Risk and reward – AI to catalyse a safer and more resilient digital world

By Splunk

Raen Lim, Group Vice President for Asia at Splunk, shares how AI can enhance detection, investigation and response across security and observability, and accelerate decision-making and value creation.

Artificial intelligence and machine learning can bring enormous value to security and observability, according to Raen Lim, Group Vice President for Asia at Splunk. Image: Canva

Artificial intelligence, or AI, will give cyber attackers an edge over cyber defenders. 

 

According to a recent report, this is the opinion of 70 per cent of chief information security officers (CISOs) who were surveyed in North America, Europe and the Asia-Pacific.  

 

Across sectors, CISOs coming from healthcare, manufacturing, and financial services expressed the most fear that generative AI would give an advantage to their cyber adversaries.  

 

These findings reflect the sentiment across the cybersecurity landscape that the risks posed by cyber attacks will be sharpened by the use of AI. On the flip side, AI will also be used to mitigate these risks, with a significant proportion of CISOs already primed to tap on AI for cyber defence, in areas such as malware analysis, workflow automation and risk scoring.  

 

More than 80 per cent of respondents said they would develop their own AI-based security solutions, utilise AI-based solutions from vendors, or alleviate skills gaps on their security teams through AI. More than 60 per cent of CISOs surveyed expect to implement AI for security within the next 12 months. 

 

Raen Lim, the Group Vice President for Asia at Splunk, a cybersecurity and observability platform provider, tells GovInsider how the firm embraces AI to help its clients address not just technical, but also strategic, challenges to ultimately create more value. 

Driving digital resilience with AI 

 

For modern enterprises, AI brings about both new threats and opportunities. There are now more threat actors than ever before as AI continues to lower the barriers to entry for new people to conduct novel attacks.


Splunk believes that the benefits of AI far outweigh the downsides,” says Lim. Image: Splunk

Adversarial attacks, data poisoning and model theft are examples of how AI is expanding the attack surface of organisations. Beyond that, sending data to third-party AI providers can raise compliance and privacy concerns. 

 

At the same time, AI can be a boon to security operations, IT operations, and engineering teams, as it can help to detect important events by mining data to better surface unusual events and signals. It can also provide context and situational awareness with intelligent event summarisation and interpretation. 

 

“We see [AI] as a catalyst for driving digital resilience – a way to accelerate human decision-making in service of incident detection, investigation and response,” says Lim. 

 

“AI and machine learning, or ML, bring enormous value to security and observability … and empower organisations to focus attention where it’s most needed.” 

 

By freeing users from basic tasks and allowing them to focus on higher-value initiatives, AI can increase firms’ productivity and efficiency dramatically. 

Integrating AI into workflows 

 

To help users integrate AI into their daily workflows, Splunk recently announced a collection of new AI-powered offerings known as Splunk AI to support the Splunk data platform. 

 

These offerings, which include the Splunk AI Assistant generative AI application, aim to provide domain-specific security and observability insights to accelerate detection, investigation and response while ensuring users remain in control of how AI utilises their data. 

 

For instance, the Splunk AI Assistant uses generative AI to provide an interactive chat experience that enables users to learn how to use the Splunk Processing Language (SPL). Users can ask the chatbot, in plain English, to write or explain customised SPL queries to increase their Splunk knowledge. 

 

“This improves time-to-value and helps make SPL more accessible, further democratising an organisation’s access to, and insights from, its data,” says Lim, who adds that Splunk has been embracing AI as a discipline since 2015, as embedded product capabilities and customisable ML tools. 

 

Its approach to AI has been driven by three key principles, including customising AI capabilities to be domain-specific, enabling “human-in-the-loop” AI-assisted decision-making, and allowing the Splunk platform to be open and extensible for users, hence enabling flexible solutions. 

 

This approach, Lim believes, will benefit CISOs as they survey the cyber landscape ahead, and also serve government agencies well in their digital transformation efforts. 

 

“We believe the benefits of AI far outweigh the downsides and will continue to focus on taking our trusted AI capabilities even further,” says Lim. “We want these capabilities in our products to ultimately serve as the catalyst that helps your organisations become more digitally resilient. 

 

“All of these capabilities are in service of our ultimate goal – to build a safer and more resilient digital world.”  

 

Join Splunk at GovWare 2023! Visit Booth P22 for a demonstration of industry use cases and to find out more about Splunk Platform and Splunk AI.