Yaniv Shechtman has over 15 years of expertise in cyber security, AI, and product management. At Check Point, Yaniv's primary responsibility is to shape Check Point's Threat Prevention strategy and technologies, ensuring their products are always ahead of modern attackers, and are able to prevent zero-day threats before anyone else.
In this exclusive CyberTalk interview, Yaniv will share insights on how AI can be leveraged in cyber security, as well as key trends, challenges, and future prospects.
Broadly speaking, how can organizations leverage AI to enhance cyber security?
YS: Generally, AI examines patterns and trends in large data sets. In this way, organizations can leverage AI to detect and prevent newly seen threats by monitoring network traffic and blocking suspicious activities in real-time. They can also use the power of AI to track users’ behavior to identify anomalies that may indicate a security breach, assist with vulnerability scanning and patch management, and automate incident response processes to ensure security incidents are dealt quickly and efficiently. Each of these AI capabilities can help reduce manual work, allowing cyber security professionals to focus on more strategic tasks.
Please share a bit about key considerations for using AI to address cyber security challenges.
YS: It is important to consider several key factors when implementing AI in cyber security. Firstly, the success of AI in cyber security depends on the availability of high-quality data. The AI model needs to be trained on data that reflects the potential threats and is accurately labeled. Additionally, although most of the AI models today are available in public libraries such as ‘Hugging Face’, ‘SageMaker’ or ‘OpenAI’, choosing the right algorithm for the specific cyber security challenge is crucial. Different algorithms perform differently depending on the dataset and the problem they solve. Another key consideration is having a data science team with the relevant skillset to effectively design, develop, and maintain the AI model. Finally, the operational lifecycle of the AI model should be taken into account, as it is important to ensure that the model is constantly monitored and retrained to maintain its accuracy against new emerging threats.
Could you share a bit about AI and false positives and false negatives?
YS: As AI is based on statistical algorithms, it is vulnerable to producing false positives or false negatives. Accuracy is crucial in AI because it has a direct impact on an organization's security estate, users’ productivity and their ability to work without interruptions, and the workload of security teams who need to review false logs and manually decide on their verdict. To enhance the accuracy of AI, the model must be trained on a highly qualified data set. This approach will enable the AI model to make informed decisions and minimize the chances of false results. Security vendors with large customer bases have an advantage in this regard, as they can obtain a significant amount of data, which will result in a more accurate AI model. By ensuring that precision and recall are balanced, AI decisions will be reliable, trustworthy, and effective in solving problems.
What are your perspectives concerning the current trends around AI in cloud security?
YS: With the increasing adoption of cloud-based services, current trends in AI and cloud security are quite promising. AI-powered predictive security analytics enable security teams to anticipate security threats. For example, ‘Cloud Workload Protection’ solutions that analyze network traffic and identify suspicious activity, ‘Identity Threat Detection and Response' (ITDR) tools to identify users’ abnormal behavior, or ‘Cloud Identity Entitlement Management’ (CIEM) that minimize the risk of unauthorized access to cloud environments and applications. Additionally, DevOps teams who manage cloud software development processes use AI-powered tools to automatically identify and remediate security vulnerabilities in code.
How can organizations use AI to enhance the security of multi-cloud environments and ensure consistent security policies across different cloud providers?
YS: Organizations can enhance security of multi-cloud environments by using AI-powered security automation tools that detect risks and enforce security policies in multiple environments. For example, threat intelligence platforms that proactively identify and respond to threats, machine learning-based anomaly detection that identifies abnormal behavior, and cloud-native security solutions that use AI to detect and respond to threats. Furthermore, AI-powered security orchestration platforms can automate security workflows across multiple cloud environments, reducing the time to detect and respond to security threats.
On a different topic, from a security perspective, what do you think about Generative-AI and ChatGPT?
YS: Generative-AI and ChatGPT have their pros and cons when it comes to technology and innovation. On the one hand, they have opened up opportunities for more cyber defense innovations by automating administrative tasks, accelerating development time, and making Security Operations Center (SOC) teams more effective. However, on the other hand, there are concerns that Generative-AI and ChatGPT could be used for increased cyber offense activities. Attackers could use these technologies to develop new variations of attacks, flood social engineering with fake identities and content, and to test attacks to increase their impact.
Therefore, while Generative-AI and ChatGPT can be powerful tools for innovation, the technology is constantly evolving and must be used responsibly to mitigate potential risks.
Looking ahead, what do you think the future holds for the intersection of AI and cyber security?
YS: I believe that AI will continue to play an increasingly important role in cyber security in the future. As data continues to increase and the threat landscape becomes more complex, there is a gposting need for cyber security experts to catch up with these challenges. AI can assist in this by providing effective and efficient tools for detecting and preventing cyber-attacks. Therefore, in looking ahead, the role of AI in cyber security is likely to become even more important.