How Indian enterprises can incorporate AI into their cybersecurity solutions to build digital resilience

Digital resilience is essential for businesses to successfully navigate and overcome disruptions such as cybersecurity attacks, strains on IT systems, and unfavorable occurrences in today's linked business landscape. AI is becoming a vital tool in the fight against cybercrime and in fostering digital resilience. But not every AI security solution is made equal. For them to be successful, human intervention, routine audits, and adherence to compliance requirements are necessary.

Robert Pizzari, Vice President, Security, Splunk, a software company providing unified security and observability platform, spoke to VnD about common challenges faced by CISOs and their outlook towards AI-based solutions, Splunk's focus on harnessing cutting-edge technologies such as AI, machine learning, cloud computing and much more.

Have a look at the excerpts from the interaction:

VnD: Please elaborate on Splunk's focus on harnessing cutting-edge technologies such as AI and machine learning?

Robert Pizzari: As cybersecurity threats become more sophisticated at an exponential scale, it is crucial for organizations to keep pace with emerging threats to build digital resilience. At Splunk, our unified security and observability platform powered by Splunk AI helps organizations efficiently defend themselves against adversaries and prevents major issues before they become incidents.

Splunk’s collection of AI-powered offerings combine automation with human-in-the-loop experiences,  enabling organisations to drive faster detection, investigation and responses accurately. As an example, with Splunk AI, we leverage the power of generative AI via the Splunk AI Assistant to provide interactive chat experiences and help users author Splunk Processing Language (SPL) using natural language. This helps make SPL more accessible and approachable for users, further democratising an organisation’s access to, and insights from, its data.

As a leader in security and observability, we have a distinct perspective on the role AI can play in enhancing digital resilience. Splunk’s purpose is to build a safer and more resilient digital world that includes transparency and responsibility in AI usage, as well as ensuring that the customer remains in the driver’s seat and has control over how AI uses their data. AI has the potential to be a transformative tool and at Splunk, we believe that AI is leveraged to strengthen human-decision making

VnD: What are some of the most common challenges faced by CISOs and what is their outlook towards AI-based solutions?

Robert Pizzari: One of the most common challenges that CISOs face is that they grapple with ever-evolving stringent security regulations that can potentially hold them accountable for cyber incidents. Achieving a fine balance between safeguarding sensitive data while complying with regulations presents a significant amount of stress.  Another challenge is the increasing proliferation of interconnected devices within organizations, which expands their exposure to cyber risk. In fact, according to Splunk’s latest CISO Report 2023, more than 90% of organizations have experienced at least one disruptive cyber attack within the past year.

The rise of AI brings both new risks as well as fresh possibilities. While AI can be harnessed by cyber adversaries to create deep fakes, spread disinformation, and orchestrate sophisticated social engineering schemes, it can also bolster security with its prowess in advanced threat detection. In the same CISO report, we learnt that organisations do appreciate the benefits of AI, particularly generative AI, with 35% of surveyed CISOs believing that the technology will help alleviate time-consuming security functions to focus on strategic endeavours. With 93% of CISOs having experience with deploying automation into their processes, AI-based solutions are becoming a necessity and should be part of every CISOs’ security toolset.

VnD: Are there also any downsides of AI in cyber security?

Robert Pizzari: While AI undeniably offers advantages in bolstering cybersecurity team productivity through continuous monitoring and detection of unusual activities, it also opens doors for cyber adversaries to craft more sophisticated attacks. Hackers can develop models that mimic the logic of existing AI-based cybersecurity systems, effectively tricking them. Furthermore, adversaries can propagate deep fakes and disinformation, expanding the attack surface for organizations. The use of inaccurate models can lead to an upsurge in false positives, further complicating the work of cybersecurity teams tasked with monitoring such systems.

Despite the challenges AI poses in the realm of cybersecurity, it also serves as a catalyst for enhancing digital resilience. By implementing models that undergo regular updates and enhancements and practises safe and responsible use of AI, AI emerges as an indispensable asset for organisations in today's fluctuating digital landscape.

VnD: What is AI's role in breach risk prediction and better endpoint protection?

