At Cisco Live 2024 in Amsterdam, the company announced its latest solutions for networking, cloud, and cybersecurity.
Jeetu Patel, vice president and general manager of Cisco's Security Collaboration and Business Unit, said in his keynote that fragmented solutions are a thing of the past and that cloud environments have a “zero trust, zero friction” base. emphasized the need for an integrated platform.
But one of the key issues facing SOCs and CISOs today is not cyber defense, but communication. Specifically, communicate the needs, concerns, and risks facing the security team to the C-suite and executive level.
This is an area that AJ Shipley, Vice President of Products – Threat Detection and Response, is very passionate about, and one where there are great use cases for artificial intelligence and large-scale language models (LLM).
Exploring the realm of security professionals
Traditionally, when responding to a threat or breach, security teams translate highly technical metrics, metrics, and timestamps into easy-to-understand, concise reports that can be passed to executives to understand how the business was impacted. I needed to make sure I got it right.
This is a time-consuming process, especially in the immediate aftermath of a breach when your security team's time could be better spent on incident response and data recovery. A quick response is an effective response, and this is where AI and LLM can save critical time.
Cisco's Extended Detection & Response (XDR) platform provides just that. “The same set of technical indicators and timestamps, what the industry calls tactics, techniques and procedures (TTPs), credential dumping, or push bombing or lateral movement,” Shipley said.
“We can take those and feed them into a big language model and say, ‘Tell me what happened in four paragraphs,’ and we get four very human-readable paragraphs based on timestamps. You can spit it out.”
Shipley said LLM can determine where an incident occurred, which machines were communicating with each other, the connections used, and what privileges were elevated through the process, allowing reports that could normally take hours to complete. Explain that you can provide it to your security team in seconds.
A key concern for security teams is that the LLM simplifies advanced terminology and can compromise the accuracy of the writing, but Shipley says that even people with no interest in security can “read it and understand it. ” I assure you. With a high degree of precision, you know exactly what's going on. ”
Metrics related to the security field are critical to understanding where and how attacks occur, but the highly specific industry terminology doesn't translate well to anyone but expert knowledge.
“I've spent my entire career in the security field. For too long, it's been kind of the exclusive domain of security professionals. It's like black magic, so to speak, or you can't get in without a secret handshake. It's like a secret club where you can't do anything.
“Ultimately, I think understanding leads to better decisions, faster decisions, and that benefits all of us.”
