Defending at Machine Speed: Technology’s New Frontier

Defending at Machine Speed: Technology’s New Frontier

Show Video

>> ANNOUNCER: Please welcome Corporate Vice President Microsoft Security, Vasu Jakkal. [applause] >> VASU JAKKAL: All right, well, good afternoon, everyone. It's great to be back. It's great to be at RSA and connect with you all. RSA is a special time for us, as we meet each other, we build our community, we belong to each other, and we share perspectives and learn about the new frontiers of technology.

And in security, and in life, actually, it's not about what technology can do. It's about, as Claire just so beautifully showed us, it's about what humans can do when they are empowered by technology. Human essence and human expertise after all, was, is and will continue to be the most precious resource. And human innovation has always been about making things better, making life better. And we have quite a history of innovations.

So, let's take a walk down memory lane. Starting with our industrial revolutions. Way before our time, 1750s the steam engine was born, and human life changed forever.

Things like automation, which did not exist before manufacturing, brought a new era and there was production at scale. 100 years from then, electricity was born, and it literally lit up our lives. Our homes and streets and transportation.

Not only people, but ideas started building on each other and moved to new places. And then that was followed by the digital era that we have been part of. Remember those vacuum tubes and the mainframe computer? And then there was the transistors, which was born, silicon engineering, Moore's law, the computer became personal. Every mom could now be an entrepreneur, we could do new things. The digital era led into datafication, data, data, data, the new gold, the new currency, literally. New apps for everything.

Mobile phones reached new corners of our world, brought economic opportunity to populations that never had that chance, new business models. The cloud changed economies of scale where, gosh, we unlocked so many more possibilities. And right now, as I stand here with you all, we are at the cusp of a new era. This is the industrial revolution 5.0, when AI becomes mainstream. And what you are noticing also is that every single era has built on top of the other, so shrinking.

Let me give you a stat. ChatGPT, the new generative AI model when it was released, in three months it reached 100 million users. By comparison, it took mobile phones 16 years to reach 100 million users. And the internet, seven years to reach 100 million users. We are at the cusp of something really special.

And we need this in security. We need this desperately, because the odds today are against the defenders. I know you all will relate to this because I have talked to so many of you.

Cybercrime costs our world trillions of dollars. It's going to be 24 trillion in 2027. What could we do with that? If we had that to fuel our economies and create new lives together.

It's not just about nation state anymore. Ransomware as a gig economy is alive and thriving. We have gone from 579 password attacks per second - which by itself is a pretty large number - to 1287 password attacks per second. That translates to tens of billions of attacks - gosh, that's what we are facing. And if that is not daunting enough, we don't have enough people, we don't have talent to go solve this. One in every three jobs in the United States continues to be unfulfilled.

That's 3.5 million jobs globally in security that are unfulfilled. And every conversation I have had with every customer around the world, it's a talent issue. We don't have people to solve our challenges.

We need AI. And that's what gives me hope and optimism. Because there are three major things coming together right now and these three trends are redefining what security AI is.

First is the generative AI models. They are amazing. If you haven't played with it, you should play with it. Large language processes, large language models, natural language processing, foundational models are building on each other. That then meets hyperscale data.

AI needs data, defenders need data. And what's happening right now is we have high resolution sensors which are helping us get data from places we couldn't get that, whether it's our factories, our buildings, our workplaces. That data, the scale of data works with the AI to parse that out and to find context and insights we did not have access to before. And then economies of scale, cloud, and economies of scale are reducing the cost for queries so we can do a lot more.

But data is only data without insights and that threat intelligence, the third trend comes into being. We need to understand these actors. Who are they? What are their motivations, why are they doing what they are doing? What techniques are they using, what are the tactics, what are the practices? When threat intelligence meets AI, meets hyperscale data, that's when security AI starts working, and this is surrounded by all the security skills that we are building in it. So, what do these security specific AI models do? And how can they help us? How are they different? Because we have been talking about AI for a while.

Well, A, they are going to tilt the favor, the scales in favor of the defenders, because they help us defend at machine scale and machine speed. We have had machine learning for a while now, and it's wonderful, but it's deeply integrated into the tech that we use. And we've got to interact with it.