Robert Pizzari: Implementing automation in the cybersecurity stack works as a proactive measure to build digital resilience – the intention is not to just stop breaches from occurring, but to prevent them altogether. Predictive machine learning models can work to determine various components’ susceptibility towards security breaches and flag the ones that are at high risk of being infiltrated. Employing such models ensures a more robust assessment during regular security audits.

As a company expands, its susceptibility to threats targeting both the organisation and its employees' devices increases. To address this risk, AI-driven endpoint protection systems can be deployed to analyse endpoint behaviour, detect suspicious activities, and respond swiftly to mitigate threats. This ensures that as a company scales, its devices remain secure and its vulnerability to attacks is reduced. This proactive and adaptive approach, also commonly termed as zero trust, is essential in today's ever-evolving threat landscape.

VnD: How is Splunk helping businesses with its Splunk AI Assistant?

Robert Pizzari: Splunk AI Assistant helps users interact with the Splunk platform and its products more efficiently.  Splunk AI leverages generative AI to provide an interactive chat experience and helps users author Splunk Processing Language (SPL) using natural language. It essentially works as a translator, where users  can interact with the assistant in plain English to create an SPL query. This helps make SPL more accessible, allowing SOC teams and IT teams to access data and insights easily to make informed decisions readily.

VnD: How is the unified security and observability platform crucial to digital resilience? And in what ways does it help teams across the organisation to work together, detect, investigate and respond?

Robert Pizzari: A unified security and observability platform is essential for fortifying an organization's digital resilience. In today’s digital environment, where cyber attacks are becoming more sophisticated, rapid identification, analysis, and resolution of security incidents is paramount.  Splunk’s unified solutions empower organisations with full visibility across their networks and tech stacks, enabling teams to collaborate efficiently, detect, investigate and respond accurately. Not only does it minimize downtime for the enterprises, it also reduces the total cost of ownership.

A great example would be the case of award-winning airline, Singapore Airlines. The national carrier was able to reduce downtime through enhanced monitoring of application health status. The airline needed to update their customer-facing interaction channels, including its self-service kiosks, mobile apps and website and wanted to ensure that customer interactions remained as seamless as possible. By incorporating Splunk to their Operational Data Analysis platform,  their IT team was empowered with a centralised place for data viewing, correlation, analysis and reporting. With access to real-time insights from disparate data sources, the airline had full visibility into application health and was able to achieve 75% faster issue detection and 90% fewer backend issues while keeping the organisation secured.

VnD: According to the State of Security 2023 report by Splunk, organizations in India are more vulnerable compared to their APAC counterparts. In your view, what could be the main reasons?

Robert Pizzari: Indian organisations grapple with fragmented cybersecurity stacks that obscure visibility across enterprises, in turn increasing their vulnerability to security threats. Despite the growing trend to integrate security teams in strategic discussions, 47% of respondents from our latest  CISO Report admitted that they still contend with an array of disparate data sources. Siloed security infrastructure hampers resource oversight, particularly in multi-cloud environments. This makes proactive detection a challenge that requires ongoing human intervention, placing undue pressure on the team. To overcome the myriad of challenges, organisations in India need to start investing in a more integrated, streamlined security approach to bolster security posture.

VnD: How should the CISOs in Indian organizations utilize and adopt AI to its full potential for cybersecurity?

Robert Pizzari: CISOs in Indian organizations have the opportunity to harness the power of AI for proactive cybersecurity measures, fostering long-term organizational and digital resilience. Predictive machine learning models facilitate the identification of vulnerabilities, thereby improving the efficiency of security audits. Additionally, the utilization of generative AI tools, such as the AI Assistant app, enhances observability by simplifying complex queries into plain language. This streamlines cybersecurity operations, allowing security teams to concentrate on higher-level assessment tasks.

The role of AI in cybersecurity is not about replacing human decision-making but rather enhancing it by increasing the speed of threat detection and analysis. Splunk’s  "human-in-the-loop" approach embedded in Splunk’s products means that AI can augment and strengthen human decision-making by increasing speed and effectiveness while ensuring that the user remains in the driver’s seat and has control of how AI uses the data. By effectively adopting and integrating AI into their cybersecurity strategies, Indian organizations can make AI an invaluable asset for fortifying digital resilience.