web analytics

VMware’s AI query tool could be best for junior threat team members, say analysts – Source: www.csoonline.com

Rate this post

Source: www.csoonline.com – Author:

News

05 Nov 20245 mins

Cloud SecurityData and Information Security

Intelligent Assist will be released in Q1 next year to help SOC teams understand what’s behind alerts, Broadcom announces.

Don’t expect the earth to move when Broadcom’s VMware launches its new AI query tool for the vDefend platform early next year, says an industry analyst.

“They seem to be making pragmatic promises,” Fernando Montenegro of Omdia said of the announcement Tuesday at VMware Explore Barcelona that the AI-powered Intelligent Assist will be available in the first quarter of 2025. It is now in beta trials with customers.

“It’s nice that they’re being cautious about it” instead of making wild promises that the generative AI [genAI] assistant will drastically improve security, he said in an interview.

“I didn’t see anything radically different in the use cases” that VMware provided in a briefing on Intelligent Assist, Montenegro said.

Those use cases are around helping the SOC team understand what is going on when an alert is triggered, and getting recommendations on how to resolve the problem.

But, he added, Intelligent Assist’s value may depend on the maturity of the security team.

“If you have a somewhat more of a junior team and they need help investigating these kinds of incidents, I think this thing is positive,” Montenegro said. “If, on the other hand, you have somebody who does 50 of these before breakfast, I don’t see the genAI adding that much capability.”

That is true for all genAI products, he added.

On the other hand, Ranga Rajagpalan, CTO of Broadcom’s application networking and security division, said infosec pros will see a significant improvement in productivity. Intelligent Assist can produce up to a 10 times reduction in the number of events the SOC team faces, he said in an interview. “That’s a huge win in itself,” he said. And the tool’s ability to give remediation recommendations could provide up to a two times improvement in responses.

Some background: vDefend is a plug-in set of security capabilities that includes firewall, intrusion detection and prevention for environments running on the VMware Cloud Foundation (VCF) platform. 

Intelligent Assist — until today known as Project Cyprus, announced in August at VMware Explore Las Vegas — searches threat and alert information collected in vDefend. If it finds a pattern, it presents it to a threat analyst as a ‘Campaign.’ The analyst can then ask Intelligent Assist to explain the campaign and then ask for recommended mitigations.

Intelligent Assist doesn’t act on its own, Rajagpalan stressed. Nor is customer data used to train the model.

Intelligent Assist takes context from the customer’s configuration and what they see in their environment, and not the open internet, he said. “It’s very focused on security use cases within the context of what we’re seeing in the customer’s environment.” That, he said, reduces the chances of so-called AI hallucinations.

It only makes recommendations to the threat team, such as suggesting they install a security policy or turn on a malware signature. “It will not autonomously take any action,” Rajagpalan said. “Final control always resides with the operator.”

Intelligent Assist comes from VMware using Google Gemini as its large language model (LLM), either hosted on Google Cloud Platform or on-prem, but customers can use any LLM they want.

Once available with the next release of vDefend, likely in February or March 2025, installation of Intelligent Assist will be fast, with approved infosec staff ready to use it in a day, Broadcom said.

Initially, the tool based on Google Gemini will be free, but with limits on the number of queries or chats. There will be an option to pay for unlimited access. Those who choose to use their own genAI model face no extra charge.

  “Being a threat hunter or threat analyst in the security operations center today is one of the most stressful jobs for a variety of reasons,” Rajagpalan said. “First, it’s very hard to find experienced cybersecurity professionals who can do threat investigation, so teams are always unskilled. Second is, the CISOs I talk to say [to us], ‘Do whatever you can to help our SOC team,’ because they’re just drowning under a flood of events, alerts and so on. We think with this Intelligent Assist we can dramatically reduce the volume of threats and alerts they have to handle. Also, they don’t have to become familiar with every type of malware or ransomware out there. That’s what the tool is for — they can look it up. Number three is how do I [a CISO] mitigate it [the problem], and this solution will help the security team.

“We think it’s going to be a tremendous help.”

Tuesday, VMware also announced performance improvements to its AVI Load Balancer to optimize load balancing for both VCF and Kubernetes environments. These enhancements focus on automation, resilience, and future-proofing operations.

One improves support for large-scale deployments and better secure sockets layer (SSL) performance, while another improves application resiliency, offering high availability with multi availability zone support.

SUBSCRIBE TO OUR NEWSLETTER

From our editors straight to your inbox

Get started by entering your email address below.

Original Post url: https://www.csoonline.com/article/3599085/vmwares-ai-query-tool-could-be-best-for-junior-threat-team-members-say-analysts.html

Category & Tags: Cloud Security, Data and Information Security – Cloud Security, Data and Information Security

Views: 2

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post