Generative AI (GenAI) is being hailed as the most transformative innovation since the rise of the internet in the 1990s. For security, GenAI can revolutionize the field if applied correctly, especially when it comes to threat detection and response. It enhances efficiency and productivity by swiftly processing and delivering critical information when it matters most.
Security has always been about mitigating risk. It’s been the security professional’s lot in life to drop everything, come in and clean up after a problem occurs. Prevention has long been a challenge and a goal. But, on a day-to-day basis, security teams always find themselves in react mode. If you run or work on a security team, you know the story well: you feel short-staffed and face bandwidth constraints. Plus, resource alignment is a struggle and time is the enemy. If anyone deserves an additional hour in the day, it's members of the security team.
If you’re like others, you probably spend a lot of your day with your head on a swivel, going from screen to screen to firefight ongoing threats.
As a result, it feels like you’re always a step behind the threats. That’s the norm and many have come to accept it.
But there is a better way: Generative AI. GenAI has been heralded as the biggest change in society since the rise of the web in the 1990s. There’s a lot of hype to sift through and it’s not about sentient robots taking over the world. This isn’t HAL 9000 in 2001: A Space Odyssey.
For security it is a total game changer – if done correctly. GenAI can boost efficiency and productivity by processing, retrieving, and delivering useful information in the most critical times of need. At the end of the day, GenAI can augment processes so that security teams can get that well-deserved hour back.
So how does it work? GenAI can cut through complexity so security teams can work, search, and analyze faster. As a result, they can make rapid decisions, accelerating what they can get done in a day.
GenAI provides useful context when you need it–think of it as an AI Assistant. The guidance it provides can help you stay ahead of attackers.
OK–so is this just pie-in-the-sky AI hype like we see every day? Not at all. This is real.
At Tenable, we’ve been at it for years.
We’ve been applying AI techniques to security for some time now. Take a look at our Vulnerability Priority Rating, which uses Machine Learning to help security teams understand which vulnerabilities to prioritize. Tenable also has a track record of sharing our AI knowledge. We’ve made AI research and tools available – for free – to the cybersecurity research community, including work from the Tenable Research team that creates efficiencies in processes such as reverse engineering, code debugging, web app security and visibility into cloud-based tools.
We’re also using GenAI to put more power in the hands of security teams – and we’re doing it today.
We’ve seen interest in GenAI in the demand we’re getting from customers and, in a broader sense, we’ve seen it across a large swath of the security professional community that have responded to the tools we’ve made available.
To learn more, we asked Forrester to investigate the interest in GenAI.
The results show a real need for GenAI. There’s demand for helping make people more efficient and make prevention attainable.
Let’s dig into the study.
We asked people who are also responsible for setting, managing and implementing security strategies the extent to which their organizations are using or planning to use GenAI to accomplish certain goals in the next year. It’s clear that people want GenAI to improve experiences and efficiency–specifically they’re interested in optimizing CX and centralizing operations.
Fifty-three percent of people told us they want GenAI to improve customer experience and 41% said they’d like to streamline technology.
The idea is that GenAI should help to make the life of security professionals easier.
With the answers of the previous question in mind, we focused on cybersecurity and GenAI with the same question: “To what extent is your organization using or planning to use GenAI for the purpose of accomplishing the following goals over the next 12 months?”
The results were enlightening, 68% showed some level of interest in using GenAI to align IT/security goals with business goals and 37% said they plan to do so in the next 12 months.
A similar number – 67% – showed interest in using it to increase or improve the way their organization practices preventive cybersecurity (with 28% planning to do so in the next 12 months).
The survey measured security professionals' confidence in their organization's ability to use GenAI for cybersecurity.
The responses show that IT and security leaders are pretty confident in using GenAI to improve their cybersecurity strategy, with 44% either extremely confident or very confident.
This shows that the relatively new GenAI category is quickly gathering momentum and will soon be (if it isn’t already) table stakes for cybersecurity.
Let’s look at how Tenable customers can use GenAI in their everyday work, right now.
With Tenable AI Assistant, built into ExposureAI, you can use simple prompts, like What can you tell me about this asset? and Does this asset have any exploitable vulnerabilities? to get immediate answers.
The experience levels of analysts vary widely. Some come from adjacent security industries and some have very specific domain expertise. With ExposureAI, you don’t need a PhD in Attack Path Analysis to understand your risk. You just click on a node and the assistant takes it from there.
Once you’ve identified the issues, you’re often left with a big Now What? ExposureAI provides specific guidelines to mitigate the risk as well as a step-by-step process you can follow along with best practices you can turn to for advice.
We’re well on our way down the path of genAI and there’s no denying the hype surrounding it. It’s one of those shiny new things that the media loves to report on. But beyond the hype, there are real benefits that customers can get from GenAI. At Tenable, we have been focused on utilizing its power to help our customers better secure their enterprises.
But we’re only at the beginning. There’s more work to do. There’s more functionality to uncover and execute on our platform vision. And there are many more use cases to serve.
Nick Weeks is a Senior Product Marketing manager at Tenable responsible for positioning, messaging and various go-to-market initiatives for Tenable One Attack Path Analysis (APA), Cyber Asset Management (CAM), Attack Surface Management (ASM) and ExposureAI. Nick uses his extensive experience in product management, sales engineering and product marketing across various technology industries to help lead the way and strengthen the Exposure Management Category.