AI is everywhere these days, and every industry is in a rush to harness it. While some sectors need more time to figure out how to do that effectively, one group has wasted no time devising clever ways to use AI to its advantage: hackers. Fortunately, methods of using AI for cybersecurity are also rapidly developing.
For managed service providers (MSPs)—especially those that offer security services—this is no doubt a relief. Being a security analyst can be a tough gig. It doesn’t take much scrolling through Reddit to find posts about how overwhelming it is dealing with endless streams of false positive alerts, never-ending threat hunts and the constant struggle to save employees from accidentally infecting their systems with malware.
Meanwhile, cybercriminals are using generative AI and large language models (LLMs) to write scripts to be used in cyberattacks, bypass security measures and evade detection by modern security tools, making it even more difficult for security teams to do their jobs. But again, just as AI can be leveraged offensively for cybercrime, so too can it be deployed defensively for cybersecurity.
How MSPs and MSSPs can use AI for cybersecurity
Leveraging AI for cybersecurity is taking off in a big way. In particular, the market for generative AI—which largely returns text, images or other data formats in response to prompts—is expected to exceed $40 billion by 2030 (MarketsandMarkets). As for how the technology is specifically used, in broad strokes security providers are using AI for cybersecurity to analyze and synthesize information from multiple sources; a few examples are covered below. In practice, this results in significant time and cost savings, not to mention a serious reduction of risk.
Threat hunting
Threat hunting requires substantial expertise and can occupy several hours of each individual security analyst’s time per day. With the help of AI, the time it takes to sift through data logs looking for suspicious activity can be seriously reduced. The level of knowledge required by the analyst conducting the hunt can also be less robust, which in turn can result in cost savings for MSPs who are already hard-pressed to find talent.
Investigation analysis
Outside of threat hunting, completing a full investigation for a given security incident or breach also takes lot of time for security teams to complete. Considering security providers are often managing cybersecurity for more than one client, the burden placed on analysts can grow exponentially. Using generative AI, however, analysts can submit queries that pull data from multiple sources simultaneously and transform findings into reports that are easy to understand and share. Further to this, security teams can then execute remediation activities that much faster, with AI outlining recommended courses of action.
Reporting to clients
With more efficient investigations and automated reporting capabilities, using AI for cybersecurity also makes it easier for providers to share results of those reports with their clients. Especially because generative AI has the power to transform findings and analyses into plain language, subsequent reports are ready to be communicated with clients almost instantaneously. Whereas without the use of AI an analyst would need to spend even more time putting the findings of an investigation into words that clients will be able to easily understand, this tedious task suddenly becomes a non-issue.
Put AI for cybersecurity to work with Purple AI
Available with a Complete platform package from SentinelOne, Purple AI puts the positives outlined above into action for MSPs and MSSPs. Currently the only solution built on a single platform, console and data lake, Purple AI acts as a force multiplier for security teams.
By translating natural language into complex queries, Purple AI empowers security analysts to search for threats, investigate security incidents and summarize findings at much higher velocity. Analysts can also execute relevant commands without nearly as much coding expertise, effectively increasing their proficiency. As a result, security service providers can decrease their mean time to detection and remediation (MTTD and MTTR), not only making client protection that much more efficient, but achieving greater client satisfaction as well.
Notable features and benefits
Using Purple AI, early adopters reported 80% faster threat hunting and investigations and 128% easier threat hunting. Key features that support these reviews include accelerating the overall threat hunting and investigation process, simplifying collaboration and information sharing between analysts in addition to providers and clients, and enhancing security teams’ ability to dig deeper into available data to proactively mitigate risk.
- Streamlined threat hunting and investigations: By bringing together threat intelligence across different security tools and combining it with contextual insights, Purple AI makes it possible to seek out and respond to suspicious activity using conversational language queries. Eliminating the need for complex coding and research, security teams can complete critical activities in record time.
- Auditable, shareable notebooks: Purple AI makes it extremely easy to share steps taken, insights gained and the findings of an investigation with shareable notebooks. In a survey of early adopters, 78% found this feature to be either very or extremely helpful.
- Quickstart queries and recommended follow ups: Purple AI gives users a multitude of options for starting and following up on threat hunting and remediation activities. This makes it easier than ever for analysts to launch investigations and study results on a deeper level.
Breaking down how Purple AI’s reference architecture works
Step by step, here’s how Purple AI takes a user’s query and returns a relevant response:
- User asks a question
- Purple AI searches for the question against its knowledgebase
- The search is enriched with additional data sources
- Purple AI prompts its LLM using information from the knowledgebase
- A query is executed against SentinelOne’s Singularity Data Lake based on LLM responses
- Purple AI passes the results of the query through another statistical model to identify any outliers
- Purple AI generates a summary of the results for the user
Types of quickstart queries in Purple AI
Here are some examples of suggested queries for starting an anomaly hunt in Purple AI:
- Find PowerShell connections to IPs outside of the US.
- Show users who have logged in from more than two different countries in the last week.
- Search for any users who ran ‘git clone’ commands more than one time in an hour.
- Have any of my employees copied more than 100 files to a USB drive?
- List all users that have accessed pastebin-like websites in the last week
Purple AI benefits for MSPs
The advantages of using Purple AI to speed up and simplify security operations are clear. Beyond this, there are also some definite upsides Purple AI can bring to an MSP practice.
First of all, being able to offer threat hunting to clients can create an additional revenue stream for MSPs. More than just monitoring a client’s environment for security threats and responding to them as they appear, threat hunting involves actively searching for potentially malicious activity that might otherwise go unnoticed for a lengthy period. While threat hunting takes considerable time and experience, Purple AI makes it easy enough that even an MSP with limited security resources can deliver results to clients.
Secondly, being able to lower operating costs means an MSP can improve its margins on a given service. The speed and efficiency that Purple AI brings to a security team realizes savings in both time and overhead in such a way that it enables MSPs to generate more revenue from their security offering.
Thirdly, leveraging innovative technology that can improve customer satisfaction with its effectiveness can ultimately increase customer stickiness in the long run. Retaining happy customers is, of course, much more valuable than acquiring new customers, so any opportunity for an MSP to keep clients happy and paying for services should be seen as worthwhile.
Want to give Purple AI a try? Become a Sherweb partner
Sherweb is committed to helping MSPs and MSSPs grow their business with market-leading solutions and value-added services. Available in Sherweb’s cloud marketplace, Purple AI can elevate your security offering by simplifying and accelerating security operations with contextual insights driven by natural language queries, significantly reducing the time and expertise required to carry out complex threat hunts and incident investigations.
