As the rapid rise of artificial intelligence (AI) presents transformative opportunities for organizations in all industries, robust security and risk mitigation remains critical to the resilience of business operations.
Amid recent developments in generative AI—a subset capable of creating predictive models and various forms of content (such as audio, text, images, code, simulations, and videos) in response to prompts—business leaders are increasingly focused on ensuring that cybersecurity and data privacy practices can keep pace with the rapid acceleration and adoption of this technology.
For cybersecurity programs and chief information security officers (CISOs), unlocking the capabilities of AI to enhance security practices must go hand-in-hand with understanding and protecting against ever-evolving threats, including attacks assisted by AI-driven large language models (LLMs).
According to Jesse Trucks, Global Security Strategist at Splunk, a leading security and observability provider, today’s security organizations require faster analytic capability to identify advanced and hidden threats. These capabilities include automated email and web-page attack analysis, security orchestration, automation, and response (SOAR) systems, advanced security information and event management practices (SIEMs) that can scale with business operations at wireline speed.
“All of these solutions that you need to implement, and all the reasons you want to implement them, have been around for a long time,” says Trucks. “But the speed and the volume at which we're getting attacked, even in small organizations, has increased, and so the need for rapid response and automation and better collaboration, coordination, and case management is more important than it used to be, to organizations of all sizes.”
In an upcoming ASUG webcast (Dec. 12; 10:00am–11:00am CST), Trucks will join Gabriele Fiata, Global Head of Cybersecurity Market Strategy, SAP, to discuss how Splunk and SAP can help organizations detect and protect against security breaches with Splunk® Security for SAP® solutions and SAP Enterprise Threat Detection. (Register for the webcast here; it’s included with ASUG membership.)
Risks and Benefits
With cybercriminals leveraging generative AI tools, such as chatbots, to write increasingly sophisticated and targeted business email compromise (BEC) and other kinds of phishing messages, Trucks warns that ransomware, spear phishing, and SMS phishing (or “smishing”) are among the threats he sees occurring at higher rates in terms of volume.
“All these threats are still out there,” he says. “However, they’re becoming harder to detect. Today, you need a system and infrastructure that can keep track of all the threats, traditional and advanced, that are happening at larger organizations all at once.”
Generative AI is giving cybercriminals an unprecedented, two-pronged advantage: the ability to develop evolutions of existing attacks more rapidly and to use LLMs to identify the most efficient routes past organizations’ cybersecurity and data privacy protections.
While AI can present security risks, it can also be leveraged to drive faster detection, investigation, and response at organizations. “If we understand the use cases where it’s effective, AI has the potential to help us and accelerate the work we’re doing in security,” says Trucks.
To that end, Splunk’s team is actively conducting research into AI use cases for security, empirically testing questions that it asks of generative-AI algorithms in relevant environments to determine how effective they are at producing accurate, actionable information.
A New Approach for SAP Security
Traditionally run behind firewalls in on-premises environments, SAP systems are now increasingly opening up as organizations pursue digital transformation, cloud migration, and integration between SAP and non-SAP systems via APIs.
According to Trucks, security for the SAP applications layer has historically been handled separately from other security monitoring and management. However, as the landscape transforms, security teams must adapt their defense dynamics, and there remains a strong need for enhanced visibility into SAP systems, given the vast amount of data that flows through the environment. This heightened awareness is crucial for security professionals to effectively safeguard SAP applications against evolving threats and ensure comprehensive defense measures are in place.
To help organizations mitigate business risks amid digital transformation by retrieving data from SAP systems more effectively, Splunk has also introduced Splunk Security for SAP® solutions, a collection of dashboards with pre-built customizable panels to visualize alerts generated by SAP Enterprise Threat Detection (ETD) software. To date, Splunk Security for SAP solutions is the only SAP Endorsed App on the SAP Store which natively integrates with SAP ETD.
“What this solution does is retrieve the data from alerts that SAP ETD creates, along with contextual information about what happened in the SAP environment to trigger the alert, and brings that into Splunk,” explains Trucks.
“Once you can bring SAP data into Splunk, security operations have access to SAP security relevant events for the first time,” he adds. “You gain visibility into this environment and can correlate anything that happens in that SAP environment with what’s happening in your other systems.”
To learn more about the scope of potential risks in sophisticated attacks, discover where SAP-related security attacks and their impact will likely happen within your organization, and learn how Splunk® Security for SAP® solutions help safeguard your organization by proactively identifying suspicious attacks, register to attend “Revolutionize Security with Splunk and SAP,” an ASUG webcast presented in partnership with Splunk (Dec. 12; 10:00am–11:00am CST).