Artificial Intelligence in Cybersecurity Good or Evil

Show video

[Music] thank you hi this is Pat Moorhead and we're back day three of the 6'5 Summit talking about one of my favorite topics security and even better is we're going to talk about security and we're going to talk about AI I'm super excited Rob welcome to the 6'5 Summit thank you yeah thanks for doing the opener I mean this is the big security opener and I'm really super excited about you no I appreciate it uh we've had some great discussions uh in the past and it's just amazing over the past few months how this chat GPT phenomena has taken really the World by storm and you know some people say hey been working on this thing for three or four years it's not new but boy did it capture the attention of everybody and I know we're going to talk about generative Ai and security but I wanted to hit you up front first by saying of really overall does chat gbt and Technologies like this going to change the maybe the future of work or the amount of people who are working on certain tasks let's talk a little bit big picture about this first off it's an amazing Innovation that is going to transform everything it already is transforming the way that I have conversations with my kids at the dinner table let's just be let's be honest and just that alone and when people say is this real just ask just ask your son or your daughter or your wife but specifically around how it's going to change what we're accom what we're used to right whether it be humans doing work or us losing jobs I mean this technology ai's been around for 50 years you know I think it was Dr weisenbaum you know at MIT years ago looking at this and spent most of his life warning people about the implications of it but you really look at the last 20 years when in 2013 I think it was two Oxford professors said hey we're going to lose 47 of our jobs by 2033. we're halfway into that now we don't even have a full self-driving car the reality is it's probably more of an enhancement to what we do as humans versus a replacement at this point yeah we talked it it's interesting I'm just waiting for the day that I can take my word processing document press a button and it creates a you know a spreadsheet or a PowerPoint document I'll be happy at that point and maybe we can all go home then but but maybe not but no to your point I mean we there have been a lot of fits and uh you know fits and starts about when is the value world going to be there you know I think eight years ago we were supposed to have a cross-country ride in autonomous car across the United States we still aren't there yet right um but this one definitely feels real uh can you can you is this how new is this you know you talked a little bit a little bit of history but but how new is this uh phenomena yeah well so if you really look at it open AI which is the company behind uh chatgpt it's the one that everyone is talking about uh and there are others though there are plenty of others let's this one in particular has gotten a first off it started off as a non-profit and when you're a non-profit and you don't have to have a business case and you can kind of move go where the tech takes you and then all of a sudden you get some smart investors yeah and focus on some real specific business use cases and you throw workers at it and a ton of dollars as well as compute power you see what you get with chat GPT and so the the reality is chat GPT I would say is very similar to what we experienced in the early days of uh music sharing remember Napster right oh I absolutely okay well Napster You could argue is the forefather of streaming services today would you ever guessed we go from that to you know we're talking about Disney Disney plus and and our friends at Netflix and Etc so yeah Apple's made a pretty good business absolutely figuring out a way to even take it over the top and consolidate becoming kind of an essential hub for all those so I feel like we're in early early Innings but we're going to see massive Innovations in all fields and not just in what we're going to talk about today so Symantec in many areas of security is really at the Forefront a lot of these elements and I'm curious how do generative AI or chat GPT how does that impact security how does it impact your world yeah so it first off let's just think about it's an educational process so most companies when we we talk with them there's a lot of excitement it's similar to when early days of software as a service companies like found their way into organizations as unsanctioned applications right so now you have chat GPT where people look at this as a way of accelerating their efficiency and in in a good let's say Good Intentions a lot of times those intentions mistakenly put the company at risk and so for those who make mistakes they tend to do things like copy data that they shouldn't or files or images into public applications such as the chat GPT and that is number one concern right now second being when you look at copyright infringement right you know who owns the output of something that's your own internal IP combined with this third-party public accessible service so that one is a real big kind of concern and the last one being of course what everyone wants to talk about on in Hollywood would be attackers right and let's let's just let's be educated a little bit about where generative AI is today it's a Content development engine at this point it's like saying you could ask a chat cpt-like system tell me all the known ways to break into this type of operating system right you can't say you know break into these computers at these three companies so they're not robot it's not a robot now we need to be prepared that over time this technology will evolve and potentially can automatically do the things that that let's say a bad actor might want to do that otherwise would have cost them a lot more money in the past yeah so the first two that you brought up seem almost carbon copy of what we saw with things like box and Dropbox the ability to share files quickly big