SUMMARY
NGS is made up of a diverse set of cybersecurity engineers, each of whom specialize in different domains of knowledge. ChatGPT's arrival as a common, no/low-cost solution that can enable additional automation and orchestration approaches. So, while ChatGPT can provide an amazing way to quickly train up new cybersecurity professionals, there are some limitations and constraints that we at New Genesis Solutions have encountered. Short version? We’re definitely using ChatGPT (and other AI solutions).
Enhancing more consistent analysis for cyber security analysts during incident investigations
What if you could both train new Cybersecurity SOC analyst and ensure that the investigation activities are all performed? While training is a hot-button issue within the cybersecurity industry, being able to prevent mistakes due to tiredness or burn-out by establishing a standard approach is crucial to a cybersecurity programs success.
To explain our perspective, NGS was founded as a cloud-first organization. We don’t have a corporate office as we’re all remote and we don’t have any on-prem servers. As a company, we've found that the Microsoft Azure ecosystem provides a cohesive and mature set of cybersecurity tools. While this requires the highest costs (M365 E5 licensing for all accounts) Defender ATP, Sentinel, and Power-Automate are amazing solutions.
We already had our sentinel instance established before we started playing with ChatGPT. One of our use-cases for ChatGPT was that once an alert is configured and triggered, a playbook was then configured that would send the description of the alert to ChatGPT to outline the investigation steps that should be investigated by a SOC analyst, then post the results back to the Microsoft Sentinel ticket. Additionally, ChatGPT would create a sample KQL query to help the analyst to perform additional internal investigation steps.
While there is a small cost for configuring API integration with Microsoft Sentinel, within NGS at our current size (10 people), the cost is only around $2.25 per month. This value has a compounding effect as we grow since we'll need to continue critical cybersecurity monitoring and response without it being expensive
Refining organizational policies to ensure best-practices have been applied
Creating policies using ChatGPT is an amazing and easy process. Within NGS we've helped multiple clients either build or refine their security policies as part of audit preparation or cybersecurity program development. Previously, working through policies was an arduous process that took hours without distraction and a healthy amount of caffeine.
As an analogy of this process, I was recently helping a client refine their Acceptable Use policy by establishing a standard that focused on the ethics and use of chat/conferencing tools. They wanted to ensure that all employees understood that their conversations were being monitored and they should act responsibly in all situations. While simple at first, we also wanted to include statements around privacy and technical considerations around the tools they use.
Once the standard was created, I of course modified the language to better match the client's existing language and formatting. As a reminder, we have never, nor will ever, take anything directly from the internet and copy it as our own work product. The value of ChatGPT is that it can quickly help you establish a foundation for policies which you can enrich to meet any final state.
Ability to leverage deep levels of analysis to soundboard more mature solutions
The last area that we've found value within ChatGPT is perhaps the most overlooked. Imagine you're working on a very complex project. Let's say that this project requires in-depth analysis, and you'll need to create an approach plan. However, you don't have another person on your team who has the same level of exposure and/or experience on the project (Read: likely due to budget reasons). These types of projects are a struggle because it's difficult for a single person to consider different constraints or potential solutions.
With ChatGPT, you can have someone to argue with, or propose different solutions for you to consider. It can even create simple project plans that outline an effective approach. As someone from a technical background, it can even help to explain messaging more simply to non-technical or executive leaders. The best part of allowing ChatGPT to help facilitate complex solutions are the situations where you can disagree with the proposed solution.
NEGATIVE ASSUMPTIONS
ChatGPT (and other AI systems) can provide a strong value across numerous different industries. However, any analysis or solutions created by AI systems MUST validated by technical and qualified analyst to ensure that the answers provided by AI are appropriate
No sensitive data should ever be submitted to AI open-source systems
ChatGPT (and other AI systems) are currently limited to the frame of time/data when the system was loaded. There are ways to improve it to contain more present-day knowledge, but you should understand the constraints of the data that's been loaded.
POSITIVE ASSUMPTIONS
ChatGPT (and other AI systems) can help establish initial baselines and foundations for all types of projects
ChatGPT (and other AI systems) can provide a reliable way to soundboard and refine solutions
ChatGPT (and other AI systems) can be pre-loaded with additional files and data to provide deeper analysis
ChatGPT Queries
Below are some of the queries that we've used in ChatGPT which might be helpful.
"Create an email that informs the organization about SMS phishing attacks and how the organization should respond to them"
"Include potential smishing attacks that involve asking users to buy gift cards"
"Please create an organizational policy around the acceptable uses for using Microsoft Teams and other conferencing applications within a workplace"
"Can you include more technical steps or 'how tos' in that policy?"
"Can you also include an emphasis on prohibiting harassment of any kind?"
"Create a set of instructions for how users can use Microsoft Teams"
"Please analyze these vulnerabilities and identify the root-cause gap in administrative processes that need to be address for these vulnerabilities to be addressed"
"Refine the statements to include more technical statements to address configuration changes within active directory that need to be modified"
Comments