Other than scanning huge amounts of data for potential threats, the technology comes in handy at sniffing out anomalies. By analyzing patterns and behaviors, GenAI can pinpoint suspicious activities, an ability well realized by Darktrace, a cybersecurity company that uses GenAI to understand normal network behavior and identify deviations.

“GenAI can efficiently handle many tasks typically performed by level-one security operations center (SOC) analysts,” Kashifuddin said. “This allows analysts to focus on more strategic approaches to cyber defense. GenAI can examine predefined detection rules used by SOC analysts, identify any gaps, and even discover new types of attacks that analysts may have missed. Additionally, GenAI can learn to recognize sophisticated spear-phishing attempts and detect patterns and anomalies that traditional signature-based detection systems might overlook.”

GenAI can also play a crucial role in automating incident response. Barros believes incident investigation and response activities are so far the most improved with GenAI. “During investigations, analysts receive and query multiple sources of information to get a clear picture of what is happening in their environment,” he said. “GenAI has been able to turn the data obtained from all those sources into a cohesive, easy-to-read, and understandable story, reducing the cognitive load on the analyst and speeding up the process of understanding the attack and its implications.”