Newsroom

Study finds that generative AI is a main point of contention between IT security teams and the C-Suite

Written by Corelight | Jun 27, 2024 8:45:00 AM

New research data reveals generative AI is a divisive topic amongst IT leaders, as cyber teams evaluate the benefits of the technology alongside concerns around data privacy

London, UK. Thursday 27th June, 2024 — Corelight, a leader in open network detection and response (NDR), today published a new research* paper highlighting the strong divide among European IT leaders over the suitability of generative AI (GenAI) for use by their cybersecurity teams.

The latest study has found that, although 46% of respondents state that they are proactively looking at how to incorporate the technology in their cybersecurity approaches, 44% also believe that the sensitive nature of the data involved – along with engrained enterprise silos – will in fact make it difficult to use GenAI. Of the approximately one-third of responding organisations not currently using GenAI technology for threat detection and response, 37% cite C-suite concerns as the reason.

“Our research highlights a fair degree of market scepticism and a clear need for further education, particularly amongst C-level executive teams,” says Matt Ellison, Technical Director EMEA, Corelight.

“However, we know that GenAI will give SOC teams a major boost in delivering the insights analysts need to enhance productivity and bridge skills gaps.”

He continued: “Security vendors must work hard to build sufficient guardrails into their AI-powered products, so more organisations can enhance threat detection and response with this transformative technology.”

Corelight found European ITDMs (IT Decision Makers) were split down the middle in their perception of GenAI use for cybersecurity and exactly half (50%) of the responding ITDMs believed GenAI will have the biggest impact on providing alert context and analysis. They also cite the following potential use cases:

  • Maintaining compliance policies (41%)
  • Recommending best practices on domain-specific languages like identity and access management policy (36%)
  • Unstructured vulnerability information (35%)
  • Providing remediation guidance (35%)
  • Unstructured network connection and process information (32%)

Alongside some clear concerns and question marks about the practical use and implementation of GenAI in a security environment, 68% of respondents with dedicated threat hunters say it’s already helping their threat detection and protection efforts. And a further 28% plan to incorporate these capabilities into more use cases in the future.

Despite the legitimate concerns of many European ITDMs, many have a positive view of the future. More than 40% of respondents claim AI and automation are central to creating “the perfect security formula”.

“Generative AI has been successfully applied for alert enrichment and contextualisation, providing SOC analysts with enhanced incident response capabilities,” added Ignacio Arnaldo, Director of Data Science, Corelight.

He continued: “GenAI's adoption is hindered by concerns over data confidentiality and model accuracy. As models improve in overall reasoning capacity and cybersecurity knowledge, and as more LLM deployments include structural privacy protections, GenAI is set to become integral to security operations.”

Corelight helps customers mitigate data protection concerns by establishing a functional firewall so that customer-specific data cannot interact with the GenAI model. Pre-vetted GenAI prompts are used to contextualise alerts and provide analysts with investigative recommendations.

To read a full copy of the report, please visit:

About Corelight
Corelight transforms network and cloud activity into evidence that security teams use to proactively hunt for threats, accelerate response to incidents, gain complete network visibility and create powerful analytics. Corelight’s global customers include Fortune 500 companies, major government agencies, and large universities. Based in San Francisco, Corelight is an open-core security company founded by the creators of Zeek®, the widely-used network security technology. For more information, visit https://corelight.com or follow @corelight_inc.

Media and Analyst Contact:
Sophie Brown Communications Ltd
sophie@sophiebcomms.com
+44 (0)7919 098893