Security Teams Have ‘Window Of Opportunity’ On GenAI: Google Cloud Expert

Generative AI capabilities appear to be giving defenders an edge over the attackers—for now, according to Google Cloud’s Nick Godfrey.

The arrival of new cybersecurity capabilities powered by generative AI appears to be giving defenders an edge over the attackers—for now, Google Cloud’s Nick Godfrey told CRN.

While the situation may not last, the current advantage suggests cybersecurity teams would be wise to double down on GenAI capabilities to make the most of it while they can, said Godfrey, senior director of the office of the CISO at Google Cloud and former global co-CISO at Goldman Sachs.

According to Godfrey, GenAI has major implications for what’s known as the “defender's dilemma”—the notion that cyberdefense teams are expected to succeed 100 percent of the time, while attackers only have to succeed once to make an impact.

“I think at the moment, we have a window of opportunity to help reverse the defender’s dilemma,” he said, thanks to newly available GenAI-powered capabilities for security.

Vendors across the cybersecurity industry have touted the potential for GenAI to enable new functionality in many security tool categories, although the technology is perhaps making the biggest difference out of the gate in the area of security operations.

For Google Cloud, for instance, a major focus with GenAI is on utilizing the capabilities to help security operations analysts improve their decision-making and perform more automation of routine tasks, according to Godfrey.

“Helping accelerate and scale and reduce the toil associated with security operations is a big driver for us,” he said.

At the same time, while threat actors are believed to be using GenAI tools heavily to enhance their phishing and social engineering attacks, as well as for deepfake scams, there isn’t much evidence that attackers have moved on to more sophisticated uses of the technology.

By contrast, “the use of AI by the defenders is probably moving at a faster pace,” Godfrey said.

The challenge for Google Cloud—and for all CISOs—is, “How do we double down on this capability?” he said. “How do we really understand where it can be used and how it can enhance and add capacity to existing teams while we still have that that window?”

For IT consulting giant Accenture, No. 1 on CRN’s Solution Provider 500 for 2024, seizing the opportunity has meant introducing a set of cybersecurity services with new capabilities powered by GenAI.

For instance, Accenture said last week it’s deploying GenAI to enhance a number of services including its managed detection and response (MDR) offering. The company’s security teams are leveraging an AI assistant that can better aggregate and analyze threat intelligence, ultimately enabling significantly improved risk correlation, said Paolo Dal Cin, global lead for Accenture Security.

Using these capabilities, “there is a material improvement in the effectiveness” of providing MDR to customers, he said.

Ultimately, while concerns about AI usage by attackers have become widespread, “we strongly believe that GenAI will help the defenders more than the attackers,” Dal Cin said. “And so we thought that as Accenture, we needed to invest to show a different angle and to look at GenAI for security as an opportunity.”