How MSSPs can leverage generative AI to boost their service offerings

By Edy Almer, Director Product Management for Threat Detection and Incident Response at Logpoint.

  • Sunday, 1st October 2023 Posted 1 year ago in by Phil Alsop

For many organisations, electing to use a Managed Security Services Provider (MSSPs) isn’t just about keeping costs in check by outsourcing the cybersecurity function. It provides additional benefits such as reducing complexity, assurance with regards to ongoing management and compliance, and the ability to benefit from technology that the team may not have the resources to invest in.

Generative Artificial Intelligence (AI) is now one of those technologies. Large Language Models (LLMs) such as Open AI’s ChatGPT, Google’s Bard and Microsoft’s Bing promise to revolutionise how we work. Trained on copious amounts of data, these models utilise Natural Language Processing (NLP), enabling them to rapidly respond to requests in a human like fashion at lightning speed.

How Gen AI can generate value

MSSPs can therefore harness AI to their advantage in a number of ways. They can use it to help fill the skills gap because the automation of certain routine processes will alleviate the pressure on its security analysts. The way generative AI functions using NLP paves the way for the possible democratisation of cybersecurity, which means those with lower skill sets could carry out roles that were previously the preserve of the security analyst. The MSSP could then use that spare capacity to dedicate more time to customer interactions or to scale their operations. But perhaps most excitingly, they can integrate generative AI with their current service offerings to enhance the product portfolio.

Doing this inhouse is, however, complex. The MSSP will need to look at building integrations between systems and the LLM which would require a data science team. It would need to train up its analysts on how to prompt systems effectively and would need fail safe policies to govern use as AI has been known to exhibit bias. For these reasons, it makes much more sense to look to vendors who have begun to integrate AI with their solutions. But where can AI really add value?

Time critical incident response is a prime candidate for AI integration. Technology such as Security Orchestration and Response (SOAR) that collects alert data from multiple systems is already using standard AI to prioritise threats, make recommendations and automate response using pre-configured playbooks, so why not add the ‘Ask Me Anything’ attributes of generative AI? Incorporating the responses into playbooks and use cases could provide real benefits in numerous use cases.

To start with, security solutions need to wade through copious amounts of data and in the event of a breach, the Security Operations Centre (SOC) team will need to digest that and supplement it with information from internet sources. Generative AI can significantly reduce this by consolidating data from multiple sources, internally and externally, to produce a two-to-three-page report from more than ten times that in hours rather than days.

Of course, such information will still require human verification, especially given that attack summary reporting is a legal requirement across much of Europe. But it is much less laborious for an analyst to review and approve the draft report before it is distributed rather than from scratch and as LLMs can only go by the existing information they are fed they are unlikely to produce inaccuracies within a closed context.

Shrinking MTTR

For the MSSP, a key priority is the Mean Time to Respond (MTTR) and their ability to effectively reassure their customers who want to know the implications of a breach and what they need to do as quickly as possible. Gathering together the evidence and reporting to customers inevitably leads to a longer MTTR. But, with SOAR and generative AI automating both, the MSSP can spend the time that was devoted to those tasks on analysis while at the same time driving down MTTR, making it a win-win.

The ability of generative AI to distil down information into an easily digestible format also lends itself to summarising reports. Generative AI can tackle lengthy compliance reports to produce succinct executive summaries that detail the main findings and remediation recommendations. These are then much more intelligible for the board and senior management, helping to aid decision making.

Furthermore, generative AI in combination with SOAR can also be used to develop awareness training. The AI can automatically generate phishing emails that are crafted to be much more realistic by including information obtained from online sources such as LinkedIn. The SOAR playbook extracts data from LinkedIn, enriches it with email addresses and connections from past logs, and sends the phishing email to select recipients, before then measuring how many click throughs are made and how many alerts the phishing response team receive.

It's still early days for generative AI with the technology in its infancy. Right now, MSSPs are experimenting with how they can use such integrations to extend the capabilities of automated solutions and nearly a quarter of C-suite executives are already using it, according to McKinsey survey, which found early adopters are already outpacing their competitors. So, for MSSPs that seize the initiative, the technology has the potential to drive down the time to respond, bring them closer to their customers, free up resource and see them grab market share.