It's also very assigned to the sub domains it works with, generative AI is different. It's based on foundational models. You can interact with it, you can build on it, you use natural language to ask questions. It learns from that, it integrates a skill that augments you with that. It finds context, where you could not find context.

It builds out entire kill chains and signal drafts in minutes. So, what used to take us days, weeks, months can now be done in minutes through this technology. The interaction also makes it personal. We all are different; I learn differently, you learn differently, we assess information differently. That's what's beautiful. I am deeply inspired by Claire and what she has done and there are so many Claires amongst us.

But to nurture that human element we have to enable that the way we learn so it makes it personal. I believe for the first time we may actually have a tool and a technology which helps us add scale grow from defensive to preventive and predictive. That's pretty amazing. These security specific AI models are going to do what we want it to do. Augment our humans, help our defenders, empower them to do things which were not possible. They are going to help us simplify the complex.

They are going to help us catch what others have missed or what we have missed. They are going to help us address that talent shortage and really change the paradigm of productivity and they are going to help us reduce and break down the barriers of diversity that we have been talking for a long time now. So, let's take a look at how we do that. Simplification.

I don't think there's one person in this room that will say, hey, I don't want something simplified, right? And security is super complex. It's very labor intensive. If you look at our defenders, they are working with multiple data streams, fragmented tools, they have to stitch it all together, they have to find the reports. They have to then create the insights from multiple sources. They have to look at threat intel inside/outside - gosh, I can go on and on, it's very complex.

But what if you could have all that in one session, in a beautiful experience, in a language you understand? Isn't that going to be amazing? And that's what this AI is doing today. It's simplifying that. It's helping you get insights, it's mapping things out, where did the attack come from, all the endpoints that it infected, all the clouds, everything, and it helps you get the next thing. It prompts you on. This prompt onset is a pretty powerful one.

This simplification is going to help our humans. It's going to help our defenders in multiple ways address things they were not able to do before and do it in minutes. And it's going to change the paradigm of productivity, because we need to increase the potency of our defenders. How about we help new talent come into our security workforce? What can AI do for that? How about we uplevel the skills of the security defenders who are in our teams. Can we do that with AI? Yes and yes, and so much more.

AI, through natural language, can interact with you in the language you know. For someone who is new to security, it can be pretty daunting. It can be pretty isolating. We don't want to ask a lot of questions because everybody is overwhelmed. But now you have an ally that you can ask questions to and learn. If you don't have a skill set, you can pull that skill set.

If you have a skill set, you can integrate that skill set. It's going to help you with that. It helps you train, skill, provides context for new beginning talent to come into security. And for the advanced security defenders that we have, it uplevels your talent, it gives you back time. It puts power back in your hands.

Because it automates all the repetitive tasks. It gives you space and data and insight so you can ask the next question. And you can participate in strategic decision making.

Through these things, we are going to address the talent gap. Imagine if a tier 1 SOC analyst, security operation center analyst, who is just starting out had AI with them to help them learn about investigation or reverse engineering or threat hunting, without any other help, and just learn with the tool. And customize it and personalize it the way they learn.

And imagine a tier 2 analyst in your security operation center, their ability to create advanced tasks because they can just integrate their expertise into the tool, build a skill in and then use the skills they don't have. It's going to augment our expertise and change the paradigm of productivity. And while this is amazing, these insights which are going to help us catch things we may have missed, help us really stay ahead of our - of the attackers, one of the things which is super close to my heart is diversity.

I know it's dark in here right now, but I'm sure if you look around, you will see that we still have a challenge in diversity. And diversity is needed because of cognitive diversity. We need more Claires in the world. I think AI is going to help us address that, because it creates a level playing field. It creates equality and equity.

It removes the barriers like language. It removes the barriers like skilling and training. In a very safe space, psychologically safe, you can ask this tool questions and learn with it.

And this diversity is going to be important because it's going to open new jobs for us. I will ask a question. Do you know what the most powerful programming language today is? It's English, that's the most powerful programming language. What can we do with that? Can we include other people? Absolutely. A very important role right now is prompt engineer. Amazing.

