but aim to make app delivery and security “ridiculously easy.” To achieve this, we are actively working on new ways to incorporate traditional AI—such as the models that drive our bot and fraud detection technologies as well as generative AI.
We believe that AI is evolutionary and will take the capabilities of automation to a new level, leading to increased productivity and efficiency for all roles, but especially those involved in the delivery and security of the apps and APIs that power the digital business.
OPI will simplify network, storage, and security APIs within applications, which would lead to more portable and performant applications in the cloud and data centre across DevOps, SecOps, and NetOps. Therefore, it is important to foster an open ecosystem to collaborate in developing the next-generation architectures and frameworks required to address this need.
With the increase in investment to support open source and the expansion of innovation efforts, how is F5 incorporating various forms of AI to enhance and augment its offerings?
According to F5’s SOAS Report 2023, nearly two-thirds of organizations are prioritizing the use of AI/machine learning, with security as a top use case. CISOs view such capabilities as a means to reduce the time between detection and response without compromising efficacy or requiring additional security staff. In addition to AI-based enhancements for Distributed Cloud API Security, F5 had already introduced AI-driven web application firewall (WAF) capabilities, including unique malicious user detection and mitigation capabilities that create a per-user threat score based on behavioral analysis that determines intent. This enables security operations to choose between alerting or automatic blocking to mitigate an attack that would otherwise go undetected by static signatures. With F5, all traffic is monitored and proactive defenses are applied based on malicious user behavior that can be correlated across Distributed Cloud WAAP deployments. The new functionality also provides false positive suppression, making it easier to block bad traffic without accidentally blocking legitimate users, and streamlines operations by reducing the time necessary to enable sp