Marcelo Pinto from Senhasegura describes in an interview how generative AI can be used to protect IT environments.
Why is AI experiencing such a big breakthrough in companies and among private users right now, even though the technology is actually no longer new?
Marcelo Pinto: Even though AI solutions have been on the market for some time, ChatGPT is the first tool that makes the technology as easily accessible and usable as possible for everyone. The ability to interact with AI in natural language, as we are used to doing with other humans, to be able to ask the technology practically anything and (mostly) get a reasonable answer is impressive.
Is the focus on practical benefits when using generative AI?
Many people literally use ChatGPT as a very powerful assistant to get answers to simple questions in a more direct way than via Google. The range of uses is almost limitless. Users can use AI as a tool to complete their work tasks – from spreadsheets to writing text or code – or to learn new skills such as cooking, programming or learning a new language.
Security experts fear that these technologies, such as AI or ML, can themselves be a gateway for hackers. Conversely, can IT security strategies therefore still be implemented efficiently at all today without AI and ML?
There are obviously still people who are sceptical about the use of AI. AI and ML have been improving security applications for quite some time, even if some people are not even aware of it. Certainly, there are still companies that currently manage their security tasks without the use of AI and ML. However, one should take into account the increasingly complex IT landscape and the ever-increasing amounts of data. In large organisations, it is simply no longer possible to detect anomalies in the data volumes that could indicate a risk through manual analysis alone. AI and ML help to automate Big Data analysis, detect anomalies, report them in real time and thus enable a rapid response to potential attacks.
Where specifically can AI and ML help detect and prevent cyber attacks today?
Because of their capabilities, many companies, especially in the security sector, are integrating AI and ML technologies to improve their products. For example, tools that protect the various endpoints in an IT environment, for example End Protection Platforms (EPP) and Endpoint Detection and Response (EDR) solutions, use these technologies to analyse data on regular behaviour patterns and contrast them with new behaviour patterns. In this way, deviations that indicate potential attacks can be detected. Similar implementations can also be found at the network level. Established security technologies such as intrusion detection or prevention systems (IDS/IPS) or security information and event management solutions (SIEM) use pattern recognition and baseline data to detect unusual behaviour. In addition, the protection of applications used by end users also benefits from the performance of these technologies. In Privileged Access Management (PAM), AI and ML are also used to detect anomalies in usage patterns and biometric patterns to identify malicious activities.
How is Senhasegura using AI & ML to strengthen its own solutions?
The ability of AI and ML algorithms to learn and subsequently recognise patterns is at the core of security solutions. This also applies to our PAM solution: all interactions with the PAM platform, whether human-to-machine (H2M) or machine-to-machine (M2M), are analysed and evaluated by an AI. If it detects discrepancies, the corresponding connections are classified as a risk, so that the user has to authenticate again or, in the case of a particularly high risk, the communication is even interrupted.
What specifically triggers such suspicion?
Suspicious activities can be, for example, logins outside working hours or from a deviating work location. Our solution also relies on AI and ML for real-time detection of malicious activity and risk assessment. This allows both internal and external threats to be detected early and better assessed through the system’s evaluation.
We have also set up dedicated research and development (R&D) teams to work intensively on technologies to find innovative ways of behavioural analysis, anomaly detection and more efficient predictions. In addition to product enhancement, our research teams also develop strategies to anticipate and stay ahead of ever-evolving cyber threats whenever possible. This proactive approach significantly reduces breach response time and strengthens our clients’ IT environments.
is Chief Information Security Officer (CISO) at senhasegura. Previously, he worked in the field of security and securing infrastructures at MT4 Tech Group.