The roundtable agrees it’s too late to put the genie back into the bottle.
AI and cybersecurity, more specifically using good AI to stop bad AI, is a super-hot topic in the channel right now.
A cybersecurity roundtable during last week’s MSP Summit and Channel Partners Conference and Expo addressed the issue of AI and cybersecurity head on. The participants also agreed they’ve never seen anything in technology take off so quickly.
Roundtable participants included:
- Marcia Dempster, Keeper Security‘s senior director of channel sales.
- George Just, Threater‘s chief revenue officer.
- Tim Roddy, Open Systems‘ vice president of marketing.
- Jennifer Binet, Sectigo‘s senior vice president of enterprise sales.
- Timm Hoyt, Sumo Logic‘s senior vice president of worldwide partners and alliances.
AI and Cybersecurity: Genie’s Out of the Bottle
Dempster said AI is “one of those things that you can’t stop it, it’s too late and it’s there.”
“It’s writing a thank-you card for you,” she said. “It’s doing people’s resumes. It’s writing essays for college kids. I had a friend that was setting up a dating profile and she had ChatGPT do it for her, and it was awesome. It was us and a group of friends, and when it was finished, we [said], ‘Wow, this is really good — you sound amazing. So it’s like the genie is out of the bottle; It’s happening. And the question is: Is there a way that we can make it for good and not for bad, or can we balance both of them?”
Keeper Security‘s Marcia Dempster said AI and cybersecurity is a “loaded topic.”
“Everyone’s talking about AI because it can do your kids’ homework and it can write your texts for you, and all these things,” she said. “I know that we have a little bit of AI integrated into our platform, but it’s so close. It has to be so closely monitored because we have (federal and state certifications for using technology in government). So we have so many government eyeballs on us that it’s hard to really get too creative with AI. But I also think it’s … this unstoppable force that we’re all just going to have to deal with and learn to make a part of our technology. I think the bigger question is how do we make it work for us and not let it hurt us.”
“So we just have to accept that, and the good guys have been leveraging it as well,” he said. “But one of the things that Threater has done is we’ve partnered with our data providers that provide us information about bad folks, who they are, where they’re coming from and what they’re doing. And they’ve been leveraging AI for years to do behavioral analysis. So that’s something that we capture the work product of, even though we’re not sitting in the spot of leveraging AI ourselves. But we do get the result of the AI work that’s being done on the good side of things.”
Open Systems‘ Tim Roddy said there are definitely worrisome aspects to AI and cybersecurity.
“One is what vendors are doing,” he said. “All vendors talk about investing in machine learning (ML) data science and AI, and they never give you much detail. What worries me, and you’re seeing it in the last week or two, is people having these bots write code. They can have it automatically create something and it creates a website or something like that, fine. But the bad guys are doing things. What worries me is we’ve always been behind the bad guys, catching up, playing whack-a-mole, and now all of a sudden they’re automating the ability to create more and more code and have malware obfuscate itself. We’re pretty good at stopping a known executable in the wild with a signature called a hash. But what if they dramatically and exponentially increase the number that are out there? They can overwhelm. That’s how denial-of-services types of attacks occur. Are they going to use that against your satellites? And they can use that in wartime.”
Sectigo‘s Jennifer Binet said AI is going to drive the need for more security anyway.
“We’re starting to see it now and we’re starting to see kind of a progression where it has to be,” she said. “Before … you were changing your passwords how many times, maybe once every couple of years, and it’s shortened and shortened, and shortened. We’re seeing it on the certificate side. It’s shortening down. It was 10 years when I started and we’re going down to 90 days. So I think all of this is going to play a part from the AI perspective and how quickly we can protect and what we are going to have to implement in terms of security. I also agree on the behavioral analytics. I think there’s a piece of that that’s really important for us to capture. So for us, I think we’re looking into the good side with what data we can really take in, digest and be able to create something really strong. But other than that, I’m in agreement with everybody else.”
Sumo Logic‘s Timm Hoyt said he’s optimistic about AI and cybersecurity.
“I think like any new technology, there’s always going to be the good and the bad of that,” he said. “But where some of the conversations at RSAC helped shape my mindset a little bit is, when is the industry going to get proactive and start to go out and punch the bad people in the face? Versus let’s sit back and protect. You’ve got to have a protection strategy. But on the AI side, in our world it’s also exciting for our customers and making them more efficient. And I think that’s what we’re looking at from a positive point of view. Undoubtedly, there’s so much more that is going to come where hopefully the castle gates are guarded a little bit.”
Binet said everybody is looking to “automate everything faster, quicker, sooner.”
“I’m sure all of your products are trying to do the same,” she said. “It’s the biggest piece of feedback I get from customers: ‘Please make this automated; I just need it to do something quick because we just don’t have enough hours in the day.’ So from my perspective, I’ve been in this industry for 23 years and I was trying to think what things really caught fire this quickly and escalated this fast. I was thinking two-factor authentication and all of these things, but nothing really has matched this.”