Someone who is sitting there and saying, how can I train this AI with the questions? What questions do I need to ask so that generative AI can give me the right answers and I can build that? Imagine the possibilities. And it's not just about traditional security skills. Gosh, we need talent, I have spoken about this before, we need social scientists, we need artists, we need psychologists, we need ethics majors.

It's going to open jobs we have never thought of before, it's going to integrate this talent in ways we have never thought before. It's going to reduce the barriers and break them down for diversity and inclusion. So, where does AI go from here? I was here last year and I showed this exact slide. When we talked about the roadmap of AI and the technology and I was thinking, gosh, it seems like that's not a lot of time to develop all that, incident graph completion, situational awareness. Well, all those things are important and right.

But even I am surprised, because we have accomplished that. And we did this much faster than any of us thought was possible. That's amazing. So, where does AI go from here? First, it starts with trust, because, like any new technology, we need to be able to trust it, because otherwise, we are facing a very dystopian future. AI is going to give us tailored insights, for your vertical, for your segment, for your company, for yourself; amazing.

And that has to be followed with explainable results. If we don't understand what AI is doing, how it's doing, it's going to be a pretty big challenge for us to trust it. So that explainable AI is important. Those two together, I think, constitute trust with verification. I say this to my kids all the time.

I trust them, because they have to, kind of, like, prove that they can take that responsibility, and then we move forward. It's like that, they are going to have to understand AI to trust it and we are going to need that explain-ability. And we can never, never, never forget about privacy. Privacy and personal data, that has to be the heart of how we build AI.

So, the future of AI anchored in trust is going to be about these tailored insights based on the person in the organization. It's going to be a mix for what is productivity, experience, and security meet each other and it's going to be personal, it's going to be private, anchored in explainable results. And we all have to embrace it, this is ours. It's not about one company, it's not about one person. AI is going to do what we want it to do. For that, we all have to participate.

Let's get engaged. Prompts, remember that prompt engineer? Let's get engaged and see what questions should we be asking AI, what can AI do for us? Let's get engaged and take advantage of the resources. Even better, let's write those resources. They may be so many point-of-views we have missed. And let's engage and be fascinated.

It's incredible where we are at. Be curious, have a growth mindset. This technology is going to do for us what we have never thought of before. It's going to uncover new possibilities, new productivity paradigms, new security paradigms. Remember those trillions of dollars that we need to unlock for the human potential. And while we do this, we have to do this in a responsible way.

We carry with us great responsibility as we build AI. Going back to my diversity point of view, if we do not include diverse perspectives, if a few build AI, we are going to build into it the unconscious bias, unintentionally but we are going to build into it of the few. Do we really want that? We don't. We need to have diversity at the heart of building AI. We need participation from everyone. We need ethics at the heart of AI.

This is not just a technology thing. How do we do that? And we need privacy at the heart of AI. It's that trinity of responsible AI that is going to help us going back to the earlier slide, anchor us in trust.

Because we can never forget who we are up against. Every company tracks threat actors differently. These are just some stats from Microsoft. They are tracking 300 plus threat groups right now, of which 160 plus are nation state actors. We are tracking 50 plus ransomware groups. I'm sure you have your stories; I have mine too.

A small and medium business, a friend of mine who runs that, they were faced with a ransomware attack, and they never thought they would recover from it. A dear, dear friend of mine spent 1 1/2 years recovering the identity of her 7-year-old, who was faced with identity theft. And recently, when I was in Australia, the healthcare attack where private data was released in the public sphere was devastating and heartbreaking. That's what we are up against. And it's personal, but it's not individual. It's about together, it's all of us; I am so privileged and grateful to be in this journey with you all.

We have to do this together. Private sector, public sector, peers, all of us working on this. In our hands today, we, perhaps, have the most consequential technology of our lifetime. This has the power to absolutely change the game of security, to tip the scales in favor of defenders; and it will. But it's going to take all of us.

It needs to reflect all of us. It needs to include all of us. It needs to benefit all of us.

It needs nurturing hands to carry this transformative technology forward. And those hands are going to change the world forever. Thank you very much. See you all at RSA.


2023-05-06 06:24

Show Video

Other news