Attackers have been quick to jump on the generative AI bandwagon, using the new technology to increase both the volume and the complexity of their attacks. At the VMware Explore conference going on this week in Las Vegas, VMware announced the addition of a generative AI weapon to its own cybersecurity platform, vDefend. But, to start with, the tool will be available only in an advisory capacity and won’t be able to act autonomously.
The generative AI tool is called Project Cypress, and it was announced last year as a tech preview, says Umesh Mahajan, vice president and general manager for application networking and security at Broadcom, which completed its acquisition of VMware last November.
The tool has since been enhanced and is now part of the vDefend lateral security solution, Mahajan says, and it will be of interest to customers who have deployed VMware vDefend Advanced Threat Prevention.
“Security teams get overwhelmed with a large number of threat campaigns and false alarms,” he says. “Project Cypress, via a natural language interface, helps triage and investigate high-risk threat campaigns faster, explains a particular threat campaign with additional context needed for the security team to quickly take appropriate actions, recommends remediation options and can enforce the remediation option selected by the security team via vDefend’s threat prevention capabilities.”
Without the tool, security teams might not spot a high-risk threat campaign, or it might take longer to investigate one – and even longer to remediate it, he adds.
The tool uses a combination of large language models and can access data, security events, flows and campaigns specific to a particular customer and deployment. It is fully integrated with the vDefend platform user interface, says Mahajan. “A security admin can select specific detection events and interact with the chat assistant,” he says.
Target customers are enterprises and telecom service providers looking to defend against malware and ransomware attacks, and to defend against nation-state actors. For example, attackers can exploit weaknesses in enterprise applications or infrastructure to infiltrate networks, then move laterally as they hunt for high-value assets.
“Perimeter firewalls, originally designed to protect north-south traffic, are just not adequate,” Mahajan says. Plus, the attackers themselves are now using generative AI and large language models.
According to a SlashNext report released this past May, the number of malicious emails has increased by 4,151% since ChatGPT was released in late 2022.
VMware’s vDefend platform protects east-west traffic with zero trust, microsegmentation, zone-level segmentation, and malware and ransomware defense.
Project Cypress will make it easier for security teams to use the platform to find threats faster, and to get explanations for what’s going on. The tool can also suggest remediations, but it won’t act on its own.
“We will have the human in the loop in the beginning, so that the customers get comfortable with it,” says Majajan. “Once they are comfortable, then we can turn it to autonomous actions. Once we get the feedback that it works, then we’ll give them a button to switch to automatic enforcement of policies.”
Mahajan expects some verticals to adopt the technology faster than others because they have critical assets to protect, including the federal government, financial services, healthcare, and manufacturing.
Read more VMware news
- VMware upgrades software-defined edge for AI workloads
- Customer concerns loom as VMware Explore event approaches
- VMware by Broadcom: Product, service and support news
- Broadcom extends vSphere 7 support six months
- Broadcom bolsters VMware Edge Compute Stack
- Broadcom repackages VMware SASE, adds Symantec security
Source:: Network World