files while not being on the on the Internet or or not having security the third one about kind of this conversion this IP creation and at that point who owns it if you look at the EULA for many of these Services out there whatever you put on these whatever you put in the cloud ends up being theirs so I can see total issues there and the last one I can see what we haven't talked about yet because it hasn't been productized yet but it's coming is having generative AI inference on the device okay as you can imagine what happens you have a hundred million 200 500 million devices with the ability to do inference on the device as opposed to having a control Point somewhere somewhere in the cloud so and no no surprise to me things that bring greatness out there and solve huge problems there are some bumps in the road right and that and this is what it takes so you meet with thousands of of of of of clients um you're offering products and services you're at the Forefront of this what recommendations or guidelines are you giving them right now to to where that it's not just you know it's easy to say and we saw this in the early days of security which which is hey what's the solution to everything just make it so hard yeah so impossible that that then everybody goes around it correct right so how do how do we keep the train rolling of having some productive generative AI but secure the Enterprise yeah that's very good well it first starts with nothing around technology it starts with the business policies of the organization it's education and it's setting the foundation and every industry is a little different certain regulatory highly regulated Industries such as banking you may not have a choice right they're going to come back and say this is not allowed Auditors will not support I mean we've seen fines for using um iMessage or a non-approved even just a chat mechanism correct correct and so first off it's you go and create a policy a business policy that uh that you should be prepared this is kind of the second point to evolve it based on regulatory environment and today actually uh our friends at Microsoft and and open AI were pretty open on the fact that they are encouraging more regulation around generative AI okay and so when you think about it it's put a policy in place educate based on what you have but be prepared to revisit that on a regular maybe it's every quarter right and at the board level frankly because this has very big implications if you do use elements of this and something goes wrong you still are subject to the same uh you know penalties or risks that you were prior yeah and then the third element frankly is you got to put some controls in place that that allow you to enforce and automate a lot of this policy at least at a minimum monitoring and then if you're more sophisticated actual automated controls and so you know with semantic you know we with our DLP Enterprise Cloud offering what we're able to do is help our customers say yes to generative AI tools while preventing customers from sending either images or data to these generative 8i tools like chat GPT but still let them use it for the appropriate use cases but this is early days and so there's going to be a lot more Technologies out there called like chat GPT and uh that's why we have a big engineering team behind us right to keep us at the Forefront using some of the same tools frankly that are powering our friends at open AI yeah Rob we both have many years of experience in the industry we've seen a lot of waves come and go and I'm curious does this wave of generative AI remind you in related to security remind you of anything we've seen in the past before whether it be the internet e-commerce Mobility anything like that that we can lean on and learn from here you know you're going to date me well I I have a few gray hairs so I think we're in this together you know I I will say in my you know and I could say probably we we have gone through quite a bit you know from uh um I talked to my kids about this all the time you know that that we used to have phones that actually had a wire that's to the wall and you had to use these little uh I would say this the Mobility cell phones and how they've become everything to what we do today that first movement was frankly these the the CDMA and and a lot of the pre-3g Technologies right and what we did with uh voice I think this is even more dramatic I probably in my lifetime no right maybe I got it it's uh when we went from uh horses to cars maybe right it's probably somewhere around a big deal and it's so it's interesting uh day one uh when these products came out I had a lot of people asking me is this the cell phone moment and and yeah so I think you're spot on there I had to use it first before right but after I use it I I yeah this is this this is real and I like to bifurcate between uh fads and Trends but we're definitely it's definitely uh here so uh we're early in the game as you talked about and I'm sure curious if you think one side has the upper hand bad guys I like to look at this as an AI spy versus AI spy I'm dating myself there with spy versus spy you might be older than me I know I'm not I know but it really is kind of this uh one upsmanship and and getting up there and now we're doing this at light speed who has the advantage now you know it's funny uh if you look at the research right now there has been no known uh new attacks you know it's a novel new attacks created by these types of tools yet um the same type of machine learning and AI type of tools and systems that we have as the good guys so do the bad guys right and we use the same sort of tools to help identify malicious behavior as they use to create behavior and so right now it's kind of like an arms race to some degree right so it's no different the key the key is maybe an arms race with a day taunt that's it but really ultimately who wins most computing power and most data data the most data that's relevant right with the most computing power will win and so that'll it'll be interesting but uh by no means