Security vendors continue to integrate artificial intelligence (AI) capabilities into their platforms, with the latest being Lacework.
Lacework has introduced a capability called “AI Assist” into its Cloud Native Application Protection Platform (CNAPP). AI Assist is a response to how triaging, investigating, and responding to alerts can be an exhausting task for security analysts and practitioners, especially in dynamic cloud environments where configurations and permissions are constantly changing.
In this analysis, I’ll cover Lacework’s AI Assist and the value it can bring for security practitioners and organizations. This feature builds on Lacework’s deep expertise and background in AI and machine learning (ML), coupled with its experience building a leading cloud-native security platform with context-rich data analysis.
Personalized Recommendations
The Lacework AI Assist capability delivers personalized recommendations based on an individual’s role within the organization, permissions, and perspective. This means recommendations can be trained on data from previous activities as well as contextual information derived from the environment and workloads the individual is governing and securing.
Natural Language Interactions
AI Assist can be interacted with via natural language processing, using plain language from the most basic terms and concepts to more advanced technical concepts and nuance. This makes it a force multiplier for junior workforce members still up-leveling their cloud-native security expertise, as well as seasoned cloud security engineers looking to accelerate their daily tasks and save time and focus on more critical tasks.
Expedited Remediation and Resolution
When it comes to vulnerability and incident resolution, time is of the essence. The longer it takes to resolve an incident, the more damage an attacker can do. The longer a vulnerability goes unremediated, the broader the attack window is for it to be exploited. AI Assist allows practitioners to get context-rich recommendations on how to resolve a vulnerability and mitigate risk in a timely fashion.
AI Assist also lets practitioners generate detailed Infrastructure-as-Code (IaC) templates or make nuanced cloud configuration changes to resolve vulnerabilities and misconfiguration. It can be time-consuming to manually write complex IaC templates such as Terraform or cloud service provider (CSP)-specific templates such as AWS Cloudformation.
Practitioners instead can leverage AI Assist to quickly spin up an IaC template to provision a new environment or change configurations that may be exposing sensitive data or not following security best practices. These templates streamline activities, allowing security practitioners to quickly deploy IaC changes and modify configurations such as exposed data buckets or overpermissioned identities and workloads.
Alert Fatigue and Workforce Woes
It can take a tremendous amount of time to sift through the endless alerts that are generated from the dozens of security tools most organizations are using, trying to determine what is actually critical and poses risk to the organization versus what is a false positive or noncritical finding. Lacework AI Assist expedites this by quickly explaining to practitioners why an alert matters and, subsequently, what can be done to resolve it.
This is even more important when we recognize the pervasive workforce challenges in the cybersecurity industry; sources such as ISC2 cite up to a 3.5 million person shortfall for qualified cybersecurity professionals. Utilizing platforms such as Laceworks AI Assist, resource and time-constrained organizations can amplify the impact of their cybersecurity workforce by leveraging AI-enabled and automation-driven capabilities.
Ask Cloud Wars AI Agent about this analysis
It’s often quipped that AI is going to take away jobs, and the common retort is that it won’t, but someone using AI will. In this case, individuals and organizations using AI will simply have superior incident response, vulnerability management, and risk reduction capabilities when compared to peers who are still doing things manually and not taking advantage of AI capabilities being provided by cybersecurity vendors such as Lacework.
In a world where the defenders need to be right all of the time and attackers only need to be right once, we must lean into evolving technologies such as AI to accelerate and amplify our cybersecurity capabilities and bolster organizational defenses.
