Generative AI will play a role in the future of incident response. It will be used in EDR tools and vulnerability scanners and to enhance security analytics, correlation and the detection of phishing and fraud campaigns, and it will be used to automate SOAR solutions.
But use ChatGPT for high-level, tedious tasks, and don’t feed it secrets, advised Alex Waintraub, DFIR expert evangelist at CYGNVS, which provides a guided crisis response platform for organizations. ChatGPT can provide a rudimentary incident response plan, Waintraub said, but it cannot provide a step-by-step playbook for an incident. Yet, for small companies with little to no cybersecurity budget, that’s better than nothing.
AI is not going to replace humans, Waintraub said. Although it can perform some of the tasks of a SOC level 1 or 2 analyst, humans will still be needed to look at malicious emails and validate malicious activity.
In this episode of CyberEd.io‘s podcast series “Cybersecurity Insights,” Waintraub also discussed:
- The current lack of access and use policies for artificial intelligence and machine learning;
- How CYGNVS helps companies respond to a cyber crisis;
- The ways in which AI is “becoming part of all the different factors of cybersecurity.”
Waintraub has more than a decade of experience leading SOCs, incident response plans, threat intelligence operations and cyberthreat hunting teams’ response, containment and remediation methods. Prior to joining CYGNVS, he served as vice president of incident response at BNY Mellon and led incident response and cyber operations at Barclays Investment Bank and BlueVoyant.