should we be concerned that the cyber security companies whether it's semantic or others uh will be uh taken by surprise so Rob Ed got any answer a question here does any of this conversation have anything to do with this notion of zero trust I mean you're at RSA and I mean you couldn't swing a cat without you know hitting a zero trust uh billboard or something like that is this related at all uh to generative Ai and the the threat that it can probably uh provide well from a framework perspective you know zero trust and and I I tend to not subscribe to calling anything a zero trust tool right or because it says it's a framework yeah every part of the value chain is untrusted until it is correct correct and so in this case and I'll just use a simple way of how I internalize it um do you trust the data that's coming out of the chat GPT system and so in this case when you look at zero trust from a perspective of data and who this what the source of that data is and maybe the front end system is getting from the back end is interacting with a public chat GPT infrastructure so when you start thinking about supply chain uh the software supply chain and in today's world which is cloud and microservices it's very relevant I appreciate that uh final question here it's been a great talk by the way and it's nice to know we share some of these same time frame and can relate thank you um I'm not looking for specific product announcements here but more what is your approach to generative AI in in the product line as you as you map this out in the future what is just the strategy or the approach not looking for specifics you just spill you know before announcements come well first off our it's not a question of if or if you use generative AI it's it's when and and frankly our customers if you're not leveraging this technology you are considered a legacy let's just be let's be frank and why because it has real world use cases that are tangible now kind of like when Apple when you think about the iPod and the reason it was successful with the iTunes Store is it took something no one could understand which was pki right and it actually instantiated in something that everyone can associate with which is I no longer need these DVDs anymore or even have to manage my own my own uh let's say pirated music right uh this when you when you think about our products and what our customers expect first off the simple things do I need to go read an administrative manual to go figure out how to do something or should I just ask my personal assistant right personal semantic Enterprise Cloud assistant so so the the low hanging fruit frankly is traditional tech support and administrative support how to best practices and auto policy creation we put our customers through you know quite challenging policy creation exercises and so do our competitors so I think from an ease of use less mistakes now let's let's not kid ourselves if you just let the AI go by itself it's like letting your 16 year old with the Ferrari by his or herself right so you need oversight because frankly a lot of times that system is wrong right so first off that's the low-hanging fruit as well as because we're a security company we need to be using this technology to better keep up with the vulnerabilities and exploits that are out there and so that's just a no-brainer we're already been using AI for years the generative aspect of this and the ability to use it in use cases that are you know a typical administrator or even end user can that's where we need to take it and and for what it's worth your cloud-based approach seems to me would give you an advantage to be able to implement all of all the newer features surrender so I don't want to put words in your mouth but uh you've gotta you know you have a strategic move that you made would I mean that's where it's all happening yeah I mean we've invested a lot working with one of the top when the top hyperscalers in the world right to help us accelerate that transition and we are at a a I would say a competitive advantage to others who are providing similar services not only because we do it in the cloud but we also are able to do it simultaneously for the on-premise workloads which by the way these big companies they can't just turn off their old networks and just go straight to the cloud and you need to do it with one common policy one common set of context across all those different complicated use cases that's great Rob I really want to thank you for opening up the security track here at the 6'5 Summit 2023. kind of combining two of our favorite topics which are security and Ai and maybe a little bit of multi-cloud in there too oh absolutely you know what everything's almost everything's a multi-cloud use case there's just a lot of companies don't articulate what that means and the reality is uh when you're talking about large organizations they don't have the luxury of of just dealing with one yeah one workload we're definitely on the same page I'm glad we're here like I like to look at the cloud as as a teenager I mean it's 19 years old yes and if you're 19 I mean you're you're mature but you know you're not making All the Right Moves you're not making all the right decisions I I didn't so uh but I'm glad we're at a time where at least we're acknowledging that that it's not just if there's if the multi-cloud is there it's here and Enterprises are doing it I have yet to talk to a Fortune 500 Enterprise that doesn't have multiple is providers and that by definition is multi-cloud so you got to get the verbiage there and the belief and now we're working at all the solutions that support the multi-cloud so anyways thanks for coming in the show really appreciate it thank you very much Pat so this is Pat Moorhead signing off for this opener for the security tracks six five Summit 2023 we'll hope you're to hope you tune in and listen to the other awesome security content we have and don't forget we have a day one and a day two you can go back and watch at your leisure take care thanks again [Music] foreign